Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem to be Locked out as Administrator and some other issues


  • This topic is locked This topic is locked
34 replies to this topic

#1 dayers11

dayers11

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 February 2017 - 11:18 AM

Windows is giving me the "you have to be logged in as administrator to do that" deal.

 

I've confirmed that I am set and logged in as administrator.

 

Also some windows actions arent working when I click on them - like Disk Management or Computer Management..I do seem to be able to run these from the cmd

 

Also having issues with usb drives not being recognized - that's how I originally found this problem

 

Here is my FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by Derrick (administrator) on DBA_HP (21-02-2017 10:42:56)
Running from C:\Users\Derrick\Downloads
Loaded Profiles: Derrick &  (Available Profiles: Derrick & derri)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
() C:\Program Files\CompleteView\ConfigServer64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files\CompleteView\MainServer64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CompleteView\AdminService64.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files\CompleteView\MainServerGui64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\CompleteView\MainClient64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Users\Derrick\AppData\Local\LogMeIn Client\LMIIgnition.exe
(LogMeIn, Inc.) C:\Users\Derrick\AppData\Local\LogMeIn Client\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Users\Derrick\AppData\Local\LogMeIn Client\LMIIgnition.exe
(LogMeIn, Inc.) C:\Users\Derrick\AppData\Local\LogMeIn Client\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [286960 2016-03-13] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [714992 2016-07-05] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26220296 2017-02-06] (Dropbox, Inc.)
HKLM-x32\...\Run: [QBWinClient] => C:\ProgramData\SquirrelMachineInstalls\QBWinClient.exe [40814344 2016-08-26] (Intuit Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [Ubuntu One] => C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe [137848 2013-04-30] ()
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [Ubuntu One Icon] => C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe [130168 2013-04-30] ()
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [Spotify Web Helper] => C:\Users\Derrick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-23] (Spotify Ltd)
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [Google Update] => C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.)
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [BingSvc] => C:\Users\Derrick\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ubuntu One] => C:\Program Files (x86)\ubuntuone\dist\ubuntuone-syncdaemon.exe [137848 2013-04-30] ()
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Ubuntu One Icon] => C:\Program Files (x86)\ubuntuone\dist\ubuntuone-control-panel-qt.exe [130168 2013-04-30] ()
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Derrick\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-11-23] (Spotify Ltd)
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-19] (Google Inc.)
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Derrick\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-06] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-12-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-06-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2015-01-13]
ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\PrivateTunnel.exe (OpenVPN Technologies)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-03-13]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-04-01]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Derrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server GUI.lnk [2016-10-18]
ShortcutTarget: Server GUI.lnk -> C:\Program Files\CompleteView\MainServerGui64.exe ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.1.1.96 10.1.1.99 8.8.8.8
Tcpip\..\Interfaces\{1fd99dd1-92a1-474c-962d-236a0267d667}: [DhcpNameServer] 10.1.1.96 10.1.1.99 8.8.8.8
Tcpip\..\Interfaces\{6ce70735-55ae-441b-9e8f-2bf69339f022}: [DhcpNameServer] 10.1.1.96 10.1.1.99 8.8.8.8
Tcpip\..\Interfaces\{81fd7e0d-075c-4623-a174-9c30301c10c1}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1324969244-36133955-666040981-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5E&ocid=SL5EDHP&osmkt=en-us
HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5E&ocid=SL5EDHP&osmkt=en-us
URLSearchHook: HKU\S-1-5-21-1324969244-36133955-666040981-1001 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5KDF&PC=SL5K&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5KDF&PC=SL5K&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-02-03] (RealDownloader)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2015-01-19] (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-02-03] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-26] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-02] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll [2015-01-19] (Yahoo! Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Derrick\AppData\Roaming\Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 [2017-02-16]
FF NewTab: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> Yahoo! Powered
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> SearchLock
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> about:home
FF Keyword.URL: Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363 -> user_pref("keyword.URL", true);
FF Extension: (Autofill Forms) - C:\Users\Derrick\AppData\Roaming\Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363\Extensions\autofillForms@blueimp.net.xpi [2016-12-19]
FF Extension: (Adblock Plus) - C:\Users\Derrick\AppData\Roaming\Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-26]
FF Extension: (No Name) - C:\Users\Derrick\AppData\Roaming\Mozilla\Firefox\Profiles\xnfbzlwe.default-1421691614363\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2016-12-17]
FF HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: (McAfee Security Scan Plus) - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [not signed]
FF HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-03-13] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.3.100 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-03-13] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1324969244-36133955-666040981-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1324969244-36133955-666040981-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\Derrick\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-19] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mg.mail.yahoo.com/neo/launch?refreshFarm=1#596","hxxps://www.facebook.com/","hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.huntington.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=dss_yset_chr__PARAM__
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google Slides) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Yahoo Web) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2016-01-29]
CHR Extension: (Google Docs) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Honey) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-02-16]
CHR Extension: (Google Cast) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-02-21]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2017-02-08]
CHR Extension: (Google Search) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Search by Image (by Google)) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-09-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (PanicButton) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2016-04-21]
CHR Extension: (Google Sheets) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2017-02-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Evernote Web Clipper) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-02-10]
CHR Extension: (Gmail) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Derrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-06]
CHR HKU\S-1-5-21-1324969244-36133955-666040981-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1324969244-36133955-666040981-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CompleteView Administrative Service; C:\Program Files\CompleteView\AdminService64.exe [5344768 2016-06-30] () [File not signed]
R2 CompleteView Config Server; C:\Program Files\CompleteView\ConfigServer64.exe [5148160 2016-06-30] () [File not signed]
R2 CompleteView Server; C:\Program Files\CompleteView\MainServer64.exe [23067648 2016-06-30] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-25] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-02-06] (Dropbox, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-12-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-12-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 ptservice; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ptservice.exe [17816 2014-10-02] (OpenVPN Technologies, Inc)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [32544 2016-02-03] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095440 2016-03-13] (RealNetworks, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 HP8207_8307; C:\WINDOWS\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
S3 massfilter_hs; C:\WINDOWS\System32\drivers\massfilter_hs.sys [18456 2011-03-07] (HandSet Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-02-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project) [File not signed]
S3 RimUsb; C:\WINDOWS\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-27] (Synaptics Incorporated)
S3 TOUPCAM; C:\WINDOWS\System32\Drivers\toupcam.sys [21016 2016-08-03] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 zghsdiag; C:\WINDOWS\system32\DRIVERS\zghsdiag.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsmdm; C:\WINDOWS\system32\DRIVERS\zghsmdm.sys [129304 2011-03-07] (ZTE Incorporated)
S3 zghsnmea; C:\WINDOWS\system32\DRIVERS\zghsnmea.sys [129304 2011-03-07] (ZTE Incorporated)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-21 10:42 - 2017-02-21 10:44 - 00040479 ____C C:\Users\Derrick\Downloads\FRST.txt
2017-02-21 10:41 - 2017-02-21 10:42 - 00000000 ___DC C:\FRST
2017-02-21 10:40 - 2017-02-21 10:41 - 02422784 ____C (Farbar) C:\Users\Derrick\Downloads\FRST64.exe
2017-02-21 07:58 - 2017-02-21 07:58 - 00000000 __HDC C:\OneDriveTemp
2017-02-20 14:48 - 2017-02-20 14:48 - 00000000 ____D C:\Users\derri\AppData\Roaming\Skype
2017-02-20 14:47 - 2017-02-20 15:10 - 00000000 ___RD C:\Users\derri\OneDrive
2017-02-20 14:47 - 2017-02-20 14:49 - 00002395 _____ C:\Users\derri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-20 14:09 - 2017-02-20 14:47 - 00003238 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForderri
2017-02-20 14:09 - 2017-02-20 14:47 - 00000346 ____C C:\WINDOWS\Tasks\HPCeeScheduleForderri.job
2017-02-20 14:03 - 2017-02-20 14:03 - 00000000 ____D C:\Users\derri\AppData\Roaming\Sun
2017-02-20 14:03 - 2017-02-20 14:03 - 00000000 ____D C:\Users\derri\AppData\LocalLow\Sun
2017-02-20 14:03 - 2017-02-20 14:03 - 00000000 ____D C:\Users\derri\.oracle_jre_usage
2017-02-20 13:59 - 2017-02-20 13:59 - 00002440 _____ C:\Users\derri\Desktop\QuickBooks.lnk
2017-02-20 13:59 - 2017-02-20 13:59 - 00000000 ____D C:\Users\derri\AppData\Roaming\Intel Corporation
2017-02-20 13:58 - 2017-02-20 14:09 - 00000000 ____D C:\Users\derri\AppData\Local\Hewlett-Packard
2017-02-20 13:58 - 2017-02-20 13:59 - 00000000 ____D C:\Users\derri\AppData\Local\SquirrelTemp
2017-02-20 13:58 - 2017-02-20 13:59 - 00000000 ____D C:\Users\derri\AppData\Local\Dropbox
2017-02-20 13:58 - 2017-02-20 13:58 - 00000000 ____D C:\Users\derri\AppData\Local\QBWinClient
2017-02-20 13:57 - 2017-02-20 13:57 - 00000000 ____D C:\Users\derri\AppData\Local\Comms
2017-02-20 13:56 - 2017-02-20 13:56 - 00000000 ____D C:\Users\derri\AppData\Local\Publishers
2017-02-20 13:55 - 2017-02-20 15:07 - 00000000 __SHD C:\Users\derri\IntelGraphicsProfiles
2017-02-20 13:55 - 2017-02-20 14:53 - 00000000 ____D C:\Users\derri\AppData\Local\Packages
2017-02-20 13:55 - 2017-02-20 13:55 - 00000000 ____D C:\Users\derri\AppData\Roaming\Synaptics
2017-02-20 13:55 - 2017-02-20 13:55 - 00000000 ____D C:\Users\derri\AppData\Roaming\Motorola Mobility
2017-02-20 13:55 - 2017-02-20 13:55 - 00000000 ____D C:\Users\derri\AppData\Roaming\Adobe
2017-02-20 13:55 - 2017-02-20 13:55 - 00000000 ____D C:\Users\derri\AppData\Local\VirtualStore
2017-02-20 13:55 - 2017-02-20 13:55 - 00000000 ____D C:\Users\derri\AppData\Local\TileDataLayer
2017-02-20 13:54 - 2017-02-20 15:10 - 00000000 ____D C:\Users\derri
2017-02-20 13:54 - 2017-02-20 15:08 - 00000000 ____D C:\Users\derri\AppData\Local\ConnectedDevicesPlatform
2017-02-20 13:54 - 2017-02-20 14:08 - 00000000 ____D C:\Users\derri\AppData\Local\Google
2017-02-20 13:54 - 2017-02-20 13:59 - 00000000 ____D C:\Users\derri\AppData\Roaming\Hewlett-Packard
2017-02-20 13:54 - 2017-02-20 13:54 - 00000020 ___SH C:\Users\derri\ntuser.ini
2017-02-20 13:54 - 2017-02-20 13:54 - 00000000 _SHDL C:\Users\derri\My Documents
2017-02-20 13:54 - 2017-02-20 13:54 - 00000000 _SHDL C:\Users\derri\Documents\My Videos
2017-02-20 13:54 - 2017-02-20 13:54 - 00000000 _SHDL C:\Users\derri\Documents\My Pictures
2017-02-20 13:54 - 2017-02-20 13:54 - 00000000 _SHDL C:\Users\derri\Documents\My Music
2017-02-20 13:54 - 2017-02-16 16:59 - 00000000 ____D C:\Users\derri\AppData\Local\LogMeIn
2017-02-20 13:54 - 2016-09-27 08:32 - 00000000 ____D C:\Users\derri\AppData\Roaming\RealNetworks
2017-02-20 13:54 - 2016-09-27 08:32 - 00000000 ____D C:\Users\derri\AppData\Roaming\Macromedia
2017-02-20 13:54 - 2016-09-27 08:32 - 00000000 ____D C:\Users\derri\AppData\Roaming\hpqLog
2017-02-17 11:28 - 2017-02-17 11:29 - 00179860 _____ C:\Users\Derrick\Downloads\View.pdf
2017-02-16 16:59 - 2017-02-16 16:59 - 00000000 ____D C:\Users\Default\AppData\Local\LogMeIn
2017-02-16 16:59 - 2017-02-16 16:59 - 00000000 ____D C:\Users\Default User\AppData\Local\LogMeIn
2017-02-16 13:05 - 2017-02-16 13:05 - 00000000 ___DC C:\Users\Derrick\Documents\ToupView
2017-02-16 08:24 - 2017-02-16 08:25 - 00044798 ____C C:\Users\Derrick\Downloads\OBGReceipt-Feb162017.pdf
2017-02-14 15:26 - 2017-02-14 15:26 - 00395776 ____C C:\Users\Derrick\Downloads\Schedule Feb 20 LYNN BU.xls
2017-02-13 13:10 - 2017-02-20 12:41 - 00000354 ____C C:\WINDOWS\Tasks\HPCeeScheduleForDerrick.job
2017-02-13 13:10 - 2017-02-17 13:10 - 00003254 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForDerrick
2017-02-13 09:51 - 2017-02-13 09:51 - 00048650 ____C C:\Users\Derrick\Downloads\Customer_Announcement_____TiO2_Supply.pdf
2017-02-08 16:21 - 2017-02-08 16:21 - 00395776 ____C C:\Users\Derrick\Downloads\Schedule Feb 13 LYNN BU.xls
2017-02-08 16:13 - 2017-02-08 16:13 - 00898004 ____C C:\Users\Derrick\Downloads\01-09-2017.pdf
2017-02-08 14:56 - 2017-02-08 14:56 - 00150759 ____C C:\Users\Derrick\Downloads\Ohio Valley Pet Care Pay Appl # 9 RET.pdf
2017-02-08 14:50 - 2017-02-08 14:50 - 00198744 ____C C:\Users\Derrick\Downloads\Ohio Valley Pet Care Pay Appl # 8.pdf
2017-02-08 14:50 - 2017-02-08 14:50 - 00078726 ____C C:\Users\Derrick\Downloads\Ohio Valley Pet Care Pay Appl 8 doc.pdf
2017-02-08 12:35 - 2017-02-08 12:36 - 00001135 ____C C:\Users\Derrick\Desktop\Google Drive.lnk
2017-02-07 22:01 - 2017-02-07 22:02 - 00215991 ____C C:\Users\Derrick\Downloads\00000000000000704643_0705c54b-27b6-4f35-b569-6e3aee257345_02072017.pdf
2017-02-07 21:58 - 2017-02-07 21:58 - 00009105 _____ C:\Users\Derrick\AppData\Local\recently-used.xbel
2017-02-07 21:09 - 2017-02-07 21:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-02-07 10:17 - 2017-02-07 10:17 - 00000000 ____D C:\Users\Derrick\AppData\Local\OMAX
2017-02-07 10:06 - 2017-02-07 10:06 - 00001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToupView.lnk
2017-02-07 10:06 - 2017-02-07 10:06 - 00001050 _____ C:\Users\Public\Desktop\ToupView.lnk
2017-02-07 10:05 - 2017-02-07 10:05 - 00000000 ____D C:\Program Files\OMAX
2017-02-07 09:59 - 2017-02-07 10:00 - 42607056 ____C C:\Users\Derrick\Downloads\A35X-Win-16-08.rar
2017-02-07 09:40 - 2017-02-07 09:40 - 00091286 ____C C:\Users\Derrick\Downloads\33849180 (1).pdf
2017-02-07 09:37 - 2017-02-07 09:37 - 00091286 ____C C:\Users\Derrick\Downloads\33849180.pdf
2017-02-06 23:38 - 2017-02-06 23:38 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-06 23:38 - 2017-02-06 23:38 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-02-06 13:58 - 2017-02-06 13:58 - 00004320 ____C C:\Users\Derrick\Downloads\Inkjet for Packaging_ The Next Revolution-.ics
2017-02-02 10:39 - 2017-02-02 10:39 - 01083316 ____C C:\Users\Derrick\Documents\Schedule Feb 6.pdf
2017-02-01 16:44 - 2017-02-01 16:44 - 00371200 ____C C:\Users\Derrick\Downloads\Schedule Feb 6.xls
2017-02-01 10:42 - 2017-02-01 10:42 - 00300147 ____C C:\Users\Derrick\Downloads\fax-170201112052.pdf
2017-02-01 10:25 - 2017-02-01 10:25 - 02441158 ____C C:\Users\Derrick\Downloads\Taxes.pdf
2017-02-01 08:31 - 2017-02-01 08:31 - 00207095 ____C C:\Users\Derrick\Downloads\00000000000000704643_afe17e7c-9142-4277-b11c-8c7e5fe3422b_02012017.pdf
2017-02-01 08:29 - 2017-02-01 08:30 - 00216657 ____C C:\Users\Derrick\Downloads\00000000000000704643_bc114606-5d3d-4d9c-9269-fe5ae4fa3812_02012017.pdf
2017-01-31 08:39 - 2017-01-31 08:39 - 00131699 ____C C:\Users\Derrick\Downloads\CHECKING_-8582_01312017.pdf
2017-01-30 17:15 - 2017-01-30 17:15 - 00054608 ____C C:\Users\Derrick\Downloads\CHECKING_8582_Monthly_Statement_12132016-01122017 (1).pdf
2017-01-30 17:10 - 2017-01-30 17:10 - 00287003 ____C C:\Users\Derrick\Downloads\CHECKING_8582_Monthly_Statement_12132016-01122017.pdf
2017-01-28 10:10 - 2017-01-28 10:10 - 00375718 ____C C:\Users\Derrick\Downloads\PermaSnap-Installation-Instructions.zip
2017-01-25 11:30 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 11:30 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-21 09:06 - 2016-09-27 08:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 08:00 - 2014-03-20 07:42 - 00000000 __RDC C:\Users\Derrick\Dropbox
2017-02-21 08:00 - 2013-12-03 10:28 - 00000000 __RDC C:\Users\Derrick\Google Drive
2017-02-21 07:59 - 2016-11-03 15:49 - 00000000 ____D C:\ProgramData\LogMeIn
2017-02-21 07:59 - 2016-11-03 15:38 - 00000000 ____D C:\Users\Derrick\AppData\Local\LogMeInIgnition
2017-02-21 07:58 - 2015-08-04 07:15 - 00000000 __RDC C:\Users\Derrick\OneDrive
2017-02-21 07:58 - 2014-05-15 07:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-21 07:57 - 2015-08-04 07:15 - 00000000 _SHDC C:\Users\Derrick\IntelGraphicsProfiles
2017-02-20 15:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-20 15:02 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-20 14:36 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-20 14:29 - 2016-09-27 08:19 - 00000000 ____D C:\Users\Derrick
2017-02-20 14:15 - 2014-06-09 08:16 - 00000000 ___DC C:\Temp
2017-02-20 13:55 - 2013-10-06 15:37 - 00000000 _RHDC C:\Users\Public\AccountPictures
2017-02-20 13:53 - 2016-09-27 08:46 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2017-02-20 13:53 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-02-16 17:11 - 2016-11-26 12:21 - 00000000 ___DC C:\Users\Derrick\AppData\LocalLow\Mozilla
2017-02-16 13:05 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-14 12:54 - 2014-01-03 13:01 - 00000000 ___DC C:\Users\Derrick\.gimp-2.8
2017-02-09 08:29 - 2016-07-08 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2017-02-07 21:58 - 2014-01-03 13:03 - 00000000 ___DC C:\Users\Derrick\AppData\Local\gtk-2.0
2017-02-07 21:09 - 2016-04-25 12:37 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-02-07 10:17 - 2013-08-22 08:25 - 00000144 _____ C:\WINDOWS\win.ini
2017-02-06 15:52 - 2014-12-29 20:40 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-06 15:52 - 2014-12-29 20:40 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-31 14:43 - 2016-06-10 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-27 09:35 - 2016-11-03 15:38 - 00000000 ____D C:\Users\Derrick\AppData\Local\LogMeIn Client
2017-01-25 11:35 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
 
==================== Files in the root of some directories =======
 
2014-03-02 20:16 - 2016-11-15 15:49 - 0011776 ____C () C:\Users\Derrick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-07 21:58 - 2017-02-07 21:58 - 0009105 _____ () C:\Users\Derrick\AppData\Local\recently-used.xbel
2013-12-04 10:19 - 2013-12-04 10:43 - 0000368 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
2016-12-20 08:28 - 2016-12-20 08:28 - 0035224 _____ () C:\Users\Derrick\AppData\Local\Temp\i4jdel0.exe
2016-12-20 08:27 - 2016-12-20 08:27 - 0155729 _____ () C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.dll
2016-12-20 08:27 - 2016-12-20 08:27 - 0008273 _____ (TeamDev Ltd) C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.exe
2016-12-20 08:27 - 2016-12-20 08:27 - 0228864 _____ () C:\Users\Derrick\AppData\Local\Temp\JExplorer64.2.7.1.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-20 07:53
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 21 February 2017 - 11:27 AM

Upload timed out - I don't think this file was included

Attached Files



#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 21 February 2017 - 11:49 AM

dayers11:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 22 February 2017 - 11:20 AM

dayers11:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: The logs show that you have McAfee Security Scan Plus installed. You should read this link to determine if you want to keep this program. If not, please uninstall it via the Control Panel, Add/Remove Programs, or by using the procedure described at this link.

The logs also show that you have SearchLock installed in Firefox. You should read the article at this link to determine if you want to keep this program. DO NOT follow the removal instructions - just let me know whether you wish to keep it. If you don't want to keep this application, then I will remove it for you in a later post.

.

:step2: Please upload the following file(s) individually to VirusTotal.:

  • C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.dll
  • C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.exe
  • C:\Users\Derrick\AppData\Local\Temp\JExplorer64.2.7.1.dll
  • C:\users\derrick\appdata\local\popcorn time\node-webkit\popcorn time.exe
  • C:\Program Files (x86)\FrostWire 5\FrostWire.exe
  • Please press the Scan it! button for each individual file to produce a fresh scan of each file.
  • When the scan completes, please copy and paste the URL/link for the analysis of each file from the top of the VirusTotal screen into your next reply so that I can review the scan results.
  • Repeat until all of the files listed above have been scanned and all URLs/links have been copied into your reply.

.

:step3: The logs show that the Popcorn Time and the Frostwire programs are installed on your computer. These programs are associated with torrent Peer-to-Peer (P2P) media sharing. I would offer some advice for you about P2P programs and other risky surfing practices:

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected.
I would recommend that you uninstall Popcorn Time and FrostWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep them, please do not use them until your computer is cleaned.

.

:step4: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the folder: C:\Users\Derrick\Downloads.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.dll
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.exe
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer64.2.7.1.dll
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\ChromeHTML: ->  <==== ATTENTION
Task: {7D8123A9-D112-4047-9DE8-E9A07F519401} - System32\Tasks\{111916BA-6B3A-4BE7-9931-36A35CB60085} => pcalua.exe -a "C:\Program Files (x86)\PCAcceleratePro\uninstall.exe"
C:\Program Files (x86)\PCAcceleratePro
Task: {05EC3907-8442-404B-AA90-68B3A0166485} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A9F89D0-C6C3-41DB-89F1-CFB860DEA15A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {537084A4-9BA4-4B9C-91B7-969BCE5B4F2C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719FBE51-2F0C-40F8-A7B8-A37838D098BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {726A1BB2-DAE3-4686-BFE0-ED9CA3CDCBC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
File: C:\Users\Derrick\AppData\Roaming\{A4D5926E-8187-FF18-EAB1-D8CA366325F4}\helper.exe
Task: {A11EDF4A-9B1C-4560-ACD5-23CA22D71F14} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AAA0E9E7-427F-4974-AFAB-51ED2F84D18A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B82128CE-DC78-46C3-A616-42BC891CEBFE} - \WPD\SqmUpload_S-1-5-21-1324969244-36133955-666040981-1001 -> No File <==== ATTENTION
Task: {CC3EA39C-76C9-428B-96B6-C3D0AB5AB4B0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CC5DB34F-C545-4DC2-A143-53910EEBA3A0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E1271687-F2E8-46E2-B268-38D222EA8BB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE112B5B-95B5-4CBF-BD65-148ECF1BA688} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
FirewallRules: [{7374418C-76A6-467E-89E1-C9F8B15A3FB7}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{B6DF157B-9DDC-49EE-B81C-7F5AA0CD232E}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
C:\Program Files (x86)\Bench
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log in the folder C:\Users\Derrick\Downloads (Fixlog.txt). Please copy and paste the contents into your reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 22 February 2017 - 02:25 PM

Virus scan logs - had to do them over as my reply was lost in the FRST64 restart.   Note:  No Popcorn or Frostwire as I uninstalled those..

 

Thanks Phil !~

 

https://www.virustotal.com/en/file/60c9f6fa4093c18cc5db0a797c618e1c467549419529ea42234309b85895e582/analysis/

https://www.virustotal.com/en/file/7c37aefae7766137ef85023d5f558b909dd1b2607f4282331ea738d9fc5cafb0/analysis/

https://www.virustotal.com/en/file/e2cf89bb7b864b23fa44045974dd4c37ed38b0f3518c09b56eadc01b4a294281/analysis/

 

Firstlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017
Ran by Derrick (22-02-2017 13:59:39) Run:1
Running from C:\Users\Derrick\Downloads
Loaded Profiles: Derrick (Available Profiles: Derrick & derri)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
 
Winlogon\Notify\igfxcui: igfxdev.dll [X]
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - hxxp://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.dll
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.exe
File: C:\Users\Derrick\AppData\Local\Temp\JExplorer64.2.7.1.dll
HKU\S-1-5-21-1324969244-36133955-666040981-1001\...\ChromeHTML: ->  <==== ATTENTION
Task: {7D8123A9-D112-4047-9DE8-E9A07F519401} - System32\Tasks\{111916BA-6B3A-4BE7-9931-36A35CB60085} => pcalua.exe -a "C:\Program Files (x86)\PCAcceleratePro\uninstall.exe"
C:\Program Files (x86)\PCAcceleratePro
Task: {05EC3907-8442-404B-AA90-68B3A0166485} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0A9F89D0-C6C3-41DB-89F1-CFB860DEA15A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {537084A4-9BA4-4B9C-91B7-969BCE5B4F2C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {719FBE51-2F0C-40F8-A7B8-A37838D098BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {726A1BB2-DAE3-4686-BFE0-ED9CA3CDCBC7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
File: C:\Users\Derrick\AppData\Roaming\{A4D5926E-8187-FF18-EAB1-D8CA366325F4}\helper.exe
Task: {A11EDF4A-9B1C-4560-ACD5-23CA22D71F14} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AAA0E9E7-427F-4974-AFAB-51ED2F84D18A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B82128CE-DC78-46C3-A616-42BC891CEBFE} - \WPD\SqmUpload_S-1-5-21-1324969244-36133955-666040981-1001 -> No File <==== ATTENTION
Task: {CC3EA39C-76C9-428B-96B6-C3D0AB5AB4B0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {CC5DB34F-C545-4DC2-A143-53910EEBA3A0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E1271687-F2E8-46E2-B268-38D222EA8BB5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FE112B5B-95B5-4CBF-BD65-148ECF1BA688} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
FirewallRules: [{7374418C-76A6-467E-89E1-C9F8B15A3FB7}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe
FirewallRules: [{B6DF157B-9DDC-49EE-B81C-7F5AA0CD232E}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe
C:\Program Files (x86)\Bench
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Google => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh => key not found. 
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
 
========================= File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.dll ========================
 
File not signed
MD5: 09A735E20FB497A1CA48581F6D2E84F0
Creation and modification date: 2016-12-20 08:27 - 2016-12-20 08:27
Size: 0155729
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= File: C:\Users\Derrick\AppData\Local\Temp\JExplorer32.2.7.1.exe ========================
 
File not signed
MD5: 0AD879132C6660A1868FC9B1C19C6FA1
Creation and modification date: 2016-12-20 08:27 - 2016-12-20 08:27
Size: 0008273
Attributes: ----A
Company Name: TeamDev Ltd
Internal Name: JNIWrapper
Original Name: JExplorer.exe
Product: JNIWrapper
Description: JExplorer Native Executable
File Version: 2.2
Product Version: 2.2
Copyright: Copyright © 2001-2009, TeamDev Ltd
 
====== End of File: ======
 
 
========================= File: C:\Users\Derrick\AppData\Local\Temp\JExplorer64.2.7.1.dll ========================
 
File not signed
MD5: 9A91CD21695C012F389EA870EE665C62
Creation and modification date: 2016-12-20 08:27 - 2016-12-20 08:27
Size: 0228864
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
HKU\S-1-5-21-1324969244-36133955-666040981-1001_Classes\ChromeHTML => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D8123A9-D112-4047-9DE8-E9A07F519401} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D8123A9-D112-4047-9DE8-E9A07F519401} => key removed successfully
C:\WINDOWS\System32\Tasks\{111916BA-6B3A-4BE7-9931-36A35CB60085} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{111916BA-6B3A-4BE7-9931-36A35CB60085} => key removed successfully
"C:\Program Files (x86)\PCAcceleratePro" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05EC3907-8442-404B-AA90-68B3A0166485} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05EC3907-8442-404B-AA90-68B3A0166485} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A9F89D0-C6C3-41DB-89F1-CFB860DEA15A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A9F89D0-C6C3-41DB-89F1-CFB860DEA15A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{537084A4-9BA4-4B9C-91B7-969BCE5B4F2C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{537084A4-9BA4-4B9C-91B7-969BCE5B4F2C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{719FBE51-2F0C-40F8-A7B8-A37838D098BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{719FBE51-2F0C-40F8-A7B8-A37838D098BF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{726A1BB2-DAE3-4686-BFE0-ED9CA3CDCBC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{726A1BB2-DAE3-4686-BFE0-ED9CA3CDCBC7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
 
========================= File: C:\Users\Derrick\AppData\Roaming\{A4D5926E-8187-FF18-EAB1-D8CA366325F4}\helper.exe ========================
 
"C:\Users\Derrick\AppData\Roaming\{A4D5926E-8187-FF18-EAB1-D8CA366325F4}\helper.exe" => not found.
====== End of File: ======
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A11EDF4A-9B1C-4560-ACD5-23CA22D71F14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A11EDF4A-9B1C-4560-ACD5-23CA22D71F14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAA0E9E7-427F-4974-AFAB-51ED2F84D18A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAA0E9E7-427F-4974-AFAB-51ED2F84D18A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B82128CE-DC78-46C3-A616-42BC891CEBFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82128CE-DC78-46C3-A616-42BC891CEBFE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1324969244-36133955-666040981-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC3EA39C-76C9-428B-96B6-C3D0AB5AB4B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC3EA39C-76C9-428B-96B6-C3D0AB5AB4B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC5DB34F-C545-4DC2-A143-53910EEBA3A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC5DB34F-C545-4DC2-A143-53910EEBA3A0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1271687-F2E8-46E2-B268-38D222EA8BB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1271687-F2E8-46E2-B268-38D222EA8BB5} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE112B5B-95B5-4CBF-BD65-148ECF1BA688} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE112B5B-95B5-4CBF-BD65-148ECF1BA688} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7374418C-76A6-467E-89E1-C9F8B15A3FB7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B6DF157B-9DDC-49EE-B81C-7F5AA0CD232E} => value removed successfully
"C:\Program Files (x86)\Bench" => not found.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:00:42 ====


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 22 February 2017 - 03:34 PM

Dayers11:

You were very prompt! Thank you for the logs. Nothing too serious there - mostly housecleaning, though the files that I asked you to send to VirusTotal to have analyzed can sometimes be nasty. Some files with those names are Backdoor Trojans.  I did not want to alarm you because I did have doubts about whether the files were "bad guys."
 
Glad to hear that Popcorn Time and FrostWire are history. It is a lot safer for your computer that way. :)

What I would like to do next is to run a couple of standard scans for any possible residual malware. I am not convinced that your computer issues are malware-related, though it is possible. So let's rule out that possibility and then subsequently start checking out your computer for hardware and/or software issues.

.

:step1: By the way, your Java is out-of-date, and that is a security vulnerability. You are running Version 8, Update 101. Java is up to Update 121. Please go to the Java website and download the newest version, if you need Java. Personally, I uninstalled it from both of my computers during my malware removal training when I learned how much of a vulnerability it posed to my computers and I have never missed it. Some people do have games, or visit websites, that require Java, so it is up to you whether you want to uninstall or update it. If you keep it, it is recommended that you keep it up to date.

.

:step2: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil

I am not sure whether I will be able to get back to you tomorrow. I have a number of active clients who I am helping and I have to be away from home for a good part of tomorrow. Rest assured if you do not hear back from me tomorrow, I will post on Friday.  Thank you for your patience and understanding.  I did give your logs priority when I saw that there was a possibility of a Backdoor Trojan infecting your computer.  You jumped "my queue." :busy:


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 25 February 2017 - 12:39 PM

dayers11:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#8 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 27 February 2017 - 08:38 AM

Hi Phil,
Sorry, I'm traveling this week and wasn't aware of the time out factor. I will not have access to this computer until Sunday. Can you please give me an extension? I'll post a response as some add I have this completed.
Let me know and I do really appreciate your help!
DA

#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 27 February 2017 - 12:20 PM

DA:

 

Thank you for your post.  No problems.  As long as I know that you are still with me, I will hold your topic open.  A very large percentage of our requests for assistance go "stale", so we have to keep track of those and conclude them, since a Forum utility, called "Logbot", is collecting the stats in this Forum as to how many topics are concluded as "Resolved" or "Stale."

 

You are most welcome for my assistance.  I will hope to hear from you, then, on Sunday or Monday, coming.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 06 March 2017 - 01:48 PM

DA:

 

I am still waiting for your scan logs and information on what you decided to do about your outdated version of Java.  I had expected to hear from you yesterday.

 

Do you still require assistance?

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 March 2017 - 11:33 AM

Hey Phil - sorry, had some log in issues.  More to follow shortly !



#12 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 07 March 2017 - 04:29 PM

Hey Phil - Sorry Eset is taking forever.  I'm going to let it run overnight.  Hopefully the MWB scan wont take as long as that's the AV I use and I have a paid subscription.

D



#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 08 March 2017 - 07:48 AM

D:

 

ESET should not take forever.  Several hours might be necessary if there is a lot to scan and a slow drive/computer.  It could be hung.

 

You could "cold boot" your computer and try again, after exiting ESET.  To do that, "Shut Down" your computer.  When it is powered down, disconnect the power cord from the computer, and then press and hold the power button, like you were trying to turn it on.  This will clear any residuals from the motherboard electronics.  Then reconnect the power cord and start up the computer normally.

 

Have a great day, and good luck.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 dayers11

dayers11
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:08:17 AM

Posted 08 March 2017 - 10:19 AM

Got it.

 

JAVA Updated

 

ESET LOG

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MgAssist.exe.vir a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Derrick\AppData\Local\Chromatic Browser\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Derrick\AppData\Local\torch\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\engompeihknignogifichkicgnnfpnba\1.0\lsdb.js.vir JS/Kryptik.ATB trojan cleaned by deleting
C:\Users\Derrick\.frostwire5\updates\frostwire-6.3.0.windows.fusion.exe a variant of Win32/FusionCore.I potentially unwanted application cleaned by deleting
C:\Users\Derrick\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.02\agent\stub_data\askrt_en.cab a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
C:\Users\Derrick\Downloads\Old Downloads\ccsetup514.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Derrick\Downloads\Old Downloads\GBOptimizerSetup.exe a variant of MSIL/Rebrand.LittleRegClean.E potentially unwanted application cleaned by deleting
C:\Users\Derrick\Downloads\Old Downloads\Unconfirmed 158338.crdownload a variant of Win32/Adware.BitCro.J application deleted
C:\Users\Derrick\Downloads\Old Downloads\Unconfirmed 454984.crdownload Win32/Toolbar.Conduit.A potentially unwanted application cleaned by deleting
C:\Users\Derrick\Downloads\Old Downloads\Downloads\7zip_installer_d1276441.exe a variant of Win32/InstallIQ potentially unwanted application cleaned by deleting
C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application cleaned by deleting
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of MSIL/Toolbar.Linkury.BJ potentially unwanted application cleaned by deleting
C:\Windows\Installer\58fedc3b.msi a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application deleted
C:\Windows\Installer\MSI41DB.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\Installer\MSI7408.tmp a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application cleaned by deleting
C:\Windows\SysWOW64\tasks.dll a variant of Win32/Tasks.A potentially unwanted application cleaned by deleting
 
 
MWB LOG
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/8/2017
Scan Time: 8:08 AM
Logfile: MWB Scanning History Log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.03.08.03
Rootkit Database: v2017.02.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Derrick
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417414
Time Elapsed: 1 hr, 19 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,851 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:17 AM

Posted 08 March 2017 - 10:42 AM

dayers11:
 
Thank you for your ESET and MWB logs.  ESET did find some PUPs (potentially unwanted programs), so I would suggest that we be thorough and run a couple of more standard scans to make sure nothing else is lurking in your computer.  Each malware scanner operates a bit differently and targets different threats.  No one scanner can do it all.
 
.
 
:step1: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

.

:step2: Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt into your next message.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users