Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsofft Security Ess. Quarantined Trojan:Win32/Fuerboos.C!cl


  • Please log in to reply
16 replies to this topic

#1 mtndew96

mtndew96

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 10 February 2018 - 09:28 AM

Computer keeps Quarantining The above with AdenB!cl thrown in occasionally.





FRST.TXT
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.02.2018 01
Ran by DCarey (administrator) on MPC-SHIP (10-02-2018 08:07:28)
Running from C:\Users\dcarey.MPC2000\Desktop
Loaded Profiles: DCarey (Available Profiles: DCarey & Administrator & admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Seagull Scientific, Inc.) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Seagull Scientific, Inc.) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
() C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5708432 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-21] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
Startup: C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe [2004-04-23] (Multifilm Packaging)
Startup: C:\Users\dcarey.MPC2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win7 time.bat [2014-01-08] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0}: [NameServer] 172.31.31.200,8.8.8.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://multifilm.qt9app1.com/Login.aspx?ReturnUrl=%2fDefault.aspx
HKU\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-17] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-17] (Oracle Corporation)

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-17] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-11-13] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BarTender System Service; C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2014-11-08] (Seagull Scientific, Inc.)
R2 Commander Service; C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe [1267280 2014-11-08] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 Maestro; C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe [232528 2014-11-08] (Seagull Scientific, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 1331061089; %SystemRoot%\24044624.exe [X]
S2 1339399062; %SystemRoot%\9234904.exe [X]
S2 1378655762; %SystemRoot%\18016672.exe [X]
S2 1386094639; %SystemRoot%\16902432.exe [X]
S2 1539013979; %SystemRoot%\10545176.exe [X]
S2 1903782053; %SystemRoot%\15788352.exe [X]
S2 2079487352; %SystemRoot%\13363304.exe [X]
S2 2088513679; %SystemRoot%\17426904.exe [X]
S2 2102042959; %SystemRoot%\10414552.exe [X]
S2 2123314273; %SystemRoot%\18278616.exe [X]
S2 2127841999; %SystemRoot%\22471936.exe [X]
S2 2135559946; %SystemRoot%\10478360.exe [X]
S2 2150845844; %SystemRoot%\8186328.exe [X]
S2 22415986; %SystemRoot%\19392984.exe [X]
S2 2248471774; %SystemRoot%\22406360.exe [X]
S2 2257662744; %SystemRoot%\16443864.exe [X]
S2 2282279; %SystemRoot%\26405320.exe [X]
S2 2326063188; %SystemRoot%\38200088.exe [X]
S2 2331341247; %SystemRoot%\14281016.exe [X]
S2 2379211277; %SystemRoot%\26534688.exe [X]
S2 2403216820; %SystemRoot%\8186328.exe [X]
S2 2624724793; %SystemRoot%\12577240.exe [X]
S2 2908309541; %SystemRoot%\23652824.exe [X]
S2 311752; %SystemRoot%\9168232.exe [X]
S2 4068598572; %SystemRoot%\17490496.exe [X]
S2 43124713; %SystemRoot%\27845976.exe [X]
S2 45295623; %SystemRoot%\25289448.exe [X]
S2 52770458; %SystemRoot%\19653896.exe [X]
S2 57790398; %SystemRoot%\28239656.exe [X]
S2 657419; %SystemRoot%\23194072.exe [X]
S2 675063; %SystemRoot%\15788504.exe [X]
S2 propwin; C:\Windows\system32\propwin.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys [269584 2011-06-15] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys [61712 2011-06-15] (Intel® Corporation)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsle1a1384c; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D7FD8B1-73CA-41FD-A985-0180FFD5E6F9}\MpKsle1a1384c.sys [49504 2018-02-10] (Microsoft Corporation)
S3 catchme; \??\C:\Users\DCAREY~1.MPC\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-10 08:07 - 2018-02-10 08:07 - 000011257 _____ C:\Users\dcarey.MPC2000\Desktop\FRST.txt
2018-02-10 08:07 - 2018-02-10 08:07 - 000000000 ____D C:\FRST
2018-02-10 08:07 - 2018-02-10 07:56 - 001763840 _____ (Farbar) C:\Users\dcarey.MPC2000\Desktop\FRST.exe
2018-02-09 17:35 - 2018-02-10 04:56 - 000006560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-09 17:35 - 2018-02-10 04:56 - 000006560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-09 17:23 - 2018-02-09 17:28 - 000000000 ____D C:\Windows\erdnt
2018-02-09 17:23 - 2018-02-09 17:28 - 000000000 ____D C:\Qoobox
2018-02-09 17:23 - 2011-06-26 00:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-09 17:23 - 2010-11-07 11:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-09 17:23 - 2009-04-19 22:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-06 15:42 - 2018-02-06 15:42 - 000000903 _____ C:\Users\dcarey.MPC2000\Desktop\Backorder Reports - Shortcut.lnk
2018-02-01 14:14 - 2018-02-01 14:14 - 000000000 ____D C:\Users\dcarey.MPC2000\Desktop\dan_j_social_media_files
2018-02-01 14:14 - 2018-02-01 14:03 - 000039566 _____ C:\Users\dcarey.MPC2000\Desktop\dan_j_social_media.htm
2018-02-01 14:14 - 2015-05-06 13:36 - 000038148 _____ C:\Users\dcarey.MPC2000\Desktop\daniel_c_social_media.htm
2018-02-01 14:14 - 2015-05-06 13:33 - 000038642 _____ C:\Users\dcarey.MPC2000\Desktop\gio_social_media.htm
2018-01-18 19:37 - 2018-01-18 19:37 - 000471718 _____ C:\Users\dcarey.MPC2000\Desktop\vacation request 2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-10 07:21 - 2016-05-17 12:19 - 000000000 ____D C:\Project1
2018-02-10 06:57 - 2016-05-17 12:00 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2018-02-10 06:52 - 2016-05-18 15:01 - 000000000 ____D C:\Cast
2018-02-09 18:01 - 2010-11-20 15:01 - 000787244 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-09 18:01 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-02-09 17:54 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-09 17:28 - 2016-05-17 12:23 - 000000000 ____D C:\Users\sam.mpc2000
2018-02-09 17:27 - 2009-07-13 20:04 - 000000215 _____ C:\Windows\system.ini
2018-02-09 14:50 - 2016-05-19 13:41 - 000000000 ____D C:\Users\dcarey.MPC2000\Documents\Outlook Files
2018-02-06 11:30 - 2016-05-16 17:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-02 09:42 - 2016-05-18 15:00 - 000000000 ____D C:\Slit
2018-01-23 12:58 - 2011-02-10 13:41 - 000456864 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 00:54

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 10 February 2018 - 11:15 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Before suggesting a fix I need to review the Addition.txt log that was created by the Farbar program.

Please post the file and wait for further instructions.

#3 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 10 February 2018 - 11:54 AM

Here you go

 

Additions.txt

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 01
Ran by DCarey (10-02-2018 08:07:58)
Running from C:\Users\dcarey.MPC2000\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-05-16 20:59:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

$BarTender_Security$ (S-1-5-21-1694302310-3471358693-2193952512-1002 - Limited - Enabled)
$Printer_Maestro$ (S-1-5-21-1694302310-3471358693-2193952512-1003 - Limited - Enabled)
admin (S-1-5-21-1694302310-3471358693-2193952512-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1694302310-3471358693-2193952512-500 - Administrator - Disabled)
Guest (S-1-5-21-1694302310-3471358693-2193952512-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Flash Player 28 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 28.0.0.161 - Adobe Systems Incorporated)
ALLOSQL (HKLM\...\ST6UNST #3) (Version:  - )
BarTender 10.1 (HKLM\...\{FB2433CE-7C65-4206-BC82-561386A34F72}) (Version: 10.1.2961 - Seagull Scientific) Hidden
BarTender 10.1 (HKLM\...\BarTender Suite) (Version: 10.1.2961 - Seagull Scientific)
Crystal Reports XI Release 2 .NET 2005 Server (HKLM\...\{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}) (Version: 11.5.0.0 - Business Objects)
DirectX for Managed Code Update (Summer 2004) (HKLM\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Label Matrix (HKLM\...\Label Matrix) (Version:  - )
Lexmark BSD Series Uninstaller (HKLM\...\Lexmark Universal v2) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Business Solutions-Great Plains 7.50 (HKLM\...\Great Plains 7.50) (Version:  - )
Microsoft Office Access 2003 Runtime (HKLM\...\{901C0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
opensource (HKLM\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Project1 (HKLM\...\ST6UNST #1) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Service (HKLM\...\ST6UNST #2) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TightVNC 2.0.2 (HKLM\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TRAVERSE (HKLM\...\{006F49E6-B073-4A2A-AA06-CC7452D94425}) (Version: 10.5.7310 - Open Systems, Inc.)
VBA (2720) (HKLM\...\{8BED6A90-E6EB-11D2-AA54-0008C7408A5A}) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Zebra Font Downloader (HKLM\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)
Zebra Setup Utilities (HKLM\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.4.838 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM\...\Zebra Setup Utilities) (Version:  - Zebra Technologies)
ZebraDesigner 2 (HKLM\...\{CAF27047-C758-4927-9699-BBB0C2B0E56F}) (Version: 2.6.63.12 - Zebra Technologies Corporation) Hidden
ZebraDesigner 2 (HKLM\...\ZebraDesigner 2) (Version:  - Zebra Technologies Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E3E954-2056-47C0-9AEC-AC8467C87931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {3EA280AA-502F-4F2E-BC0E-452E89763242} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {5903DE0D-C199-4401-AF6B-DAB0AFB9EC19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8E259690-779F-4882-8937-B1FB2DA7FE82} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP setup\Dependencies\RemEngine.exe [2012-02-17] ()
Task: {958B411E-E865-423F-B611-FF8B53D87D75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {9D773E73-7638-4943-BDF5-5CCEBD1601CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {B6EFD268-E409-4483-A319-B2DAC39EC77F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {ECD5C696-A4F4-49E4-A3EE-6274BFA2D408} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {EFDB8490-FC26-4F96-AFA9-504A1531B899} - System32\Tasks\RMCreator => C:\Program Files\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-05-19 14:35 - 2012-12-04 19:33 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP2030PP.DLL
2015-05-22 08:39 - 2013-07-02 22:16 - 001009664 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMUD1P4Z.DLL
2016-05-19 14:34 - 2012-12-04 19:33 - 002067456 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2030SU.DLL
2016-05-19 14:34 - 2012-12-04 19:32 - 000949248 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2030GC.dll
2014-11-08 12:22 - 2014-11-08 12:22 - 001267280 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
2014-11-08 12:22 - 2014-11-08 12:22 - 000334416 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrEnu.dll
2014-11-08 11:11 - 2014-11-08 11:11 - 001740800 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrJobServer.dll
2014-11-08 10:52 - 2014-11-08 10:52 - 001483776 _____ () C:\Program Files\Seagull\BarTender Suite\CcsBt.dll
2014-11-08 12:23 - 2014-11-08 12:23 - 000031824 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrJobServerBasePs.dll
2016-05-16 17:31 - 2012-02-21 14:09 - 001198872 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll
2010-07-08 07:28 - 2010-07-08 07:28 - 000068696 _____ () C:\Program Files\TightVNC\screenhooks.dll
2012-03-19 17:09 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2018-02-09 17:27 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1292428093-1957994488-839522115-1321\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.31.31.200 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94301F77-9491-40B6-9495-0A35F32C9108}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E9D8C783-C6F8-4EDF-8D11-62B087E65808}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{861B949E-E7F7-432F-8118-0993A3FB94F0}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{BCAFCA3B-75E4-4845-9B47-40D8ED4D86C0}] => (Allow) C:\Program Files\TightVNC\vncviewer.exe
FirewallRules: [{3D28A6BF-5C63-4B69-8EDE-6258938EF67B}] => (Allow) C:\Program Files\TightVNC\vncviewer.exe
FirewallRules: [{217709B3-6739-4A82-A9D8-09F777D5EED6}] => (Allow) \\MULTISERV\INFORM\Temporary\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\installgui.exe
FirewallRules: [{CB99B0BB-B82D-4A94-96AF-C8023E48230A}] => (Allow) \\MULTISERV\INFORM\Temporary\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\installgui.exe
FirewallRules: [{1C0C457B-6567-4AEE-A0CF-08518175361D}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{BB429B2A-7984-4B26-A95E-E2541DB8D80B}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{20B20422-8149-4045-824E-92CDE1577326}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{5E8AF244-EA1C-4886-9E58-2F2F25C25ECC}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{3AFA39DA-9369-44C8-9553-025545E052F8}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{FA52FFCC-A098-48D9-9124-69736F4A3B6F}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{F4D3BD43-DBFC-42DE-B383-2F2C481FF428}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{61EE4212-BC4E-49FC-AA4F-0FC9E47B5365}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{0D9D226F-FE79-4DE8-A74F-0727FA1AAEC8}] => (Allow) C:\Users\dcarey.MPC2000\Desktop\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\InstallGui.exe
FirewallRules: [{A806055B-49D6-4534-8261-6DECE9805F7D}] => (Allow) C:\Users\dcarey.MPC2000\Desktop\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\InstallGui.exe
FirewallRules: [{E2A2EB07-FCFA-4BD4-AB7E-9CE424E2AD5E}] => (Allow) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
FirewallRules: [{945D8174-3937-44BF-AC15-0A24C706D6BC}] => (Allow) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
FirewallRules: [{71818811-CC3F-4B43-AB53-E51B735FF5E8}] => (Allow) C:\Program Files\Seagull\BarTender Suite\HistoryExplorer.exe
FirewallRules: [{B9885AFC-6F47-4121-A536-E2EC185A7D08}] => (Allow) C:\Program Files\Seagull\BarTender Suite\HistoryExplorer.exe
FirewallRules: [{583CF7F5-4ED8-4E06-A9CE-6BD651B6AA5B}] => (Allow) C:\Program Files\Seagull\BarTender Suite\ReprintConsole.exe
FirewallRules: [{D403BAB7-7EAC-44A4-98CE-8C2FED29E720}] => (Allow) C:\Program Files\Seagull\BarTender Suite\ReprintConsole.exe
FirewallRules: [{688F377D-0514-4F50-B848-31DD3E4AF6EA}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseWizard.exe
FirewallRules: [{E22162A7-088A-471D-98EA-EEAECA005480}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseWizard.exe
FirewallRules: [{6DB79620-DCD6-48ED-A3D3-7265EADF8DF1}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseSetup.exe
FirewallRules: [{B6C65AAF-59E8-4E76-9CB3-98C367F1A1BF}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseSetup.exe
FirewallRules: [{1765221D-283C-4402-BDF4-71254DF6431F}] => (Allow) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
FirewallRules: [{8AE80355-96ED-42A1-898E-6F38F41A53EC}] => (Allow) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe

==================== Restore Points =========================

08-01-2018 03:27:36 Windows Update
10-01-2018 03:00:10 Windows Update
13-01-2018 03:31:34 Windows Update
17-01-2018 11:22:38 Windows Update
20-01-2018 03:00:12 Windows Update
23-01-2018 11:22:03 Windows Update
27-01-2018 11:22:38 Windows Update
31-01-2018 11:22:57 Windows Update
06-02-2018 11:23:29 Windows Update
08-02-2018 01:20:01 HPSF Restore Point
09-02-2018 11:24:10 Windows Update
09-02-2018 17:15:29 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2018 05:52:18 PM) (Source: Software Protection Platform Service) (EventID: 1008) (User: )
Description: Acquisition of Secure Processor Certificate failed. hr=0x80072EE7

Error: (02/09/2018 05:52:18 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7

Error: (02/09/2018 05:03:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SchClient.exe version 6.1.11.34 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dd0

Start Time: 01d3a1d80185bef9

Termination Time: 0

Application Path: C:\Scheduler_V6\SchClient.exe

Report Id:

Error: (02/09/2018 12:12:00 PM) (Source: Microsoft Office 14) (EventID: 2001) (User: )
Description: Microsoft Word: Rejected Safe Mode action : Word failed to start correctly last time.  Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Word in safe mode?.
Rejected Safe Mode action : Microsoft Word.

Error: (02/09/2018 10:52:31 AM) (Source: Microsoft Office 14) (EventID: 2000) (User: )
Description: Microsoft Word: Accepted Safe Mode action : Word failed to start correctly last time.  Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program.  Some functionality may be disabled in this mode.

Do you want to start Word in safe mode?.
Accepted Safe Mode action : Microsoft Word.

Error: (02/09/2018 10:34:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dynamics.exe version 7.5.0.14 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11c8

Start Time: 01d3a1c124c2e682

Termination Time: 15

Application Path: C:\Microsoft Business Solutions\Great Plains\Dynamics.exe

Report Id: 273c22bf-0db7-11e8-ab27-24be050ee650

Error: (01/24/2018 04:07:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program DELETEAlloCombo.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12f8

Start Time: 01d394faea7c71e9

Termination Time: 0

Application Path: \\MULTISERV\Inform\Apps\DELETEAlloCombo.exe

Report Id: 4da84bd1-00ee-11e8-ab27-24be050ee650

Error: (01/05/2018 03:00:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsldd4a6dc1.

System Error:
The system cannot find the file specified.
.

Error: (12/15/2017 08:36:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SchClient.exe version 6.1.11.34 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c50

Start Time: 01d3740a9c922b97

Termination Time: 0

Application Path: C:\Scheduler_V6\SchClient.exe

Report Id:

Error: (12/13/2017 03:00:16 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl0502888f.

System Error:
The system cannot find the file specified.
.


System errors:
=============
Error: (02/10/2018 07:42:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:56:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:11:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:11:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 45295623 service to connect.

Error: (02/10/2018 06:09:54 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:09:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:09:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 57790398 service to connect.

Error: (02/10/2018 06:08:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:07:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 06:07:16 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 52770458 service to connect.


CodeIntegrity:
===================================
  Date: 2018-02-10 08:07:25.057
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:07:22.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:04:11.513
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:03:47.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:03:40.261
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:03:13.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:03:01.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:02:50.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:02:48.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-10 08:02:48.188
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 37%
Total physical RAM: 3471.59 MB
Available physical RAM: 2185.73 MB
Total Virtual: 6941.53 MB
Available Virtual: 5751.34 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:460.66 GB) (Free:399.61 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:4.9 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 487E5E4F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=27)

==================== End of Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 10 February 2018 - 02:25 PM

Hi,



Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

S2 1331061089; %SystemRoot%\24044624.exe [X]
S2 1339399062; %SystemRoot%\9234904.exe [X]
S2 1378655762; %SystemRoot%\18016672.exe [X]
S2 1386094639; %SystemRoot%\16902432.exe [X]
S2 1539013979; %SystemRoot%\10545176.exe [X]
S2 1903782053; %SystemRoot%\15788352.exe [X]
S2 2079487352; %SystemRoot%\13363304.exe [X]
S2 2088513679; %SystemRoot%\17426904.exe [X]
S2 2102042959; %SystemRoot%\10414552.exe [X]
S2 2123314273; %SystemRoot%\18278616.exe [X]
S2 2127841999; %SystemRoot%\22471936.exe [X]
S2 2135559946; %SystemRoot%\10478360.exe [X]
S2 2150845844; %SystemRoot%\8186328.exe [X]
S2 22415986; %SystemRoot%\19392984.exe [X]
S2 2248471774; %SystemRoot%\22406360.exe [X]
S2 2257662744; %SystemRoot%\16443864.exe [X]
S2 2282279; %SystemRoot%\26405320.exe [X]
S2 2326063188; %SystemRoot%\38200088.exe [X]
S2 2331341247; %SystemRoot%\14281016.exe [X]
S2 2379211277; %SystemRoot%\26534688.exe [X]
S2 2403216820; %SystemRoot%\8186328.exe [X]
S2 2624724793; %SystemRoot%\12577240.exe [X]
S2 2908309541; %SystemRoot%\23652824.exe [X]
S2 311752; %SystemRoot%\9168232.exe [X]
S2 4068598572; %SystemRoot%\17490496.exe [X]
S2 43124713; %SystemRoot%\27845976.exe [X]
S2 45295623; %SystemRoot%\25289448.exe [X]
S2 52770458; %SystemRoot%\19653896.exe [X]
S2 57790398; %SystemRoot%\28239656.exe [X]
S2 657419; %SystemRoot%\23194072.exe [X]
S2 675063; %SystemRoot%\15788504.exe [X]
S2 propwin; C:\Windows\system32\propwin.exe [X]
S3 catchme; \??\C:\Users\DCAREY~1.MPC\AppData\Local\Temp\catchme.sys [X]

Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime
Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
C:\Windows\System32\Tasks\Microsoft\Windows\Setup

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended. (You need to check with Internet Explorer) <- Important.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
If you have accepted the notice to remove old version(s), it's gone.

Please post the fixlog.txt and let me know what problem persists with this computer.

#5 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 10 February 2018 - 04:10 PM

Here is the log file below. I’ll watch the computer for the next few hours and see if it does it again. Thank you for the quick replies.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 01

Ran by DCarey (10-02-2018 15:02:15) Run:1

Running from C:\Users\dcarey.MPC2000\Desktop

Loaded Profiles: DCarey (Available Profiles: DCarey & Administrator & admin)

Boot Mode: Normal

 

==============================================

 

fixlist content:

*****************

Start

 

CreateRestorePoint:

EmptyTemp:

CloseProcesses:

 

S2

1331061089; %SystemRoot%\24044624.exe [X]

S2 1339399062; %SystemRoot%\9234904.exe [X]

S2 1378655762; %SystemRoot%\18016672.exe [X]

S2 1386094639; %SystemRoot%\16902432.exe [X]

S2 1539013979; %SystemRoot%\10545176.exe [X]

S2 1903782053; %SystemRoot%\15788352.exe [X]

S2 2079487352; %SystemRoot%\13363304.exe [X]

S2 2088513679; %SystemRoot%\17426904.exe [X]

S2 2102042959; %SystemRoot%\10414552.exe [X]

S2 2123314273; %SystemRoot%\18278616.exe [X]

S2 2127841999; %SystemRoot%\22471936.exe [X]

S2 2135559946; %SystemRoot%\10478360.exe [X]

S2 2150845844; %SystemRoot%\8186328.exe [X]

S2 22415986; %SystemRoot%\19392984.exe [X]

S2 2248471774; %SystemRoot%\22406360.exe [X]

S2 2257662744; %SystemRoot%\16443864.exe [X]

S2 2282279; %SystemRoot%\26405320.exe [X]

S2 2326063188; %SystemRoot%\38200088.exe [X]

S2 2331341247; %SystemRoot%\14281016.exe [X]

S2 2379211277; %SystemRoot%\26534688.exe [X]

S2 2403216820; %SystemRoot%\8186328.exe [X]

S2 2624724793; %SystemRoot%\12577240.exe [X]

S2

2908309541; %SystemRoot%\23652824.exe [X]

S2 311752; %SystemRoot%\9168232.exe [X]

S2 4068598572; %SystemRoot%\17490496.exe [X]

S2 43124713; %SystemRoot%\27845976.exe [X]

S2 45295623; %SystemRoot%\25289448.exe [X]

S2 52770458; %SystemRoot%\19653896.exe [X]

S2 57790398; %SystemRoot%\28239656.exe [X]

S2 657419; %SystemRoot%\23194072.exe [X]

S2 675063; %SystemRoot%\15788504.exe [X]

S2 propwin; C:\Windows\system32\propwin.exe [X]

S3 catchme; \??\C:\Users\DCAREY~1.MPC\AppData\Local\Temp\catchme.sys [X]

 

Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig

Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent

Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} -

System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)

Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig

Task: {A710677A-80D0-4FA9-9296-20F6350CEA42} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)

Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(1): %windir%\system32\GWX\GWXUXWorker.exe -> /ScheduleUpgradeReminderTime

Task: {BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft

Corporation)

Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent

Task: {C2990B97-5A2B-4B85-83AD-93BA48C414BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)

C:\Windows\System32\Tasks\Microsoft\Windows\Setup

 

End

 

*****************

 

Restore point was successfully created.

Processes closed successfully.

S2 => Error: No automatic fix found for this entry.

1331061089; %SystemRoot%\24044624.exe [X] => Error: No automatic fix found for this entry.

"HKLM\System\CurrentControlSet\Services\1339399062" => removed successfully.

1339399062 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\1378655762" => removed successfully.

1378655762 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\1386094639" => removed successfully.

1386094639 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\1539013979" => removed successfully.

1539013979 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\1903782053" => removed successfully.

1903782053 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2079487352" => removed successfully.

2079487352 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2088513679" => removed successfully.

2088513679 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2102042959" => removed successfully.

2102042959 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2123314273" => removed successfully.

2123314273 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2127841999" => removed successfully.

2127841999 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2135559946" => removed successfully.

2135559946 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2150845844" => removed successfully.

2150845844 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\22415986" => removed successfully.

22415986 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2248471774" => removed successfully.

2248471774 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2257662744" => removed successfully.

2257662744 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2282279" => removed successfully.

2282279 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2326063188" => removed successfully.

2326063188 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2331341247" => removed successfully.

2331341247 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2379211277" => removed successfully.

2379211277 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2403216820" => removed successfully.

2403216820 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\2624724793" => removed successfully.

2624724793 => service removed successfully.

S2 => Error: No automatic fix found for this entry.

2908309541; %SystemRoot%\23652824.exe [X] => Error: No automatic fix found for this entry.

"HKLM\System\CurrentControlSet\Services\311752" => removed successfully.

311752 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\4068598572" => removed successfully.

4068598572 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\43124713" => removed successfully.

43124713 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\45295623" => removed successfully.

45295623 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\52770458" => removed successfully.

52770458 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\57790398" => removed successfully.

57790398 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\657419" => removed successfully.

657419 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\675063" => removed successfully.

675063 => service removed successfully.

"HKLM\System\CurrentControlSet\Services\propwin" => removed successfully.

propwin => service removed successfully.

"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully.

catchme => service removed successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5720C25E-D8E9-40E3-A93D-7A0023ADB68D} => could not remove. ErrorCode1: 0x00000001

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5720C25E-D8E9-40E3-A93D-7A0023ADB68D} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {5720C25E-D8E9-40E3-A93D-7A0023ADB68D} - => not found

System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation) => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A710677A-80D0-4FA9-9296-20F6350CEA42} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A710677A-80D0-4FA9-9296-20F6350CEA42} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC714AA2-CBEF-4135-9BEE-F72AC1A049D4} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found

Corporation) => Error: No automatic fix found for this entry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2990B97-5A2B-4B85-83AD-93BA48C414BD} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2990B97-5A2B-4B85-83AD-93BA48C414BD} => not found

"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found

C:\Windows\System32\Tasks\Microsoft\Windows\Setup => moved successfully

 

=========== EmptyTemp: ==========

 

BITS transfer queue => 8388608 B

DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 20049548 B

Java, Flash, Steam htmlcache => 524 B

Windows/system/drivers => 801876 B

Edge => 0 B

Chrome => 0 B

Firefox => 0 B

Opera => 0 B

 

Temp, IE cache, history, cookies, recent:

Users => 0 B

Default => 0 B

Public => 0 B

ProgramData => 0 B

systemprofile => 66088 B

LocalService => 0 B

NetworkService => 3267322 B

dcarey.MPC2000 => 130251938 B

administrator => 104609 B

admin => 958664 B

 

RecycleBin => 0 B

EmptyTemp: => 156.3 MB temporary data Removed.

 

================================

 

 

The system needed a reboot.

 

==== End of Fixlog 15:03:01 ====



#6 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 10 February 2018 - 04:12 PM

Oops forgot to add i updated the java to Java 8 update 161. Also ran windows update. Removed Flash player.



#7 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 07:12 AM

This morning MSE quarantined 2 files Trojen.Win32/Dynamer!ac.so you want me to rescan?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 11 February 2018 - 08:02 AM

Hi,

Download the Sustemlook appropriate for you system.

SystemLook.exe
SystemLook_x64.exe
  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
  • :reg
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======


Please run the Farbar tool normally.
Post only the FRST log for my review.

Post all te logs in your next reply.

Edited by nasdaq, 11 February 2018 - 08:04 AM.


#9 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 09:01 AM

Here is the SystemLook file, Just an FYI the link didn't work I want to

https://forums.malwarebytes.com/topic/18059-systemlook/

and had to download from mirror#2

 

SystemLook 30.07.11 by jpshortstuff
Log created at 07:53 on 11/02/2018 by DCarey
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe -s"
"IMSS"=""C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe""
"USB3MON"=""C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe""
"HPSYSDRV"="C:\Program Files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE"
"IgfxTray"=""C:\Windows\system32\igfxtray.exe""
"HotKeysCmds"=""C:\Windows\system32\hkcmd.exe""
"Persistence"=""C:\Windows\system32\igfxpers.exe""
"MSC"=""C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey"
"SunJavaUpdateSched"=""C:\Program Files\Common Files\Java\Java Update\jusched.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OptionalComponents]


-= EOF =



#10 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 09:31 AM

RogueKiller V12.12.3.0 [Feb  5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : DCarey [Not administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Date : 02/11/2018 07:56:00 (Duration : 00:18:02)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\126348080 (%SystemRoot%\9824712.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1331061089 (%SystemRoot%\24044624.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\22189083 (%SystemRoot%\25420896.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2908309541 (%SystemRoot%\23652824.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\68248159 (%SystemRoot%\9234904.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\81030320 (%SystemRoot%\14213880.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1331061089 (%SystemRoot%\24044624.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\2908309541 (%SystemRoot%\23652824.exe) -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 11 February 2018 - 09:49 AM

Hi,

Please run the RogueKiller program and delete these entries.
 

[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\126348080 (%SystemRoot%\9824712.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1331061089 (%SystemRoot%\24044624.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\22189083 (%SystemRoot%\25420896.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2908309541 (%SystemRoot%\23652824.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\68248159 (%SystemRoot%\9234904.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\81030320 (%SystemRoot%\14213880.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1331061089 (%SystemRoot%\24044624.exe) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\2908309541 (%SystemRoot%\23652824.exe) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-]) -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-]) -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe -> Found



p.s.
If you have set up this startup item do not delete it.

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe -> Found

Restart the computer normally.

Run the RogueKiller one more time and post a fresh log for my review.

Do not forget also to include a fresh FRST log for my review.

#12 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 10:02 AM

When I tried to delete is said error(5).
Rerunning scan now and will do all you specified.

 

 

RogueKiller V12.12.3.0 [Feb  5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : DCarey [Not administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 02/11/2018 07:56:00 (Duration : 00:18:02)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\126348080 (%SystemRoot%\9824712.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1331061089 (%SystemRoot%\24044624.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\22189083 (%SystemRoot%\25420896.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2908309541 (%SystemRoot%\23652824.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\68248159 (%SystemRoot%\9234904.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\81030320 (%SystemRoot%\14213880.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1331061089 (%SystemRoot%\24044624.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\2908309541 (%SystemRoot%\23652824.exe) -> ERROR [5]
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> Not selected
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe -> Not selected

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
 



#13 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 10:19 AM

Samething 2nd run.

 

RogueKiller V12.12.3.0 [Feb  5 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : DCarey [Not administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 02/11/2018 08:57:37 (Duration : 00:17:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\126348080 (%SystemRoot%\9824712.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1331061089 (%SystemRoot%\24044624.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\22189083 (%SystemRoot%\25420896.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2908309541 (%SystemRoot%\23652824.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\68248159 (%SystemRoot%\9234904.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\81030320 (%SystemRoot%\14213880.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\126348080 (%SystemRoot%\9824712.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1331061089 (%SystemRoot%\24044624.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\22189083 (%SystemRoot%\25420896.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\2908309541 (%SystemRoot%\23652824.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\68248159 (%SystemRoot%\9234904.exe) -> ERROR [5]
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\81030320 (%SystemRoot%\14213880.exe) -> ERROR [5]
[PUM.HomePage] HKEY_USERS\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main | Start Page :
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> ERROR [5]
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-])  -> ERROR [5]

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Startup][File] C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe -> ERROR [5]

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x5]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
 



#14 mtndew96

mtndew96
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 11 February 2018 - 10:22 AM

Reboot and rerun of FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10.02.2018 02
Ran by DCarey (administrator) on MPC-SHIP (11-02-2018 09:20:06)
Running from C:\Users\dcarey.MPC2000\Desktop
Loaded Profiles: DCarey (Available Profiles: DCarey & Administrator & admin)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Seagull Scientific, Inc.) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Seagull Scientific, Inc.) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
() C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5708432 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-21] (Intel Corporation)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM\...\Run: [HPSYSDRV] => C:\Program Files\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-12-19] (Oracle Corporation)
Startup: C:\Users\dcarey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recept.exe [2004-04-23] (Multifilm Packaging)
Startup: C:\Users\dcarey.MPC2000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\win7 time.bat [2014-01-08] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0}: [NameServer] 172.31.31.200,8.8.8.8

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1292428093-1957994488-839522115-1321\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_161\bin\ssv.dll [2018-02-10] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-02-10] (Oracle Corporation)

FireFox:
========
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-02-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-02-10] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=1.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2010-11-13] (the VideoLAN Team)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-11-04] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BarTender System Service; C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe [36432 2014-11-08] (Seagull Scientific, Inc.)
R2 Commander Service; C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe [1267280 2014-11-08] ()
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [290224 2015-06-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [458464 2012-02-02] (Intel® Corporation)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [132768 2011-11-09] (Intel Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 Maestro; C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe [232528 2014-11-08] (Seagull Scientific, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 126348080; %SystemRoot%\9824712.exe [X]
S2 1331061089; %SystemRoot%\24044624.exe [X]
S2 22189083; %SystemRoot%\25420896.exe [X]
S2 2908309541; %SystemRoot%\23652824.exe [X]
S2 68248159; %SystemRoot%\9234904.exe [X]
S2 81030320; %SystemRoot%\14213880.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM60x32.sys [269584 2011-06-15] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP60X32.sys [61712 2011-06-15] (Intel® Corporation)
R0 iusb3hcs; C:\Windows\System32\drivers\iusb3hcs.sys [13592 2012-01-27] (Intel Corporation)
R3 iusb3hub; C:\Windows\system32\drivers\iusb3hub.sys [348440 2012-01-27] (Intel Corporation)
R3 iusb3xhc; C:\Windows\system32\drivers\iusb3xhc.sys [791832 2012-01-27] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-17] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 09:20 - 2018-02-11 09:20 - 000009568 _____ C:\Users\dcarey.MPC2000\Desktop\FRST.txt
2018-02-11 09:03 - 2018-02-11 09:03 - 000000000 ____D C:\Users\dcarey.MPC2000\Desktop\FRST-OlderVersion
2018-02-11 07:55 - 2018-02-11 08:27 - 000000000 ____D C:\Program Files\RogueKiller
2018-02-11 07:55 - 2018-02-11 08:26 - 000000000 ____D C:\ProgramData\RogueKiller
2018-02-11 07:55 - 2018-02-11 07:55 - 000001003 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-02-11 07:55 - 2018-02-11 07:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-02-11 07:52 - 2018-02-11 07:46 - 036408336 _____ (Adlice Software ) C:\Users\dcarey.MPC2000\Desktop\RogueKiller_setup_ref3.exe
2018-02-11 07:52 - 2018-02-11 07:45 - 000139264 _____ C:\Users\dcarey.MPC2000\Desktop\SystemLook.exe
2018-02-11 06:13 - 2018-02-08 12:58 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\dcarey.MPC2000\Desktop\iExplore.exe
2018-02-11 06:13 - 2018-02-08 12:58 - 001790024 _____ (Malwarebytes) C:\Users\dcarey.MPC2000\Desktop\JRT.exe
2018-02-11 06:13 - 2018-02-08 12:57 - 008206624 _____ (Malwarebytes) C:\Users\dcarey.MPC2000\Desktop\AdwCleaner.exe
2018-02-11 06:13 - 2018-02-08 12:57 - 005659876 ____R (Swearware) C:\Users\dcarey.MPC2000\Desktop\ComboFix.exe
2018-02-10 15:13 - 2018-02-11 09:03 - 000000000 ____D C:\Users\dcarey.MPC2000\Desktop\FRST 1st run
2018-02-10 11:43 - 2018-01-07 09:27 - 004013800 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2018-02-10 11:43 - 2018-01-07 09:27 - 003959016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-02-10 11:43 - 2018-01-07 09:27 - 000137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-02-10 11:43 - 2018-01-07 09:27 - 000067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2018-02-10 11:43 - 2018-01-07 09:25 - 001310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 001062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000554496 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-02-10 11:43 - 2018-01-07 09:24 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2018-02-10 11:43 - 2018-01-07 09:04 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2018-02-10 11:43 - 2018-01-07 09:04 - 000050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2018-02-10 11:43 - 2018-01-07 09:04 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2018-02-10 11:43 - 2018-01-07 09:04 - 000016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2018-02-10 11:43 - 2018-01-07 09:03 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2018-02-10 11:43 - 2018-01-07 09:01 - 000262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2018-02-10 11:43 - 2018-01-07 08:59 - 000226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2018-02-10 11:43 - 2018-01-07 08:59 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2018-02-10 11:43 - 2018-01-07 08:59 - 000098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2018-02-10 11:43 - 2018-01-07 08:58 - 000069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2018-02-10 11:43 - 2018-01-07 08:58 - 000036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2018-02-10 11:43 - 2018-01-07 08:58 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2018-02-10 11:43 - 2018-01-07 08:58 - 000015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 001176576 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 000179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 000145920 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 000106496 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2018-02-10 11:43 - 2017-12-05 11:08 - 000072704 _____ (Microsoft Corporation) C:\Windows\system32\TabSvc.dll
2018-02-10 11:43 - 2017-12-05 09:54 - 000334848 _____ (Microsoft Corporation) C:\Windows\system32\wisptis.exe
2018-02-10 11:42 - 2018-01-21 17:42 - 000117480 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2018-02-10 11:42 - 2018-01-21 17:20 - 000533504 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 001893888 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2018-02-10 11:42 - 2018-01-19 08:05 - 001314304 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000594944 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000508416 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000337920 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000311808 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000212992 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2018-02-10 11:42 - 2018-01-19 08:05 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2018-02-10 11:42 - 2016-08-29 08:55 - 002972672 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-02-10 11:42 - 2016-07-07 08:57 - 000035840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2018-02-10 11:42 - 2014-07-08 19:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2018-02-10 11:42 - 2014-07-08 19:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2018-02-10 11:42 - 2014-07-08 19:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2018-02-10 11:42 - 2014-07-08 19:29 - 000006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2018-02-10 11:42 - 2014-07-08 19:29 - 000005632 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2018-02-10 09:58 - 2018-02-10 09:58 - 000000000 ____D C:\Program Files\Common Files\Java
2018-02-10 08:07 - 2018-02-11 09:20 - 000000000 ____D C:\FRST
2018-02-10 08:07 - 2018-02-11 09:03 - 001764352 _____ (Farbar) C:\Users\dcarey.MPC2000\Desktop\FRST.exe
2018-02-09 17:35 - 2018-02-11 09:04 - 000006560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-09 17:35 - 2018-02-11 09:04 - 000006560 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-09 17:23 - 2018-02-09 17:28 - 000000000 ____D C:\Windows\erdnt
2018-02-09 17:23 - 2018-02-09 17:28 - 000000000 ____D C:\Qoobox
2018-02-09 17:23 - 2011-06-26 00:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-09 17:23 - 2010-11-07 11:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-09 17:23 - 2009-04-19 22:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-09 17:23 - 2000-08-30 18:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-06 15:42 - 2018-02-06 15:42 - 000000903 _____ C:\Users\dcarey.MPC2000\Desktop\Backorder Reports - Shortcut.lnk
2018-02-01 14:14 - 2018-02-01 14:14 - 000000000 ____D C:\Users\dcarey.MPC2000\Desktop\dan_j_social_media_files
2018-02-01 14:14 - 2018-02-01 14:03 - 000039566 _____ C:\Users\dcarey.MPC2000\Desktop\dan_j_social_media.htm
2018-02-01 14:14 - 2015-05-06 13:36 - 000038148 _____ C:\Users\dcarey.MPC2000\Desktop\daniel_c_social_media.htm
2018-02-01 14:14 - 2015-05-06 13:33 - 000038642 _____ C:\Users\dcarey.MPC2000\Desktop\gio_social_media.htm
2018-01-18 19:37 - 2018-01-18 19:37 - 000471718 _____ C:\Users\dcarey.MPC2000\Desktop\vacation request 2018.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-11 09:03 - 2010-11-20 15:01 - 000787244 _____ C:\Windows\system32\PerfStringBackup.INI
2018-02-11 09:03 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\inf
2018-02-11 08:56 - 2016-05-17 12:00 - 000000120 _____ C:\Windows\system32\config\netlogon.ftl
2018-02-11 08:56 - 2009-07-13 22:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-10 14:26 - 2016-05-16 17:34 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-10 13:12 - 2009-07-13 20:37 - 000000000 ____D C:\Windows\rescache
2018-02-10 12:34 - 2016-05-18 14:52 - 000000000 ___SD C:\Windows\system32\CompatTel
2018-02-10 12:34 - 2016-05-18 14:52 - 000000000 ____D C:\Windows\system32\appraiser
2018-02-10 09:59 - 2016-05-17 12:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-10 09:59 - 2016-05-17 12:50 - 000000000 ____D C:\Program Files\Java
2018-02-10 09:58 - 2016-05-17 12:50 - 000095808 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2018-02-10 07:21 - 2016-05-17 12:19 - 000000000 ____D C:\Project1
2018-02-10 06:52 - 2016-05-18 15:01 - 000000000 ____D C:\Cast
2018-02-09 17:28 - 2016-05-17 12:23 - 000000000 ____D C:\Users\sam.mpc2000
2018-02-09 17:27 - 2009-07-13 20:04 - 000000215 _____ C:\Windows\system.ini
2018-02-09 14:50 - 2016-05-19 13:41 - 000000000 ____D C:\Users\dcarey.MPC2000\Documents\Outlook Files
2018-02-02 09:42 - 2016-05-18 15:00 - 000000000 ____D C:\Slit
2018-01-23 12:58 - 2011-02-10 13:41 - 000456864 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some files in TEMP:
====================
2018-02-11 07:55 - 2018-01-07 09:25 - 001310528 _____ (Microsoft Corporation) C:\Users\dcarey.MPC2000\AppData\Local\temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-07 00:54

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10.02.2018 02
Ran by DCarey (11-02-2018 09:20:22)
Running from C:\Users\dcarey.MPC2000\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2016-05-16 20:59:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

$BarTender_Security$ (S-1-5-21-1694302310-3471358693-2193952512-1002 - Limited - Enabled)
$Printer_Maestro$ (S-1-5-21-1694302310-3471358693-2193952512-1003 - Limited - Enabled)
admin (S-1-5-21-1694302310-3471358693-2193952512-1000 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1694302310-3471358693-2193952512-500 - Administrator - Disabled)
Guest (S-1-5-21-1694302310-3471358693-2193952512-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
ALLOSQL (HKLM\...\ST6UNST #3) (Version:  - )
BarTender 10.1 (HKLM\...\{FB2433CE-7C65-4206-BC82-561386A34F72}) (Version: 10.1.2961 - Seagull Scientific) Hidden
BarTender 10.1 (HKLM\...\BarTender Suite) (Version: 10.1.2961 - Seagull Scientific)
Crystal Reports XI Release 2 .NET 2005 Server (HKLM\...\{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}) (Version: 11.5.0.0 - Business Objects)
DirectX for Managed Code Update (Summer 2004) (HKLM\...\{E9E34215-82EF-4909-BE2F-F581F0DC9062}) (Version: 9.02.2904 - Microsoft) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (HKLM\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Odometer (HKLM\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (HKLM\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{51A66ED3-200E-4147-8D1E-E8D30936FD26}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 161 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Label Matrix (HKLM\...\Label Matrix) (Version:  - )
Lexmark BSD Series Uninstaller (HKLM\...\Lexmark Universal v2) (Version:  - Lexmark International, Inc.)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Business Solutions-Great Plains 7.50 (HKLM\...\Great Plains 7.50) (Version:  - )
Microsoft Office Access 2003 Runtime (HKLM\...\{901C0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
opensource (HKLM\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Project1 (HKLM\...\ST6UNST #1) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.5223 - CyberLink Corp.) Hidden
RogueKiller version 12.12.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.3.0 - Adlice Software)
Service (HKLM\...\ST6UNST #2) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
TightVNC 2.0.2 (HKLM\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)
TRAVERSE (HKLM\...\{006F49E6-B073-4A2A-AA06-CC7452D94425}) (Version: 10.5.7310 - Open Systems, Inc.)
VBA (2720) (HKLM\...\{8BED6A90-E6EB-11D2-AA54-0008C7408A5A}) (Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VLC media player 1.1.5 (HKLM\...\VLC media player) (Version: 1.1.5 - VideoLAN)
Zebra Font Downloader (HKLM\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)
Zebra Setup Utilities (HKLM\...\{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}) (Version: 1.1.4.838 - Zebra Technologies) Hidden
Zebra Setup Utilities (HKLM\...\Zebra Setup Utilities) (Version:  - Zebra Technologies)
ZebraDesigner 2 (HKLM\...\{CAF27047-C758-4927-9699-BBB0C2B0E56F}) (Version: 2.6.63.12 - Zebra Technologies Corporation) Hidden
ZebraDesigner 2 (HKLM\...\ZebraDesigner 2) (Version:  - Zebra Technologies Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2015-01-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-06-01] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {07E3E954-2056-47C0-9AEC-AC8467C87931} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {5903DE0D-C199-4401-AF6B-DAB0AFB9EC19} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8E259690-779F-4882-8937-B1FB2DA7FE82} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP setup\Dependencies\RemEngine.exe [2012-02-17] ()
Task: {958B411E-E865-423F-B611-FF8B53D87D75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {9D773E73-7638-4943-BDF5-5CCEBD1601CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {B6EFD268-E409-4483-A319-B2DAC39EC77F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {ECD5C696-A4F4-49E4-A3EE-6274BFA2D408} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {EFDB8490-FC26-4F96-AFA9-504A1531B899} - System32\Tasks\RMCreator => C:\Program Files\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-05-19 14:35 - 2012-12-04 19:33 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP2030PP.DLL
2015-05-22 08:39 - 2013-07-02 22:16 - 001009664 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\LMUD1P4Z.DLL
2016-05-19 14:34 - 2012-12-04 19:33 - 002067456 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2030SU.DLL
2016-05-19 14:34 - 2012-12-04 19:32 - 000949248 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\HP2030GC.dll
2010-07-08 07:28 - 2010-07-08 07:28 - 000068696 _____ () C:\Program Files\TightVNC\screenhooks.dll
2012-03-19 17:09 - 2015-06-01 20:00 - 000102912 _____ () C:\Windows\System32\IccLibDll.dll
2014-11-08 12:22 - 2014-11-08 12:22 - 001267280 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrSrv.exe
2014-11-08 12:22 - 2014-11-08 12:22 - 000334416 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrEnu.dll
2014-11-08 11:11 - 2014-11-08 11:11 - 001740800 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrJobServer.dll
2014-11-08 10:52 - 2014-11-08 10:52 - 001483776 _____ () C:\Program Files\Seagull\BarTender Suite\CcsBt.dll
2014-11-08 12:23 - 2014-11-08 12:23 - 000031824 _____ () C:\Program Files\Seagull\BarTender Suite\CmdrJobServerBasePs.dll
2016-05-16 17:31 - 2012-02-21 14:09 - 001198872 _____ () C:\Program Files\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2018-02-09 17:27 - 000000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1292428093-1957994488-839522115-1321\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.31.31.200 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94301F77-9491-40B6-9495-0A35F32C9108}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E9D8C783-C6F8-4EDF-8D11-62B087E65808}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{861B949E-E7F7-432F-8118-0993A3FB94F0}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{BCAFCA3B-75E4-4845-9B47-40D8ED4D86C0}] => (Allow) C:\Program Files\TightVNC\vncviewer.exe
FirewallRules: [{3D28A6BF-5C63-4B69-8EDE-6258938EF67B}] => (Allow) C:\Program Files\TightVNC\vncviewer.exe
FirewallRules: [{217709B3-6739-4A82-A9D8-09F777D5EED6}] => (Allow) \\MULTISERV\INFORM\Temporary\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\installgui.exe
FirewallRules: [{CB99B0BB-B82D-4A94-96AF-C8023E48230A}] => (Allow) \\MULTISERV\INFORM\Temporary\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\installgui.exe
FirewallRules: [{1C0C457B-6567-4AEE-A0CF-08518175361D}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{BB429B2A-7984-4B26-A95E-E2541DB8D80B}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMZZZ_32__bc.dll
FirewallRules: [{20B20422-8149-4045-824E-92CDE1577326}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{5E8AF244-EA1C-4886-9E58-2F2F25C25ECC}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\LMzzz_32serv.dll
FirewallRules: [{3AFA39DA-9369-44C8-9553-025545E052F8}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{FA52FFCC-A098-48D9-9124-69736F4A3B6F}] => (Allow) C:\Program Files\Lexmark\NetworkTwain\lextwprotocol.dll
FirewallRules: [{F4D3BD43-DBFC-42DE-B383-2F2C481FF428}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{61EE4212-BC4E-49FC-AA4F-0FC9E47B5365}] => (Allow) C:\Windows\twain_32\Lexmark\NetworkTwain\lexnetworkds.ds
FirewallRules: [{0D9D226F-FE79-4DE8-A74F-0727FA1AAEC8}] => (Allow) C:\Users\dcarey.MPC2000\Desktop\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\InstallGui.exe
FirewallRules: [{A806055B-49D6-4534-8261-6DECE9805F7D}] => (Allow) C:\Users\dcarey.MPC2000\Desktop\Lexmark_BSD_Software_AEA_Installation_Package\InstallationPackage\InstallationPackage\Install\x86\InstallGui.exe
FirewallRules: [{E2A2EB07-FCFA-4BD4-AB7E-9CE424E2AD5E}] => (Allow) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
FirewallRules: [{945D8174-3937-44BF-AC15-0A24C706D6BC}] => (Allow) C:\Program Files\Seagull\BarTender Suite\BtSystem.Service.exe
FirewallRules: [{71818811-CC3F-4B43-AB53-E51B735FF5E8}] => (Allow) C:\Program Files\Seagull\BarTender Suite\HistoryExplorer.exe
FirewallRules: [{B9885AFC-6F47-4121-A536-E2EC185A7D08}] => (Allow) C:\Program Files\Seagull\BarTender Suite\HistoryExplorer.exe
FirewallRules: [{583CF7F5-4ED8-4E06-A9CE-6BD651B6AA5B}] => (Allow) C:\Program Files\Seagull\BarTender Suite\ReprintConsole.exe
FirewallRules: [{D403BAB7-7EAC-44A4-98CE-8C2FED29E720}] => (Allow) C:\Program Files\Seagull\BarTender Suite\ReprintConsole.exe
FirewallRules: [{688F377D-0514-4F50-B848-31DD3E4AF6EA}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseWizard.exe
FirewallRules: [{E22162A7-088A-471D-98EA-EEAECA005480}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseWizard.exe
FirewallRules: [{6DB79620-DCD6-48ED-A3D3-7265EADF8DF1}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseSetup.exe
FirewallRules: [{B6C65AAF-59E8-4E76-9CB3-98C367F1A1BF}] => (Allow) C:\Program Files\Seagull\BarTender Suite\SystemDatabaseSetup.exe
FirewallRules: [{1765221D-283C-4402-BDF4-71254DF6431F}] => (Allow) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe
FirewallRules: [{8AE80355-96ED-42A1-898E-6F38F41A53EC}] => (Allow) C:\Program Files\Seagull\BarTender Suite\Maestro.Service.exe

==================== Restore Points =========================

13-01-2018 03:31:34 Windows Update
17-01-2018 11:22:38 Windows Update
20-01-2018 03:00:12 Windows Update
23-01-2018 11:22:03 Windows Update
27-01-2018 11:22:38 Windows Update
31-01-2018 11:22:57 Windows Update
06-02-2018 11:23:29 Windows Update
08-02-2018 01:20:01 HPSF Restore Point
09-02-2018 11:24:10 Windows Update
09-02-2018 17:15:29 JRT Pre-Junkware Removal
10-02-2018 11:43:18 Windows Update
10-02-2018 14:27:29 Windows Update
10-02-2018 15:02:22 Restore Point Created by FRST

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/11/2018 09:17:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79267
Faulting module name: MSVCR100.dll_unloaded, version: 0.0.0.0, time stamp: 0x4df2be1e
Exception code: 0xc0000005
Fault offset: 0x70ebb65a
Faulting process id: 0x888
Faulting application start time: 0x01d3a34afb89d487
Faulting application path: C:\Windows\system32\wbem\wmiprvse.exe
Faulting module path: MSVCR100.dll
Report Id: bbfd45a2-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x1680
Faulting application start time: 0x01d3a34b0a2ce501
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 47e0943d-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x1620
Faulting application start time: 0x01d3a34b0a1516ab
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 47cb2756-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x15b0
Faulting application start time: 0x01d3a34b09f88577
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 47b0f791-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x152c
Faulting application start time: 0x01d3a34b09de55b2
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 4794665d-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: TeamAgent.dll, version: 16.8.36.1, time stamp: 0x4f064b55
Exception code: 0xc0000409
Fault offset: 0x00033159
Faulting process id: 0x14a8
Faulting application start time: 0x01d3a34b09a794b9
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: c:\Program Files\Intel\NCS2\Agent\TeamAgent.dll
Report Id: 475b43f5-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x144c
Faulting application start time: 0x01d3a34b097cbaeb
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 4743759f-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x13ec
Faulting application start time: 0x01d3a34b0964ec95
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 47189bd1-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x1374
Faulting application start time: 0x01d3a34b094abcd0
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 46fe6c0c-0f3e-11e8-a803-24be050ee650

Error: (02/11/2018 09:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCS2Prov.exe, version: 16.8.36.1, time stamp: 0x4f064a05
Faulting module name: NcsColib.dll, version: 16.8.36.1, time stamp: 0x4f0647ae
Exception code: 0xc0000005
Fault offset: 0x00046b00
Faulting process id: 0x12fc
Faulting application start time: 0x01d3a34b09308d0b
Faulting application path: c:\Program Files\Intel\NCS2\WMIProv\NCS2Prov.exe
Faulting module path: C:\Windows\system32\NcsColib.dll
Report Id: 46e43c47-0f3e-11e8-a803-24be050ee650


System errors:
=============
Error: (02/11/2018 08:56:44 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/11/2018 08:56:44 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/11/2018 08:56:44 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942523.

Error: (02/11/2018 08:56:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (02/11/2018 05:09:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/11/2018 05:09:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 126348080 service to connect.

Error: (02/10/2018 04:30:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the propwin service to connect.

Error: (02/10/2018 04:30:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 22189083 service to connect.

Error: (02/10/2018 03:03:42 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.

Error: (02/10/2018 03:03:42 PM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 413) (User: NT AUTHORITY)
Description: Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147942523.


CodeIntegrity:
===================================
  Date: 2018-02-11 09:20:07.096
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 09:03:45.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:57:17.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:56:57.456
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:56:52.340
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:56:06.943
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:28:35.647
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:28:34.120
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:28:30.533
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2018-02-11 08:28:28.335
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\SRSLabs\{176F4E15-8F7C-4833-ADED-81FAE8CCD186}\sluapo32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 3471.59 MB
Available physical RAM: 2249.51 MB
Total Virtual: 6941.53 MB
Available Virtual: 5846.05 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:460.66 GB) (Free:399.31 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:4.9 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{dacec1c4-1bc1-11e6-84fc-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
\\?\Volume{dacec1c5-1bc1-11e6-84fc-806e6f6e6963}\ (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.09 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 487E5E4F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=460.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=101 MB) - (Type=27)

==================== End of Addition.txt ============================



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 11 February 2018 - 02:16 PM

Hi,

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\126348080]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\1331061089]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\22189083]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\2908309541]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\68248159]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\81030320]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\1331061089]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\2908309541]


Restart the computer when completed.

You can delete the fixme.reg file when done.


Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

S2 126348080; %SystemRoot%\9824712.exe
S2 1331061089; %SystemRoot%\24044624.exe
S2 22189083; %SystemRoot%\25420896.exe
S2 2908309541; %SystemRoot%\23652824.exe
S2 68248159; %SystemRoot%\9234904.exe
S2 81030320; %SystemRoot%\14213880.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

The IP address in bold is not recongnized.
Was this set by you?

[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-]) -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{DF148D09-4919-4328-A219-B0A5E14AF8D0} | NameServer : 172.31.31.200,8.8.8.8 ([][-]) -> Not selected

==========


Please post the RogueKiller log.

Let me know if the problem persists.

Edited by nasdaq, 11 February 2018 - 02:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users