Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome and IE immediately hang ("not responding")


  • This topic is locked This topic is locked
25 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 18 February 2017 - 02:11 AM

Greetings.

 

All of a sudden both Chrome (my primary browser) and IE immediately HANG upon launch, with a "Not Responding" error.  You can use TaskMan to kill them but it's impossible to successfully browse or put in any address with either one after launching.

 

Thanks for your help.

 

Here is the FRST Log

===================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-02-2017
Ran by glindholm (administrator) on GEORGE (17-02-2017 21:56:10)
Running from C:\Users\glindholm\Desktop\Spyware Removal
Loaded Profiles: UpdatusUser & glindholm (Available Profiles: UpdatusUser & glindholm)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Intel Corporation) C:\Windows\Temp\irstrtsv\scrncap.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel) C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\2.3.253.0\McCSPServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MSGSDK\msgrunner.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-18] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3760456 2013-08-23] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [22982848 2016-12-28] (Microsoft Corporation)
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27021952 2016-10-17] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2015-12-07] (SoftThinks SAS)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-03-01]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-02-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{8073BF97-9E08-44F4-A609-904BFF37B9B0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EDB4DB6E-51D1-4348-A2E6-823041329CF0}: [DhcpNameServer] 172.41.1.171
 
Internet Explorer:
==================
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
URLSearchHook: [S-1-5-21-2672694475-1104710551-137592349-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> DefaultScope {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL = 
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-02-06] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-12-21] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-12-21] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-02-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-02-12] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-12-21] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2672694475-1104710551-137592349-1002: @citrixonline.com/appdetectorplugin -> C:\Users\glindholm\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-16] (Citrix Online)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://trello.com/b/2FeZkYLn/george-s-stuff"
CHR Profile: C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default [2017-02-17]
CHR Extension: (Google Slides) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-10-14]
CHR Extension: (Google Docs) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-10-14]
CHR Extension: (Google Drive) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-14]
CHR Extension: (YouTube) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-14]
CHR Extension: (Adobe Acrobat) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-03]
CHR Extension: (Google Sheets) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-10-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-12-06]
CHR Extension: (Google Docs Offline) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-15]
CHR Extension: (Plus for Trello (time track, reports, scrum)) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjjpophepkbhejnglcmkdnncmaanojkf [2017-02-05]
CHR Extension: (Pomodoro Timer) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfgjlgjnpkpmnpojkkpfkogapiclopop [2017-01-10]
CHR Extension: (Elegantt for Trello) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdongfcbejkjibhkbekkjcckophhjcjj [2017-02-12]
CHR Extension: (Cisco WebEx Extension) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-01-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2016-12-21]
CHR Extension: (Gmail) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1701840 2016-12-08] (Intel Security)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-03] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-03] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-11] (Intel Corporation)
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [783264 2013-09-08] (Intel Corporation)
R2 ISCTAgent; c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-10-03] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188352 2017-02-06] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [989632 2017-01-18] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-24] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.3.253.0\\McCSPServiceHost.exe [2053568 2016-11-16] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [1342904 2016-12-15] (McAfee, Inc.)
S2 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241040 2016-11-14] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [383032 2016-11-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [342768 2016-11-14] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2016-12-09] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-23] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-18] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1104304 2016-11-15] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe [2065808 2016-01-04] (SoftThinks SAS)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-23] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88456 2016-11-18] (McAfee, Inc.)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-10] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [20192 2013-09-08] (Intel Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-07] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [484576 2016-11-18] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [366320 2016-11-18] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85048 2016-11-18] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [518184 2016-11-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [916432 2016-11-18] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [498152 2016-10-24] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109336 2016-10-24] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110248 2016-11-18] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [254800 2016-11-18] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [444632 2013-10-18] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-05] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [83456 2013-08-06] (STMicroelectronics)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 21:55 - 2017-02-17 21:56 - 00000000 ____D C:\FRST
2017-02-17 21:52 - 2017-02-17 21:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-02-17 21:43 - 2017-02-17 21:56 - 00000000 ____D C:\Users\glindholm\Desktop\Spyware Removal
2017-02-17 09:42 - 2017-02-17 19:07 - 00002464 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-17 09:42 - 2017-02-17 09:42 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-17 09:41 - 2017-02-17 09:41 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-17 09:41 - 2017-02-17 09:41 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-17 09:23 - 2017-02-17 18:21 - 00003860 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-02-15 13:22 - 2017-02-17 19:05 - 03127808 _____ C:\Users\glindholm\Desktop\2017_FantasyRundown.com_Prospect_Spreadsheet_02.13.17.xls
2017-02-12 22:55 - 2017-02-12 23:07 - 00000000 ____D C:\Users\glindholm\AppData\Local\TempOfficeC2R86386A21-30A4-44C8-B1F1-58799BBD3679
2017-02-08 12:36 - 2017-02-08 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 20:38 - 2017-02-06 20:38 - 00046400 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-02-06 20:38 - 2017-02-06 20:38 - 00046192 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-02-06 14:50 - 2017-02-06 14:50 - 00060736 _____ C:\Users\glindholm\Downloads\Without Love.pdf
2017-02-06 14:50 - 2017-02-06 14:50 - 00060736 _____ C:\Users\glindholm\Downloads\Without Love (2).pdf
2017-02-06 14:50 - 2017-02-06 14:50 - 00060736 _____ C:\Users\glindholm\Downloads\Without Love (1).pdf
2017-02-06 11:29 - 2017-02-06 11:29 - 00000978 _____ C:\Users\glindholm\Desktop\join.me.lnk
2017-02-06 09:02 - 2017-02-06 09:02 - 03638916 _____ C:\Users\glindholm\Desktop\CT Wireless Communications Update  SC 2.1.17.pptx
2017-02-03 22:30 - 2017-02-03 22:30 - 00595529 _____ C:\Users\glindholm\Desktop\Your E-Tickets.pdf
2017-01-28 12:40 - 2017-01-28 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-28 12:39 - 2017-01-28 12:40 - 00000000 ____D C:\Program Files\iTunes
2017-01-28 12:39 - 2017-01-28 12:39 - 00000000 ____D C:\Program Files\iPod
2017-01-27 11:40 - 2017-01-27 11:40 - 00018167 _____ C:\Users\glindholm\Desktop\Book1.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-17 21:57 - 2014-03-01 01:18 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-02-17 21:54 - 2016-10-14 14:14 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2672694475-1104710551-137592349-1002
2017-02-17 21:53 - 2014-03-01 00:56 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-17 21:53 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
2017-02-17 21:51 - 2014-03-01 01:13 - 00003282 _____ C:\Windows\System32\Tasks\Intel® Rapid Start Technology Manager
2017-02-17 21:50 - 2016-11-03 23:14 - 00000000 ___RD C:\Users\glindholm\Dropbox
2017-02-17 21:50 - 2016-10-21 17:10 - 00000000 ____D C:\Users\glindholm\AppData\Roaming\Skype
2017-02-17 21:49 - 2016-11-03 23:10 - 00000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-17 21:49 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-17 21:47 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-02-17 21:27 - 2016-11-03 23:10 - 00000928 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-17 21:18 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
2017-02-17 20:36 - 2016-10-14 20:47 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{52F6B4B6-50DB-458E-ACC5-78E49C370D09}
2017-02-17 17:27 - 2017-01-17 21:04 - 00763521 _____ C:\Users\glindholm\Desktop\16Hit.xlsx
2017-02-17 09:42 - 2016-10-14 20:48 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-17 09:41 - 2016-10-14 20:47 - 00000000 ____D C:\Users\glindholm\AppData\Local\Deployment
2017-02-15 13:24 - 2016-10-14 14:08 - 00000000 ____D C:\Users\glindholm\AppData\Local\Packages
2017-02-12 21:06 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\LiveKernelReports
2017-02-12 20:04 - 2014-03-01 01:16 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-12 19:39 - 2013-08-22 05:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2017-02-12 18:55 - 2014-03-01 01:16 - 00000000 ____D C:\ProgramData\McAfee
2017-02-09 16:51 - 2014-03-01 01:16 - 00000000 ____D C:\Program Files\Common Files\mcafee
2017-02-09 16:50 - 2013-08-22 07:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2017-02-09 16:49 - 2016-10-14 22:27 - 00003068 _____ C:\Windows\System32\Tasks\McAfeeLogon
2017-02-09 16:49 - 2016-10-14 22:27 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2017-02-08 12:36 - 2016-11-03 23:10 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-06 11:29 - 2016-10-22 09:40 - 00000986 _____ C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2017-02-06 11:29 - 2016-10-22 08:00 - 00000000 ____D C:\Users\glindholm\AppData\Local\join.me
2017-02-06 08:39 - 2016-10-14 22:21 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2017-02-04 05:46 - 2013-08-22 07:20 - 00000000 ____D C:\Windows\CbsTemp
2017-01-29 21:42 - 2016-10-15 21:29 - 00000000 ____D C:\Users\glindholm\Documents\Fitness
2017-01-28 13:24 - 2013-08-22 07:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-28 13:20 - 2014-03-01 01:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-28 12:39 - 2016-10-15 13:51 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-21 07:57 - 2016-12-14 23:26 - 00003176 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-21 07:57 - 2016-10-19 15:40 - 00002312 _____ C:\Users\glindholm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-21 07:57 - 2016-10-18 06:29 - 00003184 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2672694475-1104710551-137592349-1002
2017-01-20 14:44 - 2016-10-17 18:05 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2014-03-01 00:43 - 2014-03-01 00:43 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-17 12:13
 
==================== End of FRST.txt ============================
 
 
Addition.txt Log
=========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2017
Ran by glindholm (17-02-2017 21:59:18)
Running from C:\Users\glindholm\Desktop\Spyware Removal
Windows 8.1 (Update) (X64) (2016-10-14 22:08:50)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2672694475-1104710551-137592349-500 - Administrator - Disabled)
glindholm (S-1-5-21-2672694475-1104710551-137592349-1002 - Administrator - Enabled) => C:\Users\glindholm
Guest (S-1-5-21-2672694475-1104710551-137592349-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-2672694475-1104710551-137592349-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon) <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.9.2.8 - Dell Inc.)
Dell Custom Help (Version: 16.05.1000.0264 - Intel Corporation) Hidden
Dell Digital Delivery (HKLM-x32\...\{03A9F528-A754-460F-B2C1-AC125A147114}) (Version: 2.8.5000.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.16.1 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 17.0.13.0 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{713A4123-9417-4FF7-AC14-F000D6C0C7AD}) (Version: 0.9.1115.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 19.4.13 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}) (Version: 3.0.0.1056 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{23737445-A5AB-4238-92E2-9EE665523D3D}) (Version: 4.2.41.2549 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f782ff3b-2729-43d2-973c-8de9d966ab4f}) (Version: 16.5.1 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
join.me (HKU\S-1-5-21-2672694475-1104710551-137592349-1002\...\JoinMe) (Version: 3.1.0.4356 - LogMeIn, Inc.)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 14.0.3061 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.228 - McAfee, Inc.)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2672694475-1104710551-137592349-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6299.48 - PC-Doctor, Inc.)
NVIDIA GeForce Experience 1.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.9 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.15 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.34 - NVIDIA Corporation) Hidden
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0046 - ST Microelectronics)
UltraEdit (HKLM\...\{AFFE5F64-3248-41E9-96AE-8B475F6EFAB3}) (Version: 23.20.0.43 - IDM Computer Solutions, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2672694475-1104710551-137592349-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\glindholm\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2672694475-1104710551-137592349-1002_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04F10F28-6FB8-493E-925F-D260F9FB42D4} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {0E2A0400-CC29-4DD3-917E-0DD97C70CD06} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {1EB97C83-1A84-45CD-AB19-5B86584ABB91} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {27B0E9EF-6B8A-49D5-A588-7DED3EB74512} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {324F213A-68E7-4C0F-88BA-CFE117AE35D2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-08-21] (PC-Doctor, Inc.)
Task: {380CD4B9-D949-46EB-AA79-1E5F3FBAD5C7} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {3A6B039F-D1AE-4D2E-AC37-612B1245E793} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {3A8A9796-0343-4FFE-93C6-B055B8DD22E2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {3AA7B94D-301E-44FA-97A2-66A232858762} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {5120634A-76A3-471A-8A76-920DFE6068E9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {60F283EE-AB5E-4E66-B28D-49754E19A0DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-17] (Google Inc.)
Task: {827440DD-FBA5-4F1C-BD5C-F06D374FAB48} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {A18BB10C-5BF7-411D-9EBC-241EE65150FD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-03] (Dropbox, Inc.)
Task: {AE951F39-2C64-42A8-B2D5-6C2B68F86629} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-17] (Google Inc.)
Task: {BA25928D-B9DE-4D44-A3BF-EF24A57BB5AC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {C23C87F7-D113-43BD-AE12-C7AFF2DB9627} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2016-12-09] (McAfee, Inc.)
Task: {CF7FD9C3-AA26-43BF-AC5B-0D3CB154CA87} - System32\Tasks\PocketCloudUpdater => C:\Program 
Task: {D063307F-A06F-44F9-B739-98F5BC277BCD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-12-15] (McAfee, Inc.)
Task: {D2D7B8AA-B61D-4A0E-87B5-75825D7BD045} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-03] (Dropbox, Inc.)
Task: {DA5AE72F-2E0C-4FBE-9E50-8E9A037F72E0} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {DDCA63DC-5F38-413D-B03B-2C652A6C01C7} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {E299BCFC-0DEE-443A-967C-75BE9BD425C2} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2013-09-08] (Intel)
Task: {E6E416C6-11A4-4E0D-8B44-CDB926A76A75} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-09-05] (Synaptics Incorporated)
Task: {F36B3418-0F47-4EDB-A7BF-E9574B4D7863} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F6B2BCA6-396E-4F58-92B5-1E76DC3AB447} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-12-28] (Microsoft Corporation)
Task: {F8B12E13-B45B-4233-A2C0-2B2B4F4C3AB7} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-09] (McAfee, Inc.)
Task: {FF72D2C3-0CFD-490A-8B23-BA62B404603A} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => c:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-extensions --user-data-dir=%TEMP%\chrome
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-03-01 01:09 - 2013-10-23 17:00 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-03-01 01:10 - 2013-10-23 00:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-03 18:30 - 2013-10-03 18:30 - 00198120 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-10-03 18:30 - 2013-10-03 18:30 - 00054760 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-10-03 18:30 - 2013-10-03 18:30 - 00034792 _____ () c:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2013-08-22 11:40 - 2013-08-22 11:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 11:40 - 2013-08-22 11:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 11:40 - 2013-08-22 11:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2016-10-18 06:26 - 2016-12-28 09:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-10 07:52 - 2016-11-10 20:20 - 00147968 _____ () C:\Program Files\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2016-10-18 06:25 - 2016-10-18 06:25 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll
2014-03-01 01:09 - 2013-10-23 17:00 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2016-10-18 06:25 - 2016-12-28 15:02 - 00039616 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll
2017-02-08 12:36 - 2017-02-06 20:48 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2016-11-03 23:11 - 2017-01-13 15:53 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-11-03 23:11 - 2017-01-13 15:53 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-11-03 23:11 - 2017-01-13 15:53 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-11-03 23:11 - 2017-01-13 15:53 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-11-03 23:11 - 2017-01-13 15:54 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-02-08 12:36 - 2017-01-13 15:53 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-02-08 12:36 - 2017-01-13 15:54 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-02-08 12:36 - 2017-01-13 15:53 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-11-03 23:11 - 2017-01-13 15:56 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-02-08 12:36 - 2017-01-13 15:53 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-02-08 12:36 - 2017-01-13 15:56 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-11-03 23:11 - 2017-01-13 15:56 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-11-03 23:11 - 2017-01-13 15:56 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-11-03 23:11 - 2017-01-13 15:56 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-11-03 23:11 - 2017-01-13 15:56 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-11-03 23:11 - 2017-01-13 15:56 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-11-03 23:11 - 2017-01-13 15:55 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-11-03 23:11 - 2017-01-13 15:54 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-01-23 18:04 - 2017-02-06 20:50 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-01-23 18:04 - 2017-02-06 20:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 18:04 - 2017-02-06 20:50 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 18:04 - 2017-02-06 20:50 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-02-08 12:36 - 2017-01-13 15:51 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-02-08 12:36 - 2017-02-06 20:50 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-02-08 12:36 - 2017-01-13 16:02 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-02-08 12:36 - 2017-01-13 16:02 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-02-08 12:36 - 2017-02-06 20:50 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-11-03 23:11 - 2017-01-13 15:57 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-11-03 23:11 - 2017-02-06 20:50 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-02-08 12:36 - 2017-02-06 20:50 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2014-03-01 01:05 - 2013-09-03 16:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-05 09:17 - 2015-12-18 15:52 - 01607920 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-03-01 01:19 - 2012-11-25 22:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2016-01-05 09:17 - 2014-02-18 12:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win LTBLUE 1920x1200.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{40215237-C72C-4B69-9A77-81200AA6B3C1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3A3E2894-3BFF-4B4E-8460-D1B124D74B15}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A60BE823-E7A2-4CBA-AE4F-E89E147B7765}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{31D0D0F0-6650-4D76-979A-33E780C7B03C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C5FC9AC7-8C9B-4872-BE05-B4FA1FD99AEB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{208C23D9-5FF8-4DDE-AF10-AABA02631DB2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{947311FA-70C6-41CA-A9B3-6B3A3E0587AC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B1E7F2B9-966C-418A-A4DE-82556626F65F}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{157D4C18-9C12-47B7-842E-B0D48C77F455}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{0B174174-33CE-4D66-A11E-59C220218BE0}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{A2E919E2-2788-4851-9147-7D5F7D6047FE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{03804DED-AC85-4EE3-BD2D-91EC33E655D3}] => (Allow) LPort=2869
FirewallRules: [{9DBA25DF-DBDF-486D-A025-80E793ECC961}] => (Allow) LPort=1900
FirewallRules: [{79967C4C-C854-4403-97CC-1AABB6FEC1D7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F6295AC2-7CAF-4830-8E77-2475FF7B2C2B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3AF9DA1D-9AC4-4C12-9735-10C469DE4F45}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{9F459EEE-269F-46A7-BD5A-89620956D453}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{242C6963-0375-431B-9624-ECD7943D5EAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2E807D63-1032-4258-B047-031AC14ADF23}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ACE505A9-4A53-4CA3-91F0-1F28F38652BA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{86A1A8D8-1065-4296-9401-7B4F74E8D8C2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{24CA69FC-BD02-4D35-BFE3-471D9D2A1A46}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0499F4BD-2770-4D8F-B287-A3931471B196}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D329BE77-6207-4013-8FAD-8FDABE5A4C8C}] => (Allow) C:\Users\glindholm\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{57BBDB1F-64E4-4F97-8311-E2D9ECDCDE4C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F9F2524E-1BBA-4F56-97AF-967AD14C626F}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{643B3CE6-F4C9-4387-B53E-7DFA49F11F08}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{F5954A83-8F3D-49EE-B9E4-81526183A446}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{44DD1B8B-DC6A-4268-B4D4-810CDFCB8FC2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{50A55421-3FF8-4A6F-9B0A-52D8A595FEA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-02-2017 18:50:38 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2017 09:54:53 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/17/2017 09:49:07 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/17/2017 09:46:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.3.9600.18460 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11ac
 
Start Time: 01d289445c1dd7fd
 
Termination Time: 4294967295
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 75e38afb-f59d-11e6-8267-fcf8aeb32530
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/17/2017 08:48:44 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {C134192B-5B60-4069-8310-BFFC2992E8C8}
 
Error: (02/17/2017 05:09:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1a08
 
Start Time: 01d28982a940d844
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: f1695578-f575-11e6-8267-fcf8aeb32530
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/17/2017 11:19:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 56.0.2924.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1828
 
Start Time: 01d289452dd0f57d
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 67be31c5-f545-11e6-8267-fcf8aeb32530
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/17/2017 09:35:42 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (02/17/2017 09:31:42 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (02/17/2017 09:30:22 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2007) (User: NT AUTHORITY)
Description: There was an error communicating to the Orion inference server
 
Error: (02/16/2017 03:52:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvstreamsvc.exe, version: 1.6.34.0, time stamp: 0x52608801
Faulting module name: KERNELBASE.dll, version: 6.3.9600.18438, time stamp: 0x57ae642e
Exception code: 0xc0000142
Fault offset: 0x00000000000ecdd0
Faulting process id: 0x2108
Faulting application start time: 0x01d288afbbee4c7c
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
Faulting module path: KERNELBASE.dll
Report Id: f9a6c4dd-f4a2-11e6-8266-fcf8aeb32530
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/17/2017 09:49:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (02/17/2017 12:14:35 PM) (Source: DCOM) (EventID: 10010) (User: GEORGE)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.
 
Error: (02/17/2017 12:14:05 PM) (Source: DCOM) (EventID: 10010) (User: GEORGE)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.
 
Error: (02/17/2017 10:41:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
Incorrect function.
 
Error: (02/17/2017 09:35:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error: 
The executable program that this service is configured to run in does not implement the service.
 
Error: (02/17/2017 09:34:26 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
 
Error: (02/17/2017 09:33:53 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.
 
Error: (02/17/2017 09:33:13 AM) (Source: DCOM) (EventID: 10010) (User: GEORGE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (02/17/2017 09:33:13 AM) (Source: DCOM) (EventID: 10010) (User: GEORGE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
Error: (02/16/2017 03:52:34 PM) (Source: DCOM) (EventID: 10010) (User: GEORGE)
Description: The server {4545DEA0-2DFC-4906-A728-6D986BA399A9} did not register with DCOM within the required timeout.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 15%
Total physical RAM: 16282.57 MB
Available physical RAM: 13749.24 MB
Total Virtual: 18714.57 MB
Available Virtual: 16246.22 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:914.24 GB) (Free:404.7 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:445.48 GB) NTFS
Drive w: (WINRETOOLS) (Fixed) (Total:0.48 GB) (Free:0.2 GB) NTFS
Drive x: (PBR Image) (Fixed) (Total:8.14 GB) (Free:0.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BA128B5B)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 20 February 2017 - 05:28 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello art_vandelay,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing your logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 20 February 2017 - 12:10 PM

Hello art_vandelay,

 

 

Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

Adwcleaner


  • Please download AdwCleaner to your Desktop.
  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Clean at this point

Let's run a search using FRST..

 

  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... SearchReg.txt
  • Please post it in your next reply.



-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • Adwcleaner log
  • SearchReg.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 21 February 2017 - 02:26 PM

Greetings.

 

1.  When the registry backup ran it did report an error.

2. pasted the AdwCleaner log

3. pasted the SearchReg log.

 

Thanks for your help!!!

 

# AdwCleaner v6.043 - Logfile created 21/02/2017 at 11:10:07
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-20.3 [Server]
# Operating System : Windows 8.1  (X64)
# Username : glindholm - GEORGE
# Running from : C:\Users\glindholm\Desktop\Spyware Removal\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.GatewayFactory
Key Found:  [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GatewayFactory
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2984 Bytes] - [21/02/2017 11:10:07]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3057 Bytes] ##########
 
Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by glindholm (21-02-2017 11:22:20)
Running from C:\Users\glindholm\Desktop\Spyware Removal
Boot Mode: Normal
 
================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========
 
 
===================== Search result for "babylon" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
 
 
===================== Search result for "Searchqu" ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9f41624-2083-45cd-ac36-af8119a22a41}]
""="CLocationSearchQuery"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
""="IUccUserSearchQuery"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{54562FBC-5A84-4461-8BC9-590737E5DE13}]
""="IUccUserSearchQueryEvent"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Wow6432Node\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
""="_IUccUserSearchQueryEvents"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
 
[HKEY_USERS\S-1-5-21-2672694475-1104710551-137592349-1002\Software\Classes\ActivatableClasses\CLSID\{2D611D59-24EA-5DC1-A7E1-B6AA902C70C9}]
"ActivatableClassId"="AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery"
 
[HKEY_USERS\S-1-5-21-2672694475-1104710551-137592349-1002\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe\ActivatableClassId\AppEx.Sports.Services.TypeDefs.Request.AppSearchQuery]
 
====== End of Search ======


#5 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 21 February 2017 - 02:48 PM

Hello art_vandelay,
 

When the registry backup ran it did report an error.

Can you try creating a backup again and make a note of the error if it appears again?

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#6 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 21 February 2017 - 03:14 PM

The front console says "Errors! 12/14 Registry Files Backed Up"  Not sure where more details are logged.  I did notice in the log file it said "Error" when backing up ntuser.dat.



#7 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 22 February 2017 - 03:06 AM

Hello art_vandelay,

Please try the following..

  • Open Tweaking Registry and select the Setting tab.
  • Click on the Open Advanced Settings button.
  • Please uncheck the following box:

     

    • Always use Fallback Backup Method Instead of Volume Shadow Copy

     

  • Select Close Advanced Settings.
  • Open the Backup Registry tab and click on Backup Now.

Were you able to create the backup?

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#8 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 22 February 2017 - 06:29 AM

OK, changing that setting allowed the backup to run successfully with no errors.  Let me know next steps....thanks.



#9 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 23 February 2017 - 06:15 AM

Hello art_vandelay,


Please do the following..
 

  • Point your mouse at the top or bottom right corner of your screen.
  • A sidebar will appear.  Select Settings and then click on Control Panel.
  • Depending on your current view setting ...
    • Double click on Programs and Features.
      or
    • Under Programs, click on Uninstall a program.
  • Select the following programs:

    Amazon 1Button App

  • Select Uninstall.
  • Answer any questions attentively.
  • When the process is finished, please restart your computer.


Next..


Please run the following fix..



  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
  • Copy/Paste the contents of the code box below into Notepad.
CreateRestorePoint:

URLSearchHook: [S-1-5-21-2672694475-1104710551-137592349-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> DefaultScope {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL =
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL =
S3 dbx; system32\DRIVERS\dbx.sys [X]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]

Hosts:
EmptyTemp:
  •  
  • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system



  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  • Press the Fix button once and wait.
  • FRST will process fixlist.txt
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
  • Please post me the log

Next..

Adwcleaner


  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Clean.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

How is your computer behaving?  Are you able to access you browsers?

-----------------------------------------
In your next reply, I would like to see..


  • Did you have trouble performing any of the steps?
  • fixlog.txt
  • Adwcleaner report
  • Update on your computer

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#10 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 23 February 2017 - 10:24 AM

Things seem to be running better. Chrome actually working now. No issues running all of these steps!

 

FixLog.txt

====================

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017

Ran by glindholm (23-02-2017 07:04:20) Run:1
Running from C:\Users\glindholm\Desktop\Spyware Removal
Loaded Profiles: UpdatusUser & glindholm (Available Profiles: UpdatusUser & glindholm)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
 
URLSearchHook: [S-1-5-21-2672694475-1104710551-137592349-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> DefaultScope {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL =
SearchScopes: HKU\S-1-5-21-2672694475-1104710551-137592349-1002 -> {B24A31EC-AC1E-425D-A2A8-3C38B7368E13} URL =
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
 
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-2672694475-1104710551-137592349-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B24A31EC-AC1E-425D-A2A8-3C38B7368E13} => key removed successfully
HKCR\CLSID\{B24A31EC-AC1E-425D-A2A8-3C38B7368E13} => key not found. 
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 50492906 B
Java, Flash, Steam htmlcache => 1027 B
Windows/system/drivers => 37691023 B
Edge => 0 B
Chrome => 630118537 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 138320 B
systemprofile32 => 128 B
LocalService => 94445 B
NetworkService => 2408 B
UpdatusUser => 0 B
glindholm => 373581883 B
 
RecycleBin => 5451504540 B
EmptyTemp: => 6.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 07:05:48 ====
 
 
AdwCleaner report
================================
# AdwCleaner v6.043 - Logfile created 23/02/2017 at 07:10:26
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.2 [Server]
# Operating System : Windows 8.1  (X64)
# Username : glindholm - GEORGE
# Running from : C:\Users\glindholm\Desktop\Spyware Removal\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [3164 Bytes] - [21/02/2017 11:10:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1680 Bytes] - [23/02/2017 07:10:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1753 Bytes] ##########
 


#11 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 23 February 2017 - 10:50 AM

Hello art_vandelay,
 

Things seem to be running better. Chrome actually working now. No issues running all of these steps!

I'm very happy to hear that! :)  We still have a little more work to do, so please stick with this topic until I give you the all clear.

 

It looks like you ran a scan with AdwCleaner again.  Please do the following..

  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Clean.
  • Note: All programs will be closed and your computer will be rebooted, therefore I advise you to save any unsaved work.
  • A notepad window will open.  Please copy/paste the contents in your next reply.

 

Next..

 

Let's do an online scan to make sure we didn't miss anything.  This scan can take a while to complete, but it is very thorough.

Please disable your Antivirus as shown in the following topic: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

 

  • Close all opened programs, open your browser and go to the following link: ESET Online Scanner.
  • Click on the SCAN NOW button under ESET Online Scanner.
    • Depending on which browser you are using, you might be prompted to download an executable file.
    • Please save it to your desktop.
    • Right-click on esetonlinescanner_enu.exe and select Run as administrator.  
    • If you agree to the Terms of use, select Accept to continue.  
  • Please check the following option:

     

    • Enable detection of potentially unwanted applications

     

  • Select Advanced settings and ensure that the following options are checked:

     

    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology

     

        
  • Make sure that the following option is NOT checked:  => Very important!

     

    • Clean threats automatically

     

  • Click Scan and the process will now begin.  Please do not use your computer while the scan is running.
  • Once the scan is completed, click Copy to clipboard.
  • Open the Start menu and type notepad.exe in the search programs and files box.
  • Press Enter.  A blank Notepad page should open, paste the contents inside the window.
  • Save the file as ESETScan.txt.
  • Please copy/paste the contents of ESETScan.txt in your next reply.
  • You can now safely close the program.
    Do not forget to re-activate your Antivirus at this point.


-----------------------------------------
In your next reply, I would like to see..

  • Did you encounter any problem while performing the scan?
  • Adwcleaner report
  • ESETScan.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#12 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 24 February 2017 - 01:20 PM

 No problems with scan.

 

Adwcleaner report is below.

 

ESET scanner gave no option for copying anything to a clipboard or creating a report.  It simply said "No Threats Found" and had a "FINISH" button.

 

# AdwCleaner v6.043 - Logfile created 23/02/2017 at 09:22:04
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-23.3 [Server]
# Operating System : Windows 8.1  (X64)
# Username : glindholm - GEORGE
# Running from : C:\Users\glindholm\Desktop\Spyware Removal\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Folder Found:  C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - pbjikboenpfhbbejgkoklgkhjpfogcam
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1760 Bytes] - [23/02/2017 07:10:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [3164 Bytes] - [21/02/2017 11:10:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1832 Bytes] - [23/02/2017 07:10:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [1763 Bytes] - [23/02/2017 09:22:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1836 Bytes] ##########


#13 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 25 February 2017 - 02:58 AM

Hello art_vandelay,
 

ESET scanner gave no option for copying anything to a clipboard or creating a report.  It simply said "No Threats Found" and had a "FINISH" button.

That's good news!



Adwcleaner report is below.

Did you select clean as mentioned in my last post?  If not, please re-run the AdwCleaner scan and select clean at the end.

Please give me an update on your computer behaviour and if all is well I will provide you with my all clean speech.

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#14 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 25 February 2017 - 12:08 PM

OK, I may have forgotten the Clean option.  So here it is:

 

# AdwCleaner v6.043 - Logfile created 25/02/2017 at 08:58:42
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-24.1 [Server]
# Operating System : Windows 8.1  (X64)
# Username : glindholm - GEORGE
# Running from : C:\Users\glindholm\Desktop\Spyware Removal\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
[-] Folder deleted: C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\glindholm\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pbjikboenpfhbbejgkoklgkhjpfogcam
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1760 Bytes] - [23/02/2017 07:10:57]
C:\AdwCleaner\AdwCleaner[C2].txt - [1838 Bytes] - [23/02/2017 09:25:45]
C:\AdwCleaner\AdwCleaner[C3].txt - [1540 Bytes] - [25/02/2017 08:58:42]
C:\AdwCleaner\AdwCleaner[S0].txt - [3164 Bytes] - [21/02/2017 11:10:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [1832 Bytes] - [23/02/2017 07:10:26]
C:\AdwCleaner\AdwCleaner[S2].txt - [1915 Bytes] - [23/02/2017 09:22:04]
C:\AdwCleaner\AdwCleaner[S3].txt - [2061 Bytes] - [25/02/2017 08:55:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1905 Bytes] ##########


#15 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:03:10 AM

Posted 26 February 2017 - 01:49 AM

Things were good for a while but now we are back to VERY frequent browser hanging on Chrome AND IE.  Once it hangs it is usable and the only fix is to reboot.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users