Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyboard Disabled, repeating characters, and start button not working properly


  • Please log in to reply
10 replies to this topic

#1 chanamiata

chanamiata

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 19 February 2017 - 10:56 PM

Hi.  I have a problem.

 

My computer had been running a bit slow of late, and I just figured it needed to be cleaned up a bit- I did that about a week ago, ran a virus scan (malwarebytes), defragmented, cleaned up the disk. It was a bit better, but a few days later when I tried to logon, I couldn't- it would log me into a temporary account.  After restarting, I could logon, until a few hours later- repeat the unable to logon, restart, etc. I tried a system restore and ran a virus scan after.  It worked fine for two days.

 

Yesterday when I started my computer, I couldn't type a thing. (No users could- there are 6 users on this computer.) I thought it was a keyboard problem, so I tried the keyboard on another computer and it worked fine. I tried running a virus scan today, and it worked fine, but didn't fix the problem. I can't start in safe mode, because although I can get to the screen that allows me to choose, I can't choose because the keyboard isn't working. Fast forward a few hours, and clicking start causes cortana to open up and those options, not the typical start options where I can restart, or go to settings.  I have to right-click on start to get to the settings. If I click on any box or app (after right-clicking to get to settings, say), whatever letter that app starts with begins repeating uncontrollably in whatever box appears (the boxes you can type in- like search boxes). Also, on the desktop, all the apps that start with the same letter will toggle back and forth, as though they're being highlighted over and over again. This also happens if I open something by right clicking but don't choose an app fast enough- it will just choose a letter or symbol and repeat that.

 

I am typing this from my laptop. I have the FRST reports (I downloaded it onto a thumb drive and ran it on the computer from there), and I can get online- basically as long as I don't need to type anything, I can still do it if I'm fast, before the random repeating letters begins.

 

Any help you can provide would be greatly appreciated.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Chana (administrator) on JOHNSONS (19-02-2017 22:28:30)
Running from H:\
Loaded Profiles: Chana (Available Profiles: Chana & johns_000 & Maisy & Mark & Maxwell & Monae)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxcicoms.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Dropbox, Inc.) C:\Users\Chana\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Brother Industries Ltd.) C:\Brother\BPRSP\resources\BrSupSsp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Chana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Aeria Games & Entertainment) C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
() C:\Users\Chana\AppData\Roaming\Dropbox\bin\QtWebEngineProcess.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-06-23] (Hewlett-Packard )
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-01] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [898952 2012-11-08] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
HKLM-x32\...\Run: [Windows Client Manager] => C:\Program Files (x86)\Browser Update\winclient32.exe
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] => C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\BrowserPlugInHelper.exe [1956352 2013-12-10] ()
HKLM-x32\...\Run: [Aeria Ignite] => C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe [1925656 2013-06-06] (Aeria Games & Entertainment)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\...\Run: [Starfield Updater] => C:\Users\Chana\AppData\Local\Workspace\WorkspaceUpdate.exe [35008 2013-04-16] (Starfield Technologies) <===== ATTENTION
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\...\Run: [GoogleChromeAutoLaunch_BEDCBD4C411370E2C528DC9C4DAFCC87] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [945496 2017-02-01] (Google Inc.)
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\...\Run: [Dropbox Update] => C:\Users\Chana\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-16] (Dropbox, Inc.)
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\...\MountPoints2: {72aba8f4-20a8-11e2-be6e-806e6f6e6963} - "E:\autorun.exe" 
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-01-26] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll [2013-01-26] (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Chana\AppData\Roaming\Dropbox\bin\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother BPRSP.lnk [2016-06-17]
ShortcutTarget: Brother BPRSP.lnk -> C:\Windows\Installer\{8040527F-DD74-4B45-8A06-C4BF145B6C76}\BrSupSsp.exe_6861D01CB00C428FAA7298BB572A9511.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-01-27]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.500\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-02-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Chana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-06-13]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1011\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1001\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4f0d5e45-b194-45b9-a72f-8f32f4f51b86}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
SearchScopes: HKLM -> {63B70FDF-CECE-4C26-9CD5-DBF7494D4B31} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {63B70FDF-CECE-4C26-9CD5-DBF7494D4B31} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {63B70FDF-CECE-4C26-9CD5-DBF7494D4B31} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
BHO-x32: Aimersoft Video Converter Ultimate -> {54F73992-6549-4369-9A0D-84FD310A464A} -> C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRIEPlugin.dll [2013-12-10] (Aimersoft Software Co., Ltd.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-06-15] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-06-15] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2017-01-10] (Intel Security)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
FF Extension: (Aimersoft Video Converter Ultimate) - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt [2014-06-13] [not signed]
FF HKU\S-1-5-21-25570244-1420655322-4102591135-1001\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-02-17] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-02-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-07-18] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-06-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-06-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-11-08] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll [2016-02-01] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Chana\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @nsroblox.roblox.com/launcher -> C:\Users\Chana\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Chana\AppData\Local\Roblox\Versions\version-8756646edb404aaf\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @starfield.com/off -> C:\Users\Chana\AppData\Roaming\Mozilla\Plugins\npoff.dll [2013-03-12] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @starfield.com/off64 -> C:\Users\Chana\AppData\Roaming\Mozilla\Plugins\npoff64.dll [2013-03-12] ( Starfield Technologies, LLC.)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @starfield.com/wbe -> C:\Users\Chana\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2013-02-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @starfield.com/wbe64 -> C:\Users\Chana\AppData\Roaming\Mozilla\Plugins\npwbe64.dll [2013-02-08] (Starfield Technology, LLC)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Chana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-07-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-25570244-1420655322-4102591135-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chana\AppData\Roaming\mozilla\plugins\npoff.dll [2013-03-12] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chana\AppData\Roaming\mozilla\plugins\npoff64.dll [2013-03-12] ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Chana\AppData\Roaming\mozilla\plugins\npwbe.dll [2013-02-08] (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Chana\AppData\Roaming\mozilla\plugins\npwbe64.dll [2013-02-08] (Starfield Technology, LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default [2017-02-19]
CHR Extension: (Google Drive) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2015-08-06]
CHR Extension: (Skype Calling) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-04-14]
CHR Extension: (Adobe Acrobat) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (StayFocusd) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-04-11]
CHR Extension: (Aimersoft Video Converter Ultimate) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapcejffhcbidcjmomhalabpcbaeimcb [2015-03-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR Profile: C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-11]
CHR Profile: C:\Users\Chana\AppData\Local\Google\Chrome\User Data\System Profile [2016-02-23]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2014-06-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2016-02-01] (WildTangent)
S3 GSService; C:\WINDOWS\SysWOW64\GSService.exe [450272 2013-03-28] ()
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-16] (SurfRight B.V.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 lxci_device; C:\windows\system32\lxcicoms.exe [566192 2007-02-01] ( )
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.500\McCHSvc.exe [329480 2017-01-19] (McAfee, Inc.)
R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [582544 2016-07-13] (RealNetworks, Inc.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-10-23] (Sony Corporation) [File not signed]
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [995800 2017-01-05] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2017-01-05] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2017-01-05] (McAfee, Inc.)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-10-27] (Symantec Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-19] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896752 2015-09-04] (Realtek                                            )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-19] (Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-19] (Texas Instruments, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-05-13] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-19 22:28 - 2017-02-19 22:28 - 00000000 ____D C:\FRST
2017-02-19 20:55 - 2017-02-19 20:55 - 00000000 ___HD C:\$SysReset
2017-02-19 20:45 - 2017-02-19 20:45 - 00000000 ___HD C:\OneDriveTemp
2017-02-19 20:43 - 2017-02-19 20:43 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2017-02-19 18:41 - 2017-02-19 18:41 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2017-02-19 18:37 - 2017-02-19 18:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-02-19 18:32 - 2017-02-19 18:32 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-02-19 18:29 - 2017-02-19 18:29 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-02-19 18:27 - 2017-02-19 18:27 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-02-19 17:07 - 2017-02-19 18:26 - 00000000 ____D C:\Users\TEMP.JOHNSONS.001\AppData\Local\Packages
2017-02-19 17:06 - 2017-02-19 18:26 - 00000000 ____D C:\Users\TEMP.JOHNSONS.001
2017-02-17 17:34 - 2017-02-17 17:34 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Whelen Engineering Company, Inc
2017-02-13 12:41 - 2017-02-13 12:41 - 12177168 _____ C:\Users\Chana\Downloads\13_Soft Tissue Injuries (1).pptx
2017-02-13 12:37 - 2017-02-13 12:37 - 12177168 _____ C:\Users\Chana\Downloads\13_Soft Tissue Injuries.pptx
2017-02-12 18:06 - 2017-02-12 18:06 - 00002174 _____ C:\Users\Public\Desktop\Play Art of Murder - Cards of Destiny.lnk
2017-02-12 18:06 - 2017-02-12 18:06 - 00001254 _____ C:\Users\Public\Desktop\More Great Games.lnk
2017-02-12 18:03 - 2017-02-12 18:11 - 00000000 ____D C:\Program Files (x86)\Art of Murder - Cards of Destiny
2017-02-12 18:03 - 2017-02-12 18:03 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Art of Murder - Cards of Destiny
2017-02-12 18:03 - 2017-02-12 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Art of Murder - Cards of Destiny
2017-02-12 17:06 - 2017-02-14 21:56 - 00000000 ____D C:\Users\Chana\Documents\Art of Murder - Cards of Destiny (BF)
2017-02-11 13:39 - 2017-02-11 17:55 - 00000000 ____D C:\Users\TEMP.JOHNSONS.000\AppData\Local\Packages
2017-02-11 13:38 - 2017-02-11 17:55 - 00000000 ____D C:\Users\TEMP.JOHNSONS.000
2017-02-10 21:58 - 2017-02-10 21:58 - 00002046 _____ C:\Users\Public\Desktop\Play Syberia - Part 1.lnk
2017-02-10 21:56 - 2017-02-10 21:58 - 00000000 ____D C:\Program Files (x86)\Syberia - Part 1
2017-02-10 21:56 - 2017-02-10 21:56 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Syberia - Part 1
2017-02-10 21:56 - 2017-02-10 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Syberia - Part 1
2017-02-10 21:49 - 2017-02-12 18:11 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-10 10:47 - 2017-02-10 11:05 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-07 20:34 - 2017-02-07 20:34 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-06 19:46 - 2017-02-06 19:47 - 00000000 ____D C:\Users\Chana\AppData\Roaming\TEMP MINECRAFT MOD SPACE
2017-02-06 19:27 - 2017-02-06 19:27 - 04625356 _____ C:\Users\Chana\Downloads\forge-1.10.2-12.18.3.2221-installer-win.exe
2017-02-06 19:14 - 2017-02-06 19:15 - 02346253 _____ C:\Users\Chana\Downloads\forge-1.6.4-9.11.1.1345-installer-win (2).exe
2017-02-06 18:33 - 2017-02-06 18:33 - 00976433 _____ C:\Users\Chana\Downloads\Morph-Beta-0.3.0.zip
2017-02-06 18:17 - 2017-02-06 18:18 - 02314240 _____ C:\Users\Chana\Downloads\MinecraftInstaller (7).msi
2017-02-06 18:16 - 2017-02-06 18:16 - 00067609 _____ C:\Users\Chana\Downloads\Epic-Proportions-Lucky-Block-master (1).zip
2017-02-06 18:06 - 2017-02-06 18:06 - 00067609 _____ C:\Users\Chana\Downloads\Epic-Proportions-Lucky-Block-master.zip
2017-02-06 11:16 - 2017-02-06 11:17 - 02314240 _____ C:\Users\Chana\Downloads\MinecraftInstaller (6).msi
2017-02-06 11:16 - 2017-02-06 11:17 - 02314240 _____ C:\Users\Chana\Downloads\MinecraftInstaller (5).msi
2017-02-04 20:53 - 2017-02-06 11:11 - 00001358 _____ C:\Users\Maxwell\Desktop\nativelog.txt
2017-02-04 20:53 - 2017-02-04 20:53 - 00000000 ____D C:\Users\Maxwell\AppData\Roaming\java
2017-02-04 20:53 - 2017-02-04 20:53 - 00000000 ____D C:\Users\Maxwell\AppData\Roaming\.minecraft
2017-02-02 11:13 - 2017-02-02 11:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\419F2A65.sys
2017-02-01 22:07 - 2017-02-08 09:12 - 00000000 ____D C:\Users\Maisy\AppData\Local\tkdata
2017-01-31 21:13 - 2017-01-31 21:13 - 00002223 _____ C:\Users\Public\Desktop\Google Earth.lnk
2017-01-31 21:13 - 2017-01-31 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2017-01-27 19:04 - 2017-01-27 19:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2017-01-27 13:55 - 2017-01-27 13:55 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-27 13:54 - 2017-02-19 20:44 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-27 13:54 - 2017-02-10 13:00 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-27 13:54 - 2017-02-10 13:00 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-01-27 13:54 - 2017-02-10 11:20 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-27 13:54 - 2017-01-27 13:54 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-27 13:54 - 2017-01-27 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-27 13:54 - 2017-01-27 13:54 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-27 13:54 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-27 13:53 - 2017-01-27 13:53 - 55566792 _____ (Malwarebytes ) C:\Users\Chana\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-24 23:04 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 23:04 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-21 09:41 - 2017-01-21 09:41 - 00000000 __SHD C:\found.000
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-19 22:25 - 2016-10-01 08:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-19 20:46 - 2016-05-09 17:31 - 00001483 _____ C:\Users\Chana\Desktop\ROBLOX Studio.lnk
2017-02-19 20:46 - 2013-03-22 09:41 - 00000000 ___RD C:\Users\Chana\Dropbox
2017-02-19 20:45 - 2014-04-08 12:41 - 00000000 __RDO C:\Users\Chana\SkyDrive
2017-02-19 20:43 - 2016-10-01 08:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-19 20:43 - 2015-03-13 10:59 - 00000350 _____ C:\WINDOWS\Tasks\HPCeeScheduleForChana.job
2017-02-19 18:52 - 2016-07-16 01:04 - 02097152 _____ C:\WINDOWS\system32\config\BBI
2017-02-19 18:49 - 2016-10-01 08:59 - 00003242 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForChana
2017-02-19 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-19 18:12 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-19 17:09 - 2016-12-16 15:33 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-19 17:07 - 2012-10-27 21:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-19 13:00 - 2012-09-18 17:25 - 00000000 ____D C:\ProgramData\Temp
2017-02-19 12:47 - 2016-07-03 09:22 - 00000000 ____D C:\Users\Maxwell\AppData\Local\tkdata
2017-02-18 21:54 - 2016-12-28 13:43 - 00000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForjohns_000.job
2017-02-18 21:54 - 2016-06-27 18:11 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-02-18 21:54 - 2016-06-27 18:03 - 00000000 ____D C:\Program Files\TrueKey
2017-02-18 21:54 - 2012-12-25 12:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-02-18 21:53 - 2016-10-01 08:13 - 00000000 ____D C:\Users\Chana
2017-02-18 10:26 - 2016-06-27 18:13 - 00001241 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2017-02-17 19:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-17 19:03 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-17 17:38 - 2015-10-07 22:28 - 00000000 ____D C:\Users\Mark\AppData\Local\MyComGames
2017-02-17 17:34 - 2017-01-04 23:38 - 00000330 _____ C:\Users\Mark\Desktop\WeCad 5.appref-ms
2017-02-17 17:34 - 2016-10-19 09:42 - 00000000 ____D C:\Users\Mark\AppData\Local\Deployment
2017-02-17 17:34 - 2015-08-24 09:52 - 00002402 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-17 17:34 - 2015-08-24 09:52 - 00000000 ___RD C:\Users\Mark\OneDrive
2017-02-17 17:33 - 2014-06-28 14:20 - 00000000 ____D C:\Users\Mark\AppData\Local\Akamai
2017-02-15 07:43 - 2016-12-28 13:43 - 00003274 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForjohns_000
2017-02-15 07:43 - 2014-04-11 06:26 - 00000000 __RDO C:\Users\johns_000\SkyDrive
2017-02-13 21:17 - 2017-01-14 11:45 - 00000000 ____D C:\Users\Chana\AppData\Roaming\.minecraft
2017-02-12 18:07 - 2012-10-27 22:36 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-12 18:03 - 2012-09-18 17:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-11 18:44 - 2017-01-14 12:43 - 00001426 _____ C:\Users\Chana\Desktop\nativelog.txt
2017-02-11 17:43 - 2017-01-14 14:11 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-02-11 09:00 - 2013-07-12 18:25 - 00000000 ____D C:\BigFishCache
2017-02-10 13:04 - 2016-10-01 08:12 - 01421514 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 11:23 - 2016-05-15 19:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-10 11:14 - 2012-09-18 17:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-10 11:12 - 2012-12-25 12:13 - 00000000 ____D C:\Program Files (x86)\LeapFrog
2017-02-10 11:09 - 2015-04-13 20:40 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-10 11:02 - 2013-11-07 14:01 - 00000000 ____D C:\Program Files (x86)\Opera
2017-02-10 10:38 - 2016-10-01 08:13 - 00000000 ____D C:\Users\Monae
2017-02-10 10:38 - 2016-10-01 08:13 - 00000000 ____D C:\Users\Maxwell
2017-02-10 10:38 - 2016-10-01 08:13 - 00000000 ____D C:\Users\Mark
2017-02-10 10:38 - 2016-10-01 08:13 - 00000000 ____D C:\Users\Maisy
2017-02-10 10:38 - 2016-10-01 08:13 - 00000000 ____D C:\Users\johns_000
2017-02-10 10:38 - 2015-03-13 07:18 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Enigma Software Group
2017-02-10 10:38 - 2014-11-20 20:28 - 00000000 ____D C:\Program Files\COMODO
2017-02-10 10:38 - 2013-05-01 09:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2017-02-07 20:34 - 2013-03-22 09:38 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Dropbox
2017-02-07 15:04 - 2016-05-09 17:31 - 00000250 _____ C:\Users\Chana\AppData\LocalLow\rbxcsettings.rbx
2017-02-07 15:04 - 2016-05-09 17:31 - 00000000 ____D C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-02-07 15:02 - 2016-05-09 17:31 - 00001471 _____ C:\Users\Chana\Desktop\ROBLOX Player.lnk
2017-02-06 22:01 - 2012-10-27 21:05 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 22:00 - 2013-07-14 19:45 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-02-06 18:18 - 2017-01-14 14:11 - 00001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-02-06 18:18 - 2017-01-14 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-01-31 21:13 - 2012-10-27 21:05 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-31 16:10 - 2015-09-02 09:00 - 00002411 _____ C:\Users\Maxwell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-31 16:10 - 2015-09-02 09:00 - 00000000 ___RD C:\Users\Maxwell\OneDrive
2017-01-31 10:16 - 2016-06-29 20:31 - 00000000 ____D C:\Users\Chana\AppData\Local\tkdata
2017-01-27 19:04 - 2016-12-16 19:06 - 00002011 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2017-01-27 19:04 - 2016-06-27 18:41 - 00000000 ____D C:\Program Files\McAfee Security Scan
2017-01-27 13:54 - 2012-10-27 22:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-25 13:55 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 19:53 - 2015-08-28 18:57 - 00002405 _____ C:\Users\Maisy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 19:53 - 2015-08-28 18:57 - 00000000 ___RD C:\Users\Maisy\OneDrive
2017-01-23 18:47 - 2015-08-24 16:46 - 00002405 _____ C:\Users\Chana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-23 18:32 - 2015-08-27 18:32 - 00002417 _____ C:\Users\johns_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2014-09-01 03:18 - 2014-09-01 03:18 - 0001248 _____ () C:\Users\Chana\AppData\Roaming\ANDYIQUU
2015-02-04 23:01 - 2015-02-04 23:01 - 0000093 _____ () C:\Users\Chana\AppData\Roaming\ARCompanion.log
2014-09-01 03:18 - 2014-09-01 03:18 - 0002086 _____ () C:\Users\Chana\AppData\Roaming\HRGG
2014-02-11 12:14 - 2014-02-12 10:04 - 0005667 _____ () C:\Users\Chana\AppData\Roaming\LiveSupport.exe_log.txt
2014-02-11 12:14 - 2014-02-12 10:04 - 0000092 _____ () C:\Users\Chana\AppData\Roaming\regsvr32.exe_log.txt
2014-11-30 17:33 - 2014-11-30 17:33 - 0000600 _____ () C:\Users\Chana\AppData\Roaming\winscp.rnd
2015-02-10 13:54 - 2015-02-10 13:54 - 0103749 _____ () C:\Users\Chana\AppData\Local\VZWifiIcon.ico
2012-09-18 17:51 - 2012-09-18 17:51 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2012-12-05 23:06 - 2012-12-05 23:06 - 1189697 _____ () C:\ProgramData\SPL1E82.tmp
 
Files to move or delete:
====================
C:\Users\Chana\AppData\Local\Workspace\WorkspaceUpdate.exe
C:\Users\Chana\MetricCollection.dll
 
 
Some files in TEMP:
====================
2017-02-06 18:20 - 2017-02-06 18:20 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-1985365740247640320.dll
2017-01-15 14:40 - 2017-01-15 14:40 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-2102876859219110031.dll
2017-01-14 16:41 - 2017-01-14 16:41 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-2732353534894217807.dll
2017-01-14 16:41 - 2017-01-14 16:41 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-4172203804118613601.dll
2017-02-06 18:18 - 2017-02-06 18:18 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-6184140769861307912.dll
2017-02-06 18:22 - 2017-02-06 18:22 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-7818301471097534207.dll
2017-02-06 18:21 - 2017-02-06 18:21 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-8238357834308204524.dll
2017-01-15 14:40 - 2017-01-15 14:40 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-8633828779617418366.dll
2017-02-06 11:15 - 2017-02-06 11:15 - 0017408 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-32-996592683332352768.dll
2017-01-14 14:26 - 2017-01-14 14:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-1056979327372516684.dll
2017-01-14 16:39 - 2017-01-14 16:39 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-1430042596418690452.dll
2017-02-11 18:25 - 2017-02-11 18:25 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-1486197132969084541.dll
2017-02-08 20:54 - 2017-02-08 20:54 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-1678387858860319670.dll
2017-02-06 11:17 - 2017-02-06 11:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-2007622147404743860.dll
2017-01-15 14:41 - 2017-01-15 14:41 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-2704246662317606949.dll
2017-02-07 21:53 - 2017-02-07 21:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-4202781872082961415.dll
2017-01-14 16:42 - 2017-01-14 16:42 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-5194518175347560937.dll
2017-02-06 19:07 - 2017-02-06 19:07 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-5609802133087534847.dll
2017-02-06 19:47 - 2017-02-06 19:47 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-562493833290111547.dll
2017-02-13 21:17 - 2017-02-13 21:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-6551243619425043876.dll
2017-02-06 19:43 - 2017-02-06 19:43 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-7756056822446861563.dll
2017-01-14 18:26 - 2017-01-14 18:26 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-7811824925021336040.dll
2017-02-06 18:24 - 2017-02-06 18:24 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-7838546990880943675.dll
2017-02-06 18:51 - 2017-02-06 18:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-8125281332506213349.dll
2017-01-14 14:20 - 2017-01-14 14:20 - 0019968 ____N (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-8153773588854157387.dll
2017-01-14 14:31 - 2017-01-14 14:31 - 0019968 _____ (Red Hat®, Inc.) C:\Users\Chana\AppData\Local\Temp\jansi-64-8926708632255197194.dll
2017-01-18 09:13 - 2017-01-18 09:13 - 0739904 _____ (Oracle Corporation) C:\Users\Chana\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-02-10 11:13 - 2017-02-10 11:13 - 0000460 _____ () C:\Users\Chana\AppData\Local\Temp\tempmessage.bfg
2016-10-24 11:44 - 2006-05-24 12:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Chana\AppData\Local\Temp\_isFB24.exe
2017-01-18 09:13 - 2017-01-18 09:13 - 0739904 _____ (Oracle Corporation) C:\Users\Maisy\AppData\Local\Temp\jre-8u121-windows-au.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-17 17:45
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 20 February 2017 - 10:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) <--- No longer supported.
Internet Updater (HKLM-x32\...\InternetUpdater) (Version: 2.6.57 - Parallel Lines Development, LLC) <==== ATTENTION
WS.Enabler (HKLM-x32\...\S-129586235) (Version: 3.2.0.1170 - PremiumSoft) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Windows Client Manager] => C:\Program Files (x86)\Browser Update\winclient32.exe
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1011\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1001\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
Task: {175D51DB-EBAA-44C8-922F-FCE69350E6B6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {36F3FA32-38A5-4794-8E76-1DDD8A57D668} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37C735AA-76C9-4A5D-99EC-4ECB86B8BCF7} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1001 -> No File <==== ATTENTION
Task: {717F40C4-BFCC-4A1C-AAD2-AF2C6FF810A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {848A3A2B-D1E8-4AB3-8A6B-BE140D79EFC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7A483F-6ADB-4272-B31B-6E0E00E01EF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A2CCD9BF-5A97-4348-8CCA-352A27F73EFB} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1005 -> No File <==== ATTENTION
Task: {AEAB26A0-59FB-4632-8137-7C072785D9D5} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1008 -> No File <==== ATTENTION
Task: {AFC95CB9-70E2-4450-B05D-26E10D0D24A7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B38FE2FE-51B6-4BFB-B6DF-C8BC58C1895F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C227D04A-0CFE-4B32-9F91-D7A2D55C4346} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C68FA30D-14DB-4098-8B77-B2982D4AC479} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1006 -> No File <==== ATTENTION
Task: {C6E01A48-1B97-4DF7-A469-2AF833A79169} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA071762-3988-4A31-80E7-4421D918EC4E} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1007 -> No File <==== ATTENTION
Task: {DF6BC201-73EB-41F7-96C1-4B4E72A12797} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E8FA5FB0-2E43-4973-A01B-49D53BC94D07} - System32\Tasks\ANDYIQUU => C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe  <==== ATTENTION
Task: {F64721BC-013B-4935-872F-4086A99F870F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F723CC32-C3FA-4BD7-8BD5-7AF329394F23} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8A6CC93-C81E-40A0-AF82-6DE293545134} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1004 -> No File <==== ATTENTION
Task: {FBABA28A-1220-4DE2-B2FE-100942BC533F} - System32\Tasks\HRGG => C:\Users\Chana\AppData\Roaming\HRGG.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\ANDYIQUU.job => C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HRGG.job => C:\Users\Chana\AppData\Roaming\HRGG.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD [474]
AlternateDataStreams: C:\ProgramData\Temp:0459F5AC [438]
AlternateDataStreams: C:\ProgramData\Temp:05A9EC70 [218]
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9 [217]
AlternateDataStreams: C:\ProgramData\Temp:1239BE94 [244]
AlternateDataStreams: C:\ProgramData\Temp:1DF2FF5D [240]
AlternateDataStreams: C:\ProgramData\Temp:1F4F2F80 [252]
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0 [235]
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD [236]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6 [234]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [474]
AlternateDataStreams: C:\ProgramData\Temp:453190EC [464]
AlternateDataStreams: C:\ProgramData\Temp:46EF121E [231]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [136]
AlternateDataStreams: C:\ProgramData\Temp:5FFC2819 [223]
AlternateDataStreams: C:\ProgramData\Temp:63C48B80 [243]
AlternateDataStreams: C:\ProgramData\Temp:6FD3C973 [436]
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63 [208]
AlternateDataStreams: C:\ProgramData\Temp:887F3A41 [222]
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90 [456]
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441 [456]
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB [240]
AlternateDataStreams: C:\ProgramData\Temp:9818E768 [472]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [218]
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8 [127]
AlternateDataStreams: C:\ProgramData\Temp:A00BCDEF [418]
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8 [121]
AlternateDataStreams: C:\ProgramData\Temp:A819A132 [236]
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D [224]
AlternateDataStreams: C:\ProgramData\Temp:B382770D [243]
AlternateDataStreams: C:\ProgramData\Temp:BB99F46B [232]
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2 [212]
AlternateDataStreams: C:\ProgramData\Temp:C00C7190 [498]
AlternateDataStreams: C:\ProgramData\Temp:C84C408C [472]
AlternateDataStreams: C:\ProgramData\Temp:CDCEE6BF [128]
AlternateDataStreams: C:\ProgramData\Temp:CF2590B2 [226]
AlternateDataStreams: C:\ProgramData\Temp:CFF6B3FF [430]
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0 [408]
AlternateDataStreams: C:\ProgramData\Temp:DA6C3E3A [250]
AlternateDataStreams: C:\ProgramData\Temp:E11EAB84 [128]
AlternateDataStreams: C:\ProgramData\Temp:ECFD9449 [210]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [440]
C:\Program Files (x86)\Browser Update
C:\WINDOWS\system32\default_error_stack-000005-000000.txt
C:\WINDOWS\system32\default_error_stack-000004-000000.txt
C:\WINDOWS\system32\default_error_stack-000003-000000.txt
C:\WINDOWS\system32\default_error_stack-000002-000000.txt
C:\WINDOWS\system32\default_error_stack-000001-000000.txt
C:\WINDOWS\system32\default_error_stack-000000-000000.txt
C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe
C:\Users\Chana\AppData\Roaming\HRGG.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

ADOBE AIR

Navigate to this page and follow the instructions and get the latest version.
https://get.adobe.com/air/
==============

ADOBE SHOCKWARE

Navigate to this page and follow the instructions and get the latest version.
https://www.adobe.com/shockwave/welcome/
=====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
===

Please post the Fixldog.txt and let me know what problem persists.

#3 chanamiata

chanamiata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 20 February 2017 - 11:47 AM

Hi, Nasdaq- thanks for your help.

 

HiJack this wasn't there- I ran it from a thumb drive and it was never installed.

The other two both gave me the same error message: an error occurred while trying to uninstall, it may have already been uninstalled, do I want to remove it from the list?

 

I didn't move on to the next step because I wasn't sure if the first needed to be completed, plus my keyboard hasn't been working, so pressing the windows button elicits no response, and pressing any key starts it cycling through apps again. 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 20 February 2017 - 02:08 PM

The other two both gave me the same error message: an error occurred while trying to uninstall, it may have already been uninstalled, do I want to remove it from the list?

You can remove them from the list.


I have attached the fixlist.txt.

Download it and copy the file to your H drive where the Farbar tool is located.

Execute the fix as I have suggested from the H drive.

If successful paste the Fixlog.txt for my review.

Attached Files



#5 chanamiata

chanamiata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 20 February 2017 - 02:59 PM

Ok- here is the info, as requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by Chana (20-02-2017 14:47:05) Run:1
Running from H:\
Loaded Profiles: Chana (Available Profiles: Chana & johns_000 & Maisy & Mark & Maxwell & Monae)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Windows Client Manager] => C:\Program Files (x86)\Browser Update\winclient32.exe
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1011\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1008\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1007\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1006\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1005\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1004\User: Restriction <======= ATTENTION
GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1001\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-25570244-1420655322-4102591135-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn => not found
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26]
CHR Extension: (Chrome Media Router) - C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-08]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx <not found>
Task: {175D51DB-EBAA-44C8-922F-FCE69350E6B6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {36F3FA32-38A5-4794-8E76-1DDD8A57D668} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {37C735AA-76C9-4A5D-99EC-4ECB86B8BCF7} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1001 -> No File <==== ATTENTION
Task: {717F40C4-BFCC-4A1C-AAD2-AF2C6FF810A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {848A3A2B-D1E8-4AB3-8A6B-BE140D79EFC9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8D7A483F-6ADB-4272-B31B-6E0E00E01EF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A2CCD9BF-5A97-4348-8CCA-352A27F73EFB} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1005 -> No File <==== ATTENTION
Task: {AEAB26A0-59FB-4632-8137-7C072785D9D5} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1008 -> No File <==== ATTENTION
Task: {AFC95CB9-70E2-4450-B05D-26E10D0D24A7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B38FE2FE-51B6-4BFB-B6DF-C8BC58C1895F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C227D04A-0CFE-4B32-9F91-D7A2D55C4346} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C68FA30D-14DB-4098-8B77-B2982D4AC479} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1006 -> No File <==== ATTENTION
Task: {C6E01A48-1B97-4DF7-A469-2AF833A79169} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DA071762-3988-4A31-80E7-4421D918EC4E} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1007 -> No File <==== ATTENTION
Task: {DF6BC201-73EB-41F7-96C1-4B4E72A12797} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E8FA5FB0-2E43-4973-A01B-49D53BC94D07} - System32\Tasks\ANDYIQUU => C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe  <==== ATTENTION
Task: {F64721BC-013B-4935-872F-4086A99F870F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F723CC32-C3FA-4BD7-8BD5-7AF329394F23} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F8A6CC93-C81E-40A0-AF82-6DE293545134} - \WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1004 -> No File <==== ATTENTION
Task: {FBABA28A-1220-4DE2-B2FE-100942BC533F} - System32\Tasks\HRGG => C:\Users\Chana\AppData\Roaming\HRGG.exe  <==== ATTENTION
Task: C:\WINDOWS\Tasks\ANDYIQUU.job => C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\HRGG.job => C:\Users\Chana\AppData\Roaming\HRGG.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:036AA5DD [474]
AlternateDataStreams: C:\ProgramData\Temp:0459F5AC [438]
AlternateDataStreams: C:\ProgramData\Temp:05A9EC70 [218]
AlternateDataStreams: C:\ProgramData\Temp:0E684AC9 [217]
AlternateDataStreams: C:\ProgramData\Temp:1239BE94 [244]
AlternateDataStreams: C:\ProgramData\Temp:1DF2FF5D [240]
AlternateDataStreams: C:\ProgramData\Temp:1F4F2F80 [252]
AlternateDataStreams: C:\ProgramData\Temp:2211E7A0 [235]
AlternateDataStreams: C:\ProgramData\Temp:2339C9FD [236]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:302ECBD6 [234]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
AlternateDataStreams: C:\ProgramData\Temp:3CAE2A70 [474]
AlternateDataStreams: C:\ProgramData\Temp:453190EC [464]
AlternateDataStreams: C:\ProgramData\Temp:46EF121E [231]
AlternateDataStreams: C:\ProgramData\Temp:5E73E1C2 [136]
AlternateDataStreams: C:\ProgramData\Temp:5FFC2819 [223]
AlternateDataStreams: C:\ProgramData\Temp:63C48B80 [243]
AlternateDataStreams: C:\ProgramData\Temp:6FD3C973 [436]
AlternateDataStreams: C:\ProgramData\Temp:7A0EFE63 [208]
AlternateDataStreams: C:\ProgramData\Temp:887F3A41 [222]
AlternateDataStreams: C:\ProgramData\Temp:8BAD6F90 [456]
AlternateDataStreams: C:\ProgramData\Temp:8F2D2441 [456]
AlternateDataStreams: C:\ProgramData\Temp:9033BDFB [240]
AlternateDataStreams: C:\ProgramData\Temp:9818E768 [472]
AlternateDataStreams: C:\ProgramData\Temp:9BB8C675 [218]
AlternateDataStreams: C:\ProgramData\Temp:9FCF32A8 [127]
AlternateDataStreams: C:\ProgramData\Temp:A00BCDEF [418]
AlternateDataStreams: C:\ProgramData\Temp:A3F7C8F8 [121]
AlternateDataStreams: C:\ProgramData\Temp:A819A132 [236]
AlternateDataStreams: C:\ProgramData\Temp:B3196E8D [224]
AlternateDataStreams: C:\ProgramData\Temp:B382770D [243]
AlternateDataStreams: C:\ProgramData\Temp:BB99F46B [232]
AlternateDataStreams: C:\ProgramData\Temp:BE40C8A2 [212]
AlternateDataStreams: C:\ProgramData\Temp:C00C7190 [498]
AlternateDataStreams: C:\ProgramData\Temp:C84C408C [472]
AlternateDataStreams: C:\ProgramData\Temp:CDCEE6BF [128]
AlternateDataStreams: C:\ProgramData\Temp:CF2590B2 [226]
AlternateDataStreams: C:\ProgramData\Temp:CFF6B3FF [430]
AlternateDataStreams: C:\ProgramData\Temp:D1D597D0 [408]
AlternateDataStreams: C:\ProgramData\Temp:DA6C3E3A [250]
AlternateDataStreams: C:\ProgramData\Temp:E11EAB84 [128]
AlternateDataStreams: C:\ProgramData\Temp:ECFD9449 [210]
AlternateDataStreams: C:\ProgramData\Temp:FAB64002 [440]
C:\Program Files (x86)\Browser Update
C:\WINDOWS\system32\default_error_stack-000005-000000.txt
C:\WINDOWS\system32\default_error_stack-000004-000000.txt
C:\WINDOWS\system32\default_error_stack-000003-000000.txt
C:\WINDOWS\system32\default_error_stack-000002-000000.txt
C:\WINDOWS\system32\default_error_stack-000001-000000.txt
C:\WINDOWS\system32\default_error_stack-000000-000000.txt
C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe
C:\Users\Chana\AppData\Roaming\HRGG.exe
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Windows Client Manager => value removed successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1011\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1008\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1007\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1006\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1005\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1004\User => moved successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-25570244-1420655322-4102591135-1001\User => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-25570244-1420655322-4102591135-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB} => value removed successfully
C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Chana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{175D51DB-EBAA-44C8-922F-FCE69350E6B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175D51DB-EBAA-44C8-922F-FCE69350E6B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F3FA32-38A5-4794-8E76-1DDD8A57D668} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F3FA32-38A5-4794-8E76-1DDD8A57D668} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37C735AA-76C9-4A5D-99EC-4ECB86B8BCF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37C735AA-76C9-4A5D-99EC-4ECB86B8BCF7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{717F40C4-BFCC-4A1C-AAD2-AF2C6FF810A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{717F40C4-BFCC-4A1C-AAD2-AF2C6FF810A2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{848A3A2B-D1E8-4AB3-8A6B-BE140D79EFC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{848A3A2B-D1E8-4AB3-8A6B-BE140D79EFC9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D7A483F-6ADB-4272-B31B-6E0E00E01EF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D7A483F-6ADB-4272-B31B-6E0E00E01EF5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2CCD9BF-5A97-4348-8CCA-352A27F73EFB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2CCD9BF-5A97-4348-8CCA-352A27F73EFB} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1005 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AEAB26A0-59FB-4632-8137-7C072785D9D5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AEAB26A0-59FB-4632-8137-7C072785D9D5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1008 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AFC95CB9-70E2-4450-B05D-26E10D0D24A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFC95CB9-70E2-4450-B05D-26E10D0D24A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B38FE2FE-51B6-4BFB-B6DF-C8BC58C1895F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B38FE2FE-51B6-4BFB-B6DF-C8BC58C1895F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C227D04A-0CFE-4B32-9F91-D7A2D55C4346} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C227D04A-0CFE-4B32-9F91-D7A2D55C4346} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C68FA30D-14DB-4098-8B77-B2982D4AC479} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C68FA30D-14DB-4098-8B77-B2982D4AC479} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1006 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6E01A48-1B97-4DF7-A469-2AF833A79169} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E01A48-1B97-4DF7-A469-2AF833A79169} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA071762-3988-4A31-80E7-4421D918EC4E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA071762-3988-4A31-80E7-4421D918EC4E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1007 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF6BC201-73EB-41F7-96C1-4B4E72A12797} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF6BC201-73EB-41F7-96C1-4B4E72A12797} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8FA5FB0-2E43-4973-A01B-49D53BC94D07} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8FA5FB0-2E43-4973-A01B-49D53BC94D07} => key removed successfully
C:\WINDOWS\System32\Tasks\ANDYIQUU => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ANDYIQUU => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F64721BC-013B-4935-872F-4086A99F870F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F64721BC-013B-4935-872F-4086A99F870F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F723CC32-C3FA-4BD7-8BD5-7AF329394F23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F723CC32-C3FA-4BD7-8BD5-7AF329394F23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8A6CC93-C81E-40A0-AF82-6DE293545134} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8A6CC93-C81E-40A0-AF82-6DE293545134} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-25570244-1420655322-4102591135-1004 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBABA28A-1220-4DE2-B2FE-100942BC533F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBABA28A-1220-4DE2-B2FE-100942BC533F} => key removed successfully
C:\WINDOWS\System32\Tasks\HRGG => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HRGG => key removed successfully
C:\WINDOWS\Tasks\ANDYIQUU.job => moved successfully
C:\WINDOWS\Tasks\HRGG.job => moved successfully
C:\ProgramData\Temp => ":036AA5DD" ADS removed successfully.
C:\ProgramData\Temp => ":0459F5AC" ADS removed successfully.
C:\ProgramData\Temp => ":05A9EC70" ADS removed successfully.
C:\ProgramData\Temp => ":0E684AC9" ADS removed successfully.
C:\ProgramData\Temp => ":1239BE94" ADS removed successfully.
C:\ProgramData\Temp => ":1DF2FF5D" ADS removed successfully.
C:\ProgramData\Temp => ":1F4F2F80" ADS removed successfully.
C:\ProgramData\Temp => ":2211E7A0" ADS removed successfully.
C:\ProgramData\Temp => ":2339C9FD" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":302ECBD6" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":3CAE2A70" ADS removed successfully.
C:\ProgramData\Temp => ":453190EC" ADS removed successfully.
C:\ProgramData\Temp => ":46EF121E" ADS removed successfully.
C:\ProgramData\Temp => ":5E73E1C2" ADS removed successfully.
C:\ProgramData\Temp => ":5FFC2819" ADS removed successfully.
C:\ProgramData\Temp => ":63C48B80" ADS removed successfully.
C:\ProgramData\Temp => ":6FD3C973" ADS removed successfully.
C:\ProgramData\Temp => ":7A0EFE63" ADS removed successfully.
C:\ProgramData\Temp => ":887F3A41" ADS removed successfully.
C:\ProgramData\Temp => ":8BAD6F90" ADS removed successfully.
C:\ProgramData\Temp => ":8F2D2441" ADS removed successfully.
C:\ProgramData\Temp => ":9033BDFB" ADS removed successfully.
C:\ProgramData\Temp => ":9818E768" ADS removed successfully.
C:\ProgramData\Temp => ":9BB8C675" ADS removed successfully.
C:\ProgramData\Temp => ":9FCF32A8" ADS removed successfully.
C:\ProgramData\Temp => ":A00BCDEF" ADS removed successfully.
C:\ProgramData\Temp => ":A3F7C8F8" ADS removed successfully.
C:\ProgramData\Temp => ":A819A132" ADS removed successfully.
C:\ProgramData\Temp => ":B3196E8D" ADS removed successfully.
C:\ProgramData\Temp => ":B382770D" ADS removed successfully.
C:\ProgramData\Temp => ":BB99F46B" ADS removed successfully.
C:\ProgramData\Temp => ":BE40C8A2" ADS removed successfully.
C:\ProgramData\Temp => ":C00C7190" ADS removed successfully.
C:\ProgramData\Temp => ":C84C408C" ADS removed successfully.
C:\ProgramData\Temp => ":CDCEE6BF" ADS removed successfully.
C:\ProgramData\Temp => ":CF2590B2" ADS removed successfully.
C:\ProgramData\Temp => ":CFF6B3FF" ADS removed successfully.
C:\ProgramData\Temp => ":D1D597D0" ADS removed successfully.
C:\ProgramData\Temp => ":DA6C3E3A" ADS removed successfully.
C:\ProgramData\Temp => ":E11EAB84" ADS removed successfully.
C:\ProgramData\Temp => ":ECFD9449" ADS removed successfully.
C:\ProgramData\Temp => ":FAB64002" ADS removed successfully.
C:\Program Files (x86)\Browser Update => moved successfully
C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully
"C:\Users\Chana\AppData\Roaming\ANDYIQUU.exe" => not found.
"C:\Users\Chana\AppData\Roaming\HRGG.exe" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 72270360 B
Java, Flash, Steam htmlcache => 193121663 B
Windows/system/drivers => 303793742 B
Edge => 5253242 B
Chrome => 1009303723 B
Firefox => 0 B
Opera => 245157860 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 855530 B
NetworkService => 703798 B
Chana => 1062279315 B
johns_000 => 72799041 B
Maisy => 55967250 B
Mark => 73924607 B
Maxwell => 1392414819 B
Monae => 28980696 B
 
RecycleBin => 3771395229 B
EmptyTemp: => 7.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:55:17 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 21 February 2017 - 07:57 AM

Is your problem persisting?

#7 chanamiata

chanamiata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 21 February 2017 - 09:28 AM

Hi, Nasdaq,

 

Some of it. I can't login to my profile- it sends me to a temporary profile (it did this before it started going totally crazy), and the keyboard still isn't working (I used the login option where I click on different parts of a picture) but the start button is operating normally (no longer sends me to cortana and I don't have to right-click to get to settings) and when I press a key, it doesn't repeat or highlight any icons to cycle. But the keyboard still isn't working. I hope that made sense!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 21 February 2017 - 10:13 AM


Open the Control panel > Hardware and Sound > Device Manager > open the Keyboard

Is there an indication that the Keyboard is not connected, working?

===

Navigate to this page.
https://support.microsoft.com/en-us/help/17417/windows-mouse-touchpad-keyboard-problems
Follow the instructions under this heading.
Download and install a driver yourself
===


Would it help if you were able to used a Virtual Keyboad?
http://www.laptopmag.com/articles/full-layout-touch-keyboard-windows-10

===

Create a new Profile and see if some of the problems are solved.
https://support.microsoft.com/en-ca/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-account-in-windows-10

Try to restore your keyboard first.

If that fails continue with the other fixes if you can.

Keep me posted.

#9 chanamiata

chanamiata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 22 February 2017 - 08:17 AM

Hi!  Okay- according to the device manager, the keyboard is connected and working properly. Except it's not. The drivers are updated- I had to check this through the device manager bc the next step you suggested, the virtual keyboard- that option wasn't given to me under settings.  When I click typing, it only gives me the options under "spelling"- there are no options for "typing".

 

I can't add a new profile bc I can't type a profile name. It also still won't log me in- it works for while and then logs me in to a temporary account saying it can't log me in to mine.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:52 PM

Posted 22 February 2017 - 10:32 AM


When you boot your computer at the very beginning of the boot do you get any unknown sound from the computer.

6 beeps would indicate a bad controller.
http://www.computerhope.com/beep.htm
===

Try a good Keyboard on this computer.
I know that you have tested the compromised on on an other computer.
Just want to make sure that an other keyboard will work or not.

#11 chanamiata

chanamiata
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:08:52 PM

Posted 22 February 2017 - 03:18 PM

Ok- no unknown sounds at all, an no beeping of any kind.  It's silent when it boots. I will try another keyboard but I can't do it until this evening, so I'll likely update you tomorrow on that.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users