Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft Virus scam, antivirus software didn't find anything


  • This topic is locked This topic is locked
27 replies to this topic

#1 seahunter00

seahunter00

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 30 November 2017 - 10:23 AM

I have gotten 2 Microsoft Virus scam alerts in the past few months.  I downloaded a couple of programs to turn .mp4 to .mp3 or to capture audio from Youtube.   I run Webroot, and MalwareBytes and neither showed any issues currently or in the past.  I downloaded AdwCleaner and it could not complete a scan.  I am on Windows 7 so I ran it as an Admin and it still would not scan.  The error was that "a problem caused it to stop working".  Firefox has started to operate very slowly, and other browsers sometimes do not want to even connect to the internet.  I verified that I didn't see any unknown extensions or add ons for each browser, IE, FF and Chrome.  Any assistance is greatly appreciated. Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-11-2017

Ran by David R Chadbourne (administrator) on DRCHOME (30-11-2017 09:04:25)
Running from C:\Users\David R Chadbourne\Downloads
Loaded Profiles: David R Chadbourne (Available Profiles: David R Chadbourne)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\CE\CovenantEyesCommService.exe
(CovenantEyes) C:\Program Files\CE\CovenantEyesProxy.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
() C:\Program Files\CE\authServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\CE\CovenantEyes.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\CE\CovenantEyesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-12] (Conexant Systems, Inc.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-25] ()
HKLM\...\Run: [TpShocks] => C:\Windows\System32\TpShocks.exe [382248 2013-05-10] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293672 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-18] (Synaptics Incorporated)
HKLM\...\Run: [Covenant Eyes] => C:\Program Files\CE\CovenantEyes.exe [13681560 2017-02-15] ()
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-24] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-04-09] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
HKLM-x32\...\Run: [Fastboot] => C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1085744 2012-11-21] (Lenovo)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [1061104 2017-11-09] (Webroot)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\...\MountPoints2: {2c202a3b-983c-11e3-8539-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-10-04]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2017-04-19]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-04-19]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog9 01 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 02 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 03 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 04 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9 15 C:\Windows\SysWOW64\CovenantEyesProxy.dll [372120 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 01 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 02 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 03 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 04 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Winsock: Catalog9-x64 15 C:\Windows\system32\CovenantEyesProxy64.dll [487320 2017-01-23] (CovenantEyes)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{59F06D66-93A8-4285-B77C-A28B35CB4E17}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{85021E3D-D9C3-473E-BE86-27C1C48C3F87}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x64\IEExtension.dll [2017-02-15] (Covenant Eyes)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-19] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2017-11-09] (Webroot)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-11] (Microsoft Corporation)
BHO-x32: Covenant Eyes for Internet Explorer -> {927BD2E1-2287-49D2-AE71-95F492CE662E} -> C:\Program Files\CE\extensions\ie\x86\IEExtension.dll [2017-02-15] (Covenant Eyes)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-19] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2017-11-09] (Webroot)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2017-04-19] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2017-04-19] (Webroot)
 
FireFox:
========
FF DefaultProfile: 7dui8jxy.default-1490754449645-1511966215740
FF ProfilePath: C:\Users\David R Chadbourne\AppData\Roaming\Mozilla\Firefox\Profiles\7dui8jxy.default-1490754449645-1511966215740 [2017-11-29]
FF HKLM\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FF_WEBEX
FF Extension: (Webroot Filtering Extension) - C:\ProgramData\WRData\PKG\FF_WEBEX [2017-11-09]
FF HKLM-x32\...\Firefox\Extensions: [firefox-integrated-extension@covenanteyes.com] - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com
FF Extension: (Covenant Eyes) - C:\Program Files\CE\extensions\firefox\firefox-integrated-extension@covenanteyes.com [2017-03-15] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-10-04] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecurewebextensions@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: (Webroot Filtering Extension - XUL/XPCOM) - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2017-11-09] [Lagacy]
FF HKU\S-1-5-21-1976643129-2488268404-167866191-1002\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-27] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-27] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-06-17] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-13] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\David R Chadbourne\AppData\Roaming\mozilla\plugins\npatgpc.dll [2017-10-31] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr&chn=prev
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default [2017-11-30]
CHR Extension: (Slides) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-13]
CHR Extension: (Docs) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-13]
CHR Extension: (Google Drive) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-13]
CHR Extension: (Covenant Eyes for Google Chrome™) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegkegffcbgpfmemahhkgnbkocmbain [2017-11-25]
CHR Extension: (YouTube) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-13]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2017-11-16]
CHR Extension: (Sheets) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-13]
CHR Extension: (Google Docs Offline) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-25]
CHR Extension: (Norton Safe) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2017-11-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-13]
CHR Extension: (Gmail) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-13]
CHR Extension: (Chrome Media Router) - C:\Users\David R Chadbourne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16]
CHR HKLM-x32\...\Chrome\Extension: [bfegkegffcbgpfmemahhkgnbkocmbain] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 Auth Service; C:\Program Files\CE\authServer.exe [6382488 2017-02-15] ()
R2 CovenantEyesCommService; C:\Program Files\CE\CovenantEyesCommService.exe [7119768 2017-02-15] ()
R2 CovenantEyesProxy; C:\Program Files\CE\CovenantEyesProxy.exe [5245336 2017-01-23] (CovenantEyes)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [160048 2012-11-21] (Lenovo)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187688 2013-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S2 LPlatSvc; C:\Windows\system32\LPlatSvc.exe [710144 2016-07-13] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-02] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-06-17] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-02-04] ()
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-17] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [1061104 2017-11-09] (Webroot)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 cewd64f; C:\Windows\system32\Drivers\cewd64f.sys [44600 2017-01-23] () [File not signed]
R1 cewd64r; C:\Windows\system32\Drivers\cewd64r.sys [55352 2017-01-23] () [File not signed]
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [71472 2012-11-21] (Windows ® Win 7 DDK provider)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-29] (Malwarebytes)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [149632 2013-04-09] (Ricoh co.,Ltd.)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-26] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1480776 2013-02-08] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver_AMDASF.sys [28912 2013-03-18] (Synaptics Incorporated)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [143744 2017-10-15] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [67024 2017-11-09] (Webroot)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-30 09:04 - 2017-11-30 09:05 - 000023324 _____ C:\Users\David R Chadbourne\Downloads\FRST.txt
2017-11-30 09:04 - 2017-11-30 09:04 - 000000000 ____D C:\FRST
2017-11-30 09:03 - 2017-11-30 09:03 - 002391552 _____ (Farbar) C:\Users\David R Chadbourne\Downloads\FRST64.exe
2017-11-29 15:30 - 2017-11-29 15:32 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Local\ElevatedDiagnostics
2017-11-29 09:49 - 2017-11-29 09:49 - 000001245 _____ C:\Users\David R Chadbourne\Desktop\MB 11-29-17.txt
2017-11-29 09:01 - 2017-11-29 09:08 - 000267942 _____ C:\Windows\ntbtlog.txt
2017-11-29 08:59 - 2017-11-29 08:59 - 002375527 _____ C:\Users\David R Chadbourne\Downloads\Unconfirmed 394723.crdownload
2017-11-29 08:58 - 2017-11-29 08:58 - 000000000 _____ C:\Users\David R Chadbourne\Downloads\RogueKiller (1).exe
2017-11-29 08:57 - 2017-11-29 08:57 - 000000000 _____ C:\Users\David R Chadbourne\Downloads\RogueKiller.exe
2017-11-29 08:42 - 2017-11-29 09:43 - 000000000 ____D C:\AdwCleaner
2017-11-29 08:42 - 2017-11-29 08:42 - 008261584 _____ (Malwarebytes) C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
2017-11-18 09:23 - 2017-11-18 09:23 - 000085415 _____ C:\Users\David R Chadbourne\Downloads\US Bills-TOP - 5095.pdf
2017-11-16 14:39 - 2017-11-16 14:39 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Roaming\Google
2017-11-15 00:43 - 2017-10-18 01:31 - 000395976 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-11-15 00:43 - 2017-10-18 00:45 - 000347336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-11-15 00:43 - 2017-10-17 20:06 - 000344064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2017-11-15 00:43 - 2017-10-17 20:06 - 000007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2017-11-15 00:43 - 2017-10-16 17:07 - 001680616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-11-15 00:43 - 2017-10-16 16:34 - 003222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-11-15 00:43 - 2017-10-16 15:55 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-15 00:43 - 2017-10-14 02:38 - 025731584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-11-15 00:43 - 2017-10-14 02:23 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-11-15 00:43 - 2017-10-14 02:23 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-11-15 00:43 - 2017-10-14 02:13 - 002903552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-11-15 00:43 - 2017-10-14 02:12 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-11-15 00:43 - 2017-10-14 02:11 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-15 00:43 - 2017-10-14 02:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-11-15 00:43 - 2017-10-14 02:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-11-15 00:43 - 2017-10-14 02:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-11-15 00:43 - 2017-10-14 02:09 - 005979648 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-11-15 00:43 - 2017-10-14 02:05 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-11-15 00:43 - 2017-10-14 02:04 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-11-15 00:43 - 2017-10-14 02:02 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-11-15 00:43 - 2017-10-14 02:01 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-15 00:43 - 2017-10-14 02:01 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-11-15 00:43 - 2017-10-14 02:01 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-11-15 00:43 - 2017-10-14 02:00 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-11-15 00:43 - 2017-10-14 01:55 - 000968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-11-15 00:43 - 2017-10-14 01:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-11-15 00:43 - 2017-10-14 01:47 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-11-15 00:43 - 2017-10-14 01:47 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-11-15 00:43 - 2017-10-14 01:46 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-11-15 00:43 - 2017-10-14 01:43 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-11-15 00:43 - 2017-10-14 01:43 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-11-15 00:43 - 2017-10-14 01:41 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-11-15 00:43 - 2017-10-14 01:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-11-15 00:43 - 2017-10-14 01:31 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-11-15 00:43 - 2017-10-14 01:30 - 015266816 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-11-15 00:43 - 2017-10-14 01:30 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-11-15 00:43 - 2017-10-14 01:29 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-11-15 00:43 - 2017-10-14 01:28 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-11-15 00:43 - 2017-10-14 01:27 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-11-15 00:43 - 2017-10-14 01:21 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-11-15 00:43 - 2017-10-14 01:14 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-15 00:43 - 2017-10-14 01:09 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-11-15 00:43 - 2017-10-14 01:03 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-15 00:43 - 2017-10-14 00:58 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-11-15 00:43 - 2017-10-14 00:53 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-15 00:43 - 2017-10-14 00:53 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-11-15 00:43 - 2017-10-14 00:52 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-15 00:43 - 2017-10-14 00:52 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-11-15 00:43 - 2017-10-14 00:51 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-11-15 00:43 - 2017-10-14 00:50 - 002293760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-15 00:43 - 2017-10-14 00:47 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-15 00:43 - 2017-10-14 00:47 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-11-15 00:43 - 2017-10-14 00:46 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-15 00:43 - 2017-10-14 00:45 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-15 00:43 - 2017-10-14 00:45 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-11-15 00:43 - 2017-10-14 00:45 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-15 00:43 - 2017-10-14 00:38 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-15 00:43 - 2017-10-14 00:35 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-11-15 00:43 - 2017-10-14 00:35 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-11-15 00:43 - 2017-10-14 00:34 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-11-15 00:43 - 2017-10-14 00:33 - 004542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-15 00:43 - 2017-10-14 00:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-11-15 00:43 - 2017-10-14 00:32 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-15 00:43 - 2017-10-14 00:31 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-15 00:43 - 2017-10-14 00:30 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-11-15 00:43 - 2017-10-14 00:28 - 013680128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-15 00:43 - 2017-10-14 00:25 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-11-15 00:43 - 2017-10-14 00:24 - 000694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-15 00:43 - 2017-10-14 00:23 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-15 00:43 - 2017-10-14 00:23 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-11-15 00:43 - 2017-10-14 00:10 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-15 00:43 - 2017-10-14 00:07 - 001314304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-15 00:43 - 2017-10-14 00:04 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-11-15 00:43 - 2017-10-11 18:58 - 000382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 014635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 012574720 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-11-15 00:43 - 2017-10-11 18:55 - 002319872 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 002222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 002058240 _____ (Microsoft Corporation) C:\Windows\system32\Query.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000151552 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2017-11-15 00:43 - 2017-10-11 18:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2017-11-15 00:43 - 2017-10-11 18:55 - 000005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2017-11-15 00:43 - 2017-10-11 18:40 - 000308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-15 00:43 - 2017-10-11 18:39 - 000591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-11-15 00:43 - 2017-10-11 18:38 - 000249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-11-15 00:43 - 2017-10-11 18:38 - 000113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-11-15 00:43 - 2017-10-11 18:37 - 012574208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-11-15 00:43 - 2017-10-11 18:37 - 011410944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 001549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 001400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 001363968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Query.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-15 00:43 - 2017-10-11 18:37 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-15 00:43 - 2017-10-11 18:26 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-11-15 00:43 - 2017-10-11 18:26 - 000164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-11-15 00:43 - 2017-10-11 18:25 - 000086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-11-15 00:43 - 2017-10-11 18:25 - 000009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-11-15 00:43 - 2017-10-11 18:24 - 000008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2017-11-15 00:43 - 2017-10-11 18:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2017-11-15 00:43 - 2017-10-11 18:24 - 000004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2017-11-15 00:43 - 2017-10-11 18:20 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-15 00:43 - 2017-10-11 18:16 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000995272 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-11-15 00:43 - 2017-09-07 07:05 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-11-15 00:42 - 2017-10-17 20:34 - 000134376 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-11-15 00:42 - 2017-10-17 20:30 - 000605184 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-15 00:42 - 2017-10-15 16:04 - 000407392 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 002023936 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2017-11-15 00:42 - 2017-10-04 07:04 - 001570304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 000670208 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 000603648 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 000370688 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-11-15 00:42 - 2017-10-04 07:04 - 000181760 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-11-14 17:44 - 2017-11-14 17:44 - 013564331 _____ C:\Users\David R Chadbourne\Downloads\USCCA_Concealed-Carry-Guide.pdf
2017-11-13 08:39 - 2017-11-15 16:51 - 000002206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-13 08:39 - 2017-11-15 16:51 - 000002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-13 08:38 - 2017-11-13 13:44 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-13 08:38 - 2017-11-13 13:44 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-13 08:38 - 2017-11-13 08:47 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Local\Google
2017-11-13 08:38 - 2017-11-13 08:39 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-13 08:38 - 2017-11-13 08:38 - 001130328 _____ (Google Inc.) C:\Users\David R Chadbourne\Downloads\ChromeSetup.exe
2017-11-03 17:08 - 2017-11-03 17:08 - 000088506 _____ C:\Users\David R Chadbourne\Downloads\TWCCorrespondence.pdf
2017-11-02 05:29 - 2017-11-02 05:29 - 000011356 _____ C:\Users\David R Chadbourne\Documents\Budget.xlsx
2017-10-31 13:31 - 2017-10-31 13:32 - 003941876 _____ C:\Users\David R Chadbourne\Documents\LinkedIn Basics DH.ucf
2017-10-31 12:32 - 2017-10-31 12:32 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Roaming\webex
2017-10-31 12:31 - 2017-11-02 10:31 - 000000000 ____D C:\Users\David R Chadbourne\AppData\LocalLow\WebEx
2017-10-31 12:31 - 2017-10-31 12:32 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Local\WebEx
2017-10-31 12:31 - 2017-10-31 12:32 - 000000000 ____D C:\ProgramData\WebEx
2017-10-31 12:31 - 2017-10-31 12:31 - 001052952 _____ (Cisco WebEx LLC) C:\Users\David R Chadbourne\Downloads\Cisco_WebEx_Add-On.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-11-30 07:50 - 2009-07-13 22:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-30 07:50 - 2009-07-13 22:45 - 000034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-29 20:03 - 2017-02-02 21:32 - 000000000 ____D C:\ProgramData\WRData
2017-11-29 10:56 - 2016-08-22 20:59 - 000000000 ____D C:\Users\David R Chadbourne\Documents\My Music 2
2017-11-29 09:45 - 2016-07-23 16:24 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Local\CrashDumps
2017-11-29 09:30 - 2016-12-04 14:25 - 000000000 ____D C:\Users\David R Chadbourne\AppData\LocalLow\Mozilla
2017-11-29 09:17 - 2009-07-13 23:13 - 000781790 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-29 09:17 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2017-11-29 09:12 - 2017-03-15 11:30 - 000017016 _____ C:\Windows\SysWOW64\CovenantEyesProxyOff.ini
2017-11-29 09:12 - 2017-03-15 11:30 - 000017016 _____ C:\Windows\system32\CovenantEyesProxyOff.ini
2017-11-29 09:10 - 2017-10-10 07:16 - 000252232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2017-11-29 09:10 - 2017-02-02 21:32 - 000182192 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2017-11-29 09:10 - 2017-02-02 21:32 - 000114672 _____ (Webroot) C:\Windows\system32\WRusr.dll
2017-11-29 09:10 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-29 08:37 - 2017-03-28 20:26 - 000000000 ____D C:\Users\David R Chadbourne\Desktop\Old Firefox Data
2017-11-25 19:42 - 2016-08-22 20:14 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Roaming\Nitro PDF
2017-11-25 09:40 - 2016-11-17 22:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-11-25 09:40 - 2016-07-23 14:44 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 09:43 - 2017-01-06 16:01 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-16 09:42 - 2017-01-06 16:00 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-11-16 09:31 - 2016-07-23 14:44 - 000000000 ____D C:\Users\David R Chadbourne\AppData\Roaming\Mozilla
2017-11-15 17:17 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\rescache
2017-11-15 16:28 - 2009-07-13 22:45 - 000435512 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-15 16:25 - 2016-07-25 21:03 - 000000000 ____D C:\Windows\system32\appraiser
2017-11-15 16:06 - 2016-07-25 20:26 - 000774404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-09 17:01 - 2017-02-02 21:33 - 000067024 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2017-11-02 10:00 - 2016-08-22 20:22 - 000000000 ____D C:\Users\David R Chadbourne\Documents\Resumes
 
==================== Files in the root of some directories =======
 
2016-08-15 17:02 - 2017-04-19 19:23 - 018102328 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-07-23 13:45 - 2016-08-15 20:38 - 000005042 _____ () C:\Users\David R Chadbourne\AppData\Roaming\AbsoluteReminder.xml
2016-08-15 18:17 - 2016-08-15 18:17 - 000007605 _____ () C:\Users\David R Chadbourne\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
2017-10-04 10:08 - 2017-10-04 10:10 - 219873664 _____ () C:\Users\David R Chadbourne\AppData\Local\Temp\HPInstaller.exe
2011-03-14 06:31 - 2011-03-14 06:31 - 000149352 ____R (Microsoft Corporation) C:\Users\David R Chadbourne\AppData\Local\Temp\ose00000.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\drivers\cewd64f.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
C:\Windows\system32\drivers\cewd64r.sys -> MD5 = D41D8CD98F00B204E9800998ECF8427E (0-byte MD5) <======= ATTENTION
 
LastRegBack: 2017-11-29 00:39
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 30 November 2017 - 10:25 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-11-2017
Ran by David R Chadbourne (30-11-2017 09:05:44)
Running from C:\Users\David R Chadbourne\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-23 19:44:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1976643129-2488268404-167866191-500 - Administrator - Disabled)
David R Chadbourne (S-1-5-21-1976643129-2488268404-167866191-1002 - Administrator - Enabled) => C:\Users\David R Chadbourne
Guest (S-1-5-21-1976643129-2488268404-167866191-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1976643129-2488268404-167866191-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.19 - Absolute Software)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20044 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Flash Player 26 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
AIO_Scan (HKLM-x32\...\{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{82AA393A-8CF8-A2B7-EA09-88D39D151ABC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AuthenTec Fingerprint Driver (HKLM\...\{89585C33-E934-463E-91E1-B0CF090FEC53}) (Version: 1.6.2.352 - AuthenTec) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (HKLM-x32\...\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation) Hidden
C4200 (HKLM-x32\...\{1B7D12BE-D1D8-4CCE-A01B-43CAFF8ECA9B}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c4200_Help (HKLM-x32\...\{E65CA2A8-1F2A-4400-AE55-FFD43D3B6980}) (Version: 82.0.210.000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1976643129-2488268404-167866191-1002\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.48.0 - Conexant)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (HKLM-x32\...\{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.6.406 - Corel Inc.)
Covenant Eyes (HKLM-x32\...\{5AC5ED2E-2936-4B54-A429-703F9034938E}) (Version: 7.2.41 - Covenant Eyes, Inc.)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Direct DiscRecorder (HKLM-x32\...\{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
Direct DiscRecorder (HKLM-x32\...\InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}) (Version: 1.00.0000 - Corel Corporation) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{14BC5667-22B0-4DC4-8205-597053BBDDC9}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (HKLM-x32\...\{681B698F-C997-42C3-B184-B489C6CA24C9}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (HKLM-x32\...\{D79113E7-274C-470B-BD46-01B10219DF6A}) (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.0.0.27 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.27 - RICOH)
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.01 - )
Lenovo Patch Utility (HKLM-x32\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{47C4D20F-1A75-44F4-BF51-479C3119BEEF}) (Version: 1.3.2.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.14 - Lenovo) Hidden
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.3 - Lenovo Inc.)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0007 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}) (Version: 3.1.0022.00 - Lenovo Group Limited)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Message Center Plus (HKLM\...\{3849486C-FF09-4F5D-B491-3E179D58EE15}) (Version: 3.1.0004.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nitro Pro 8 (HKLM\...\{07E55FB8-966C-4FA5-815D-D1F5AC8B1D87}) (Version: 8.5.5.2 - Nitro)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.72.00 - )
OverDrive for Windows (HKLM-x32\...\{FF27E73D-C30A-4F32-B2D7-22069F01DDB9}) (Version: 3.6.0 - OverDrive, Inc.)
Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.32 - )
PowerXpressHybrid (HKLM-x32\...\{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PS_AIO_Software_min (HKLM-x32\...\{5F8D5450-5BD8-4B8A-A1DE-8326C0395D5D}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
RapidBoot HDD Accelerator (HKLM-x32\...\Fastboot) (Version: 1.0.5.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29005 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0208 - REALTEK Semiconductor Corp.)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (HKLM-x32\...\{DC635845-46D3-404B-BCB1-FC4A91091AFA}) (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.80.99066 - SugarSync, Inc.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.3 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.20 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.0.44.0 - Lenovo)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.18.44 - Webroot)
Windows Driver Package - Lenovo 1.65.05.21 (01/11/2012 1.65.05.21) (HKLM\...\FD2ED46D31CE7DF190049D079E92DE03D347A634) (Version: 01/11/2012 1.65.05.21 - Lenovo)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-06-17] (Nitro PDF)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ContextMenuHandlers1: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-11-29] (Webroot)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2013-04-24] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-30] (Malwarebytes)
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-09-18] (SugarSync, Inc.)
ContextMenuHandlers6: [WRShellExt] -> {69D72956-317C-44bd-B369-8E44D4EF9802} => C:\Windows\system32\WRusr.dll [2017-11-29] (Webroot)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {021FC89B-03A6-435A-AE72-9389FFFCC95D} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2012-05-15] (Lenovo Group Limited)
Task: {3B234B5D-14C2-494B-881A-9B1A867D86B1} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {45822919-A45F-4441-BE82-0D7E3448CE5D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {48D20A3F-5D86-40AF-A76C-C466CDB86442} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-02-04] ()
Task: {564A5CC6-2256-4943-A58A-43262E4DE42B} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {625875EC-E6A7-41C4-92CD-7D81D5531F50} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {8FAA031E-31D6-410D-8112-0144BF9C375A} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2012-05-15] (Lenovo)
Task: {91044BC0-09F3-47CE-AD35-0FE2709253CD} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {9F522259-6D10-4E29-9426-C98E36F2C47A} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-02] ()
Task: {B0710BC3-5111-423C-BBBA-640C8582B59A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {B98E905D-1BB3-45A0-9FE0-E2B79808FAD9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-13] (Google Inc.)
Task: {DE42BA7D-311B-4EB6-940C-D73D933E592D} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-02] (Lenovo)
Task: {DFB60ABA-4C48-4D6C-B13E-310261FE8B1A} - System32\Tasks\Dolby => c:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {EF1EABC9-1767-4528-977D-B318E57BFFE1} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {F006D6A2-1E6F-479E-867F-7A92A6E14198} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-13] (Google Inc.)
Task: {F6FD8D18-2977-4E7B-8F20-8B9C74556D19} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-02] (Lenovo)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-15 11:30 - 2017-02-15 11:53 - 007119768 _____ () C:\Program Files\CE\CovenantEyesCommService.exe
2017-03-15 11:30 - 2017-02-15 11:52 - 006382488 _____ () C:\Program Files\CE\authServer.exe
2017-10-10 07:16 - 2017-10-04 12:15 - 002289096 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2011-03-16 23:07 - 2011-03-16 23:07 - 004297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-02-17 19:48 - 2012-05-15 15:32 - 000093696 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2014-02-17 19:44 - 2010-10-25 22:40 - 000049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2017-03-15 11:30 - 2017-02-15 11:55 - 013681560 _____ () C:\Program Files\CE\CovenantEyes.exe
2017-03-15 11:30 - 2017-02-15 11:53 - 002655640 _____ () C:\Program Files\CE\nmsvc.dll
2017-03-15 11:30 - 2017-02-15 11:47 - 000407960 _____ () C:\Program Files\CE\nmsvTree.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-15 11:30 - 2017-02-15 11:54 - 011126168 _____ () C:\Program Files\CE\CovenantEyesHelper.exe
2017-11-15 16:51 - 2017-11-10 03:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-11-15 16:51 - 2017-11-10 03:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-09-11 13:44 - 2017-09-11 13:44 - 000235832 _____ () C:\Program Files\iTunes\libxslt.dll
2014-02-17 19:55 - 2012-11-21 03:49 - 000033072 _____ () C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBServiceps.dll
2014-02-17 19:49 - 2011-08-02 22:58 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-02-17 19:49 - 2011-08-02 22:58 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2011-03-16 23:11 - 2011-03-16 23:11 - 004297568 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 008801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 000080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Auth Service => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64f.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\cewd64r.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesCommService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CovenantEyesProxy => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 000000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1530DDAD-F74A-47C1-ABEF-88A42010F0B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77B8B501-F9A3-47D3-A0A7-19B0AE472DE6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E66AE1A4-EEB9-4B78-8DEB-BB05E9DA2FF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B29A4AC6-68A7-47BC-9631-5D7FF4978C37}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D00837CB-59C1-43FE-AB1D-D7369AFF40D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B13881C2-92F1-462D-A556-E93926E7F741}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0BD5F463-3425-4C6E-8E6D-F5FA40197964}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{89658285-1A3F-421A-9B8E-14243A025903}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{96E9A409-4254-4E7B-9DD1-6829E7CD0547}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{06DAFEFD-4C35-4795-909E-A918AD181B56}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{F886F6C4-F354-4DD7-8001-1C89B21F277D}] => (Allow) C:\Users\David R Chadbourne\AppData\Local\Temp\7zS1D76\HPDiagnosticCoreUI.exe
FirewallRules: [{472975D4-92DA-4760-BB6F-BA10CB928F99}] => (Allow) C:\Users\David R Chadbourne\AppData\Local\Temp\7zS1D76\HPDiagnosticCoreUI.exe
FirewallRules: [{AF8F2A50-8150-492A-98A2-30A97E380EAB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{225F003E-953D-4844-91AC-7100AA88CA2D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{88A5ABC0-535A-47F5-80CA-D8914DE95DC4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{51214F3D-7061-4D7E-8232-B2EA6344FA6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{34A13FD9-BFDD-4C2E-8ECF-251D5EE69E0C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{3007F9B9-256F-43AE-B332-B632C1A605F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C7FD98A2-0AAC-40D1-8DAC-73DADBCEC953}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{7631C58A-9273-4C57-962D-AA780BBBB0DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{F5ABD807-A671-443E-A969-9141C1DC6902}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0FBD2547-A0A7-46E5-A83C-44D24106026B}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{34E62AF7-70E0-4B8F-B963-4B54061CCB0E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{673FF6C0-6481-4C64-920A-E5D407CC6A03}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{749D175C-C4C8-40E7-AA0C-798A472692CA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{84A02F49-F2C1-4960-9223-69DC2788226C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{962BA6E4-C362-404B-8678-8E6FF6F39F20}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{67ECDC3D-7874-47E4-A99E-C2998A6D91F1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E7D26DBE-B092-4061-A9F9-781E3BB80BA7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F405A3BF-1739-42E7-8796-800713084301}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{5FA6F852-964B-44A6-AA9E-DFB8B4DD8782}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{505373A7-EB24-4B1C-8577-41FFBA394AD5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FDE8DF46-D9C0-4A56-8DCD-7479F7839152}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8130C693-B1C1-4105-9CFC-B202D2CE2CD7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{327A9AEA-A0ED-40FF-A231-A50EE557E549}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{1D184170-0327-4578-B69D-79AD867033B2}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
FirewallRules: [{08B27C6A-7550-4A03-8148-B59EAE9C8D58}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
 
==================== Restore Points =========================
 
30-11-2017 00:00:01 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/29/2017 09:44:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00780051
Faulting process id: 0x1674
Faulting application start time: 0x01d36928d5ef41cb
Faulting application path: C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
Faulting module path: unknown
Report Id: 40b8ad8e-d51c-11e7-ae64-201a06c513a4
 
Error: (11/29/2017 09:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00780051
Faulting process id: 0x1658
Faulting application start time: 0x01d369252e28d071
Faulting application path: C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
Faulting module path: unknown
Report Id: 795d69c0-d518-11e7-ae64-201a06c513a4
 
Error: (11/29/2017 09:11:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/29/2017 09:02:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/29/2017 08:53:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a16
Exception code: 0xc0000005
Fault offset: 0x00038993
Faulting process id: 0x750
Faulting application start time: 0x01d36921aea03d3d
Faulting application path: C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 0da59200-d515-11e7-9875-201a06c513a4
 
Error: (11/29/2017 08:45:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00780051
Faulting process id: 0x167c
Faulting application start time: 0x01d36920a1a72796
Faulting application path: C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
Faulting module path: unknown
Report Id: ed7c4e8b-d513-11e7-9875-201a06c513a4
 
Error: (11/29/2017 08:43:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_7.0.4.0.exe, version: 7.0.4.0, time stamp: 0x59f3de9c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00780051
Faulting process id: 0x16fc
Faulting application start time: 0x01d36920595f4f66
Faulting application path: C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
Faulting module path: unknown
Report Id: ae0a3f10-d513-11e7-9875-201a06c513a4
 
Error: (11/29/2017 08:30:45 AM) (Source: BugSplat) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (11/29/2017 08:25:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/28/2017 02:48:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/30/2017 06:01:02 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/29/2017 11:04:17 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/29/2017 06:23:02 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/29/2017 06:00:47 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/29/2017 04:53:02 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
 
Error: (11/29/2017 10:50:44 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "DRCHOME        :0" could not be registered on the interface with IP address 192.168.1.149.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (11/29/2017 09:57:15 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "DRCHOME        :0" could not be registered on the interface with IP address 192.168.1.149.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (11/29/2017 09:57:11 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "DRCHOME        :0" could not be registered on the interface with IP address 192.168.1.149.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (11/29/2017 09:49:45 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "DRCHOME        :0" could not be registered on the interface with IP address 192.168.1.149.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
Error: (11/29/2017 09:49:41 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "DRCHOME        :0" could not be registered on the interface with IP address 192.168.1.149.
The computer with the IP address 192.168.1.1 did not allow the name to be claimed by
this computer.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-5350M APU with Radeon™ HD Graphics 
Percentage of memory in use: 22%
Total physical RAM: 15512.75 MB
Available physical RAM: 12038.34 MB
Total Virtual: 31023.69 MB
Available Virtual: 27289.48 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:278.53 GB) (Free:30.66 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Backup Plus Drive) (Fixed) (Total:931.51 GB) (Free:287.68 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:18.09 GB) (Free:5.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 42ABBB6F)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 9BDA0519)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 03 December 2017 - 09:18 AM

Greetings seahunter00 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
C:\AdwCleaner
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the Windows Key + R on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Download a fresh copy of AdwCleaner and attempt to run it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached System Summary report
  • AdwCleaner?
  • Update on computer behavior

Edited by Oh My!, 03 December 2017 - 03:04 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 05 December 2017 - 05:48 PM

Hey Gary, my name is Dave. Thank you for your assistance. Here is the Fix Log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by David R Chadbourne (04-12-2017 17:13:36) Run:1
Running from C:\Users\David R Chadbourne\Downloads
Loaded Profiles: David R Chadbourne (Available Profiles: David R Chadbourne)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\AdwCleaner
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
cmd: netsh winsock reset catalog
cmd: netsh int ip reset C:\resettcpip.txt
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state ON
cmd: Bitsadmin /Reset /Allusers
cmd: ipconfig /flushdns
Removeproxy:
emptytemp:
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\AdwCleaner => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found
 
========= netsh winsock reset catalog =========
 
Access is denied.
 
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {E7C65FB1-32B0-48F1-B008-4E9E314DD0D7}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1976643129-2488268404-167866191-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34661192 B
Java, Flash, Steam htmlcache => 563 B
Windows/system/drivers => 106445446286 B
Edge => 0 B
Chrome => 420500859 B
Firefox => 19031981 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66356 B
LocalService => 0 B
NetworkService => 628308 B
David R Chadbourne => 1526147507 B
 
RecycleBin => 0 B
EmptyTemp: => 101 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 17:15:20 ====
 
I tried to run ADW Cleaner and got the same message "ADWCleaner has stopped working. A problem caused the program to stop working. Windows will close the program and notify you if a solution is available."  I ran it as an Admin and normally. 
 
Computer has been working properly.

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 05 December 2017 - 09:00 PM

Hi Dave.

Thanks for the information.

Delete the existing AdwCleaner program.

Try this older version of the program. If/when it tells you it is out of date decline the update. Let me know if it runs.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 06 December 2017 - 06:45 PM

Gary,

 

I tried that version and it had the same issue and same message as the program closed.  It always gets past the updates and it closes down when it starts the heuristic analysis.  Hope that helps.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 06 December 2017 - 09:20 PM

When you open AdwCleaner click Tools, Options, then select Debug. Click OK then run it. If you have problems, locate and attach the following file to your reply.

C:\AdwCleaner\AdwCleaner_Debug.log

Following this please attempt to run the program in Safe Mode and bypass any database updates.

Edited by Oh My!, 06 December 2017 - 09:23 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 07 December 2017 - 01:43 PM

Gary,

 

Attached is the Debug log.  I booted into Safe Mode and ran two versions of the ADW Cleaner and had the exact same result.  this time in Safe Mode they just closed down, I didn't get the message.

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 07 December 2017 - 09:00 PM

Thank you for the log. You may end up needing to post a topic in the Malwarebytes Forum but let's try something.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search: box
*adwcleaner*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 08 December 2017 - 11:12 AM

Gary,

 

The log is below.

 

Farbar Recovery Scan Tool (x64) Version: 07-12-2017
Ran by David R Chadbourne (08-12-2017 09:56:26)
Running from C:\Users\David R Chadbourne\Downloads
Boot Mode: Normal
 
================== Search Files: "*adwcleaner*" =============
 
C:\Windows\Prefetch\ADWCLEANER.EXE-74BFADC3.pf
[2017-12-05 16:34][2017-12-07 12:13] 000065024 _____ () B32DD248F78ABCBE1FBEFDAC9C96BFC1 [File not signed]
 
C:\Users\David R Chadbourne\Downloads\AdwCleaner.exe
[2017-12-05 16:32][2017-12-05 16:33] 008172032 _____ (Malwarebytes) 949CD8ABBA63486A1C22B93FF8815395 [File not signed]
 
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.1.0.exe
[2017-12-06 17:32][2017-12-06 17:33] 008160720 _____ (Malwarebytes) 8D099D63E7F3C20600ADE80A86D06ACF [File is digitally signed]
 
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
[2017-11-29 08:42][2017-11-29 08:42] 008261584 _____ (Malwarebytes) A90DF75D527EB7B804A5FFA53450AB88 [File is digitally signed]
 
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner.lnk
[2017-12-07 12:15][2017-12-07 12:41] 000000490 _____ () DAD34CFB1E526A13326330B0EB734DB0 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner_Debug.lnk
[2017-12-07 12:15][2017-12-07 12:41] 000000695 _____ () 06F114F1DEBF0A0A2D7EB94E9568B6C5 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.3088.dmp
[2017-12-05 16:36][2017-12-05 16:36] 000958065 _____ () 50AC549196F85A282D5AE7F1C89C3BA3 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.3448.dmp
[2017-12-07 12:14][2017-12-07 12:14] 000947987 _____ () A70C24100866E0082D0989C4DBF8D214 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.7528.dmp
[2017-12-05 16:42][2017-12-05 16:42] 000949099 _____ () B89DA7D845686BEC2F8D3CEF4389290D [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.8176.dmp
[2017-12-05 16:45][2017-12-05 16:45] 000952755 _____ () AA6A5CAE4A46729F14C56B5C9CEFF958 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.7568.dmp
[2017-12-06 17:38][2017-12-06 17:38] 000942996 _____ () 224D05EC0B6D10A3D85BC0E532EFD68C [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.764.dmp
[2017-12-06 17:36][2017-12-06 17:36] 000950279 _____ () 00EF934829D6963492A2C7153AA95E34 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.1872.dmp
[2017-11-29 08:57][2017-11-29 08:57] 000950324 _____ () DE74DC229D7E25B7E995C10BC33B3C63 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5720.dmp
[2017-11-29 09:18][2017-11-29 09:18] 000951752 _____ () 9E4CF0297F248326760964189C478D11 [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5748.dmp
[2017-11-29 09:45][2017-11-29 09:45] 000930660 _____ () F023C5FD3AF9F43A482F64B068A4D0BA [File not signed]
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5756.dmp
[2017-11-29 08:45][2017-11-29 08:45] 000952121 _____ () 90E425D0FB638AF64780270C86DA2D48 [File not signed]
 
C:\AdwCleaner\AdwCleaner_Debug.log


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 08 December 2017 - 09:06 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
C:\Windows\Prefetch\ADWCLEANER.EXE-74BFADC3.pf
C:\Users\David R Chadbourne\Downloads\AdwCleaner.exe
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.1.0.exe
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner.lnk
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner_Debug.lnk
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.*.dmp
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.*.dmp
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.*.dmp
C:\AdwCleaner
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Download a fresh version of AdwCleaner and attempt to run it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner run?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 11 December 2017 - 10:18 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 11 December 2017 - 11:30 AM

Gary,

 

ADW Cleaner had the same issues. I tried the newest version and the old one. Below is the log.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-12-2017
Ran by David R Chadbourne (11-12-2017 09:56:25) Run:2
Running from C:\Users\David R Chadbourne\Downloads
Loaded Profiles: David R Chadbourne (Available Profiles: David R Chadbourne)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Windows\Prefetch\ADWCLEANER.EXE-74BFADC3.pf
C:\Users\David R Chadbourne\Downloads\AdwCleaner.exe
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.1.0.exe
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner.lnk
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner_Debug.lnk
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.*.dmp
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.*.dmp
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.*.dmp
C:\AdwCleaner
emptytemp:
 
*****************
 
"C:\Windows\Prefetch\ADWCLEANER.EXE-74BFADC3.pf" => not found.
C:\Users\David R Chadbourne\Downloads\AdwCleaner.exe => moved successfully
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.1.0.exe => moved successfully
C:\Users\David R Chadbourne\Downloads\adwcleaner_7.0.4.0.exe => moved successfully
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner.lnk => moved successfully
C:\Users\David R Chadbourne\AppData\Roaming\Microsoft\Windows\Recent\AdwCleaner_Debug.lnk => moved successfully
 
=========== "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.*.dmp" ==========
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.3088.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.3448.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.7528.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.8176.dmp => moved successfully
 
========= End -> "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\AdwCleaner.exe.*.dmp" ========
 
 
=========== "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.*.dmp" ==========
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.7568.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.764.dmp => moved successfully
 
========= End -> "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.1.0.exe.*.dmp" ========
 
 
=========== "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.*.dmp" ==========
 
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.1872.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5720.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5748.dmp => moved successfully
C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.5756.dmp => moved successfully
 
========= End -> "C:\Users\David R Chadbourne\AppData\Local\CrashDumps\adwcleaner_7.0.4.0.exe.*.dmp" ========
 
C:\AdwCleaner => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4246468 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 883131504 B
Edge => 0 B
Chrome => 301714812 B
Firefox => 16149230 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3276 B
David R Chadbourne => 9141532 B
 
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 09:59:01 ====


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:58 AM

Posted 11 December 2017 - 01:13 PM

Please obtain the debug report again.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 seahunter00

seahunter00
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 12 December 2017 - 03:55 PM

Gary,

 

Here is the Debug Log

 

2017-12-12 14:52:30.022 DEBUG [5220] [MainUI::buttonScanClicked@294] [i] Scan button clicked (-31986)
2017-12-12 14:52:30.037 DEBUG [8432] [MainUI::Entry@1277] [+] Checking for update...
2017-12-12 14:52:31.842 DEBUG [8432] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-12-12 14:52:31.842 DEBUG [8432] [AdwCleanerSDK::checkCA@289] [!] Issuer OK
2017-12-12 14:52:31.842 DEBUG [8432] [AdwCleanerSDK::checkCA@272] OID: 1.2.840.113549.1.1.1
2017-12-12 14:52:31.842 DEBUG [8432] [AdwCleanerSDK::checkCA@289] [!] Issuer OK
2017-12-12 14:52:32.029 DEBUG [8432] [AdwCleanerSDK::GetVersionServer@393] [+] Last version: 7.0.5.0
2017-12-12 14:52:32.029 DEBUG [8432] [AdwCleanerSDK::CompareVersion@429] [i] Current version: 7.0.5.0 | Latest version: 7.0.5.0
2017-12-12 14:52:32.029 DEBUG [8432] [MainUI::Entry@1297] [+] Initialize Scan...
2017-12-12 14:52:32.045 DEBUG [8432] [MainUI::Entry@1338] [+] Updating database.
2017-12-12 14:52:33.079 DEBUG [8432] [AdwCleanerSDK::Database::Database::checkUpdate@1250] [+] 1...
2017-12-12 14:52:33.079 DEBUG [8432] [AdwCleanerSDK::Database::Database::checkUpdate@1256] [i] SUCCESS
2017-12-12 14:52:33.079 DEBUG [8432] [AdwCleanerSDK::Database::Database::checkUpdate@1259] [+] Checking for fresh definitions
2017-12-12 14:52:33.148 DEBUG [8432] [AdwCleanerSDK::Database::Database::loadnonce@278] [+] Nonce fresh: e20c31fe1e0254c1
2017-12-12 14:52:33.148 DEBUG [8432] [AdwCleanerSDK::Database::Database::loadnonce@279] [+] Nonce unfresh: 81545e331476f1f3
2017-12-12 14:52:33.148 DEBUG [8432] [AdwCleanerSDK::Database::Database::checkUpdate@1262] [!] Updates available!
2017-12-12 14:52:33.148 DEBUG [8432] [AdwCleanerSDK::Database::Database::update@1124] [+] Updating definitions
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1093] [i] OID: 1.2.840.113549.1.1.1
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1094] 0
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1110] [!] Issuer OK
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1093] [i] OID: 1.2.840.113549.1.1.1
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1094] 4
2017-12-12 14:52:33.164 DEBUG [8432] [checkCA@1110] [!] Issuer OK
2017-12-12 14:52:33.241 DEBUG [8432] [AdwCleanerSDK::Database::Database::update@1181] [!] Downloading...
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::update@1233] [i] Done
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::update@1240] [i] DB stored in C:\AdwCleaner
2017-12-12 14:52:33.849 DEBUG [8432] [MainUI::Entry@1388] [+] Doing some magic.
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::gennonce@1044] [+] DB loading (1)
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::gennonce@1059] Success
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::genkey@26] [+] DB loading (2)
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::genkey@108] Success
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1422] [i] 2 - SUCCESS
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1439] [i] 4 - SUCCESS
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1454] [i] 5 - SUCCESS
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1467] [i] 6 - SUCCESS
2017-12-12 14:52:33.849 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1472] 7...
2017-12-12 14:52:33.865 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1477] 0
2017-12-12 14:52:33.865 DEBUG [8432] [AdwCleanerSDK::Database::Database::decrypt@1502] [i] Magic done.
2017-12-12 14:52:33.865 DEBUG [8432] [AdwCleanerSDK::Database::Database::decompress@1278] [+] Loading the database (4) 
2017-12-12 14:52:33.865 DEBUG [8432] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1022] 12-11-2017.1
2017-12-12 14:52:33.865 DEBUG [8432] [AdwCleanerSDK::Database::Database::LoadHeaderFromJson@1030] 0
2017-12-12 14:52:53.397 DEBUG [8432] [MainUI::Entry@1426] [+] Starting scan.
2017-12-12 14:52:53.397 DEBUG [8432] [MainUI::Entry@1430] [+] Scanning for Generics.
2017-12-12 14:52:53.413 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::ProgramFiles@1743] [Heuristics]-1-
2017-12-12 14:52:53.678 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::AppDataCommonDir@2004] [Heuristics]-2-
2017-12-12 14:52:53.803 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::AppDataDir@2100] [Heuristics]-3-
2017-12-12 14:52:53.865 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::Installer@2295] [Heuristics]-4-
2017-12-12 14:52:54.037 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::Folders@2345] [Heuristics]-5-
2017-12-12 14:52:55.638 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::Files@2432] [Heuristics]-6-
2017-12-12 14:52:55.638 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::Keys@2626] [Heuristics]-7-
2017-12-12 14:52:55.919 DEBUG [8432] [AdwCleanerSDK::Generic::Generics::Data@2807] [Heuristics]-8-





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users