Jump to content

C0nrad

Members
  • Content Count

    13
  • Joined

  • Last visited

About C0nrad

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. We use Chrome and most of the block notices occur with gmail and pandora in Chrome. Please see attached report. Thank you for the information on the Action Center and how Malwarebytes blocks threats. mbst-grab-results.zip
  2. Everything seems to be working great thus far. thank you for your help
  3. Hello thanks for your help thus far Below is the fixlog, along with the scan report from step 3. However, I can not complete step 4. Upon opening windows defender there is a pop up that states "This app has been turned off and isn't monitoring your computer." After going into the action center of control panel and under the security tab, "Malwarebytes is turned on" is listed under the virus protection where I would normally find Windows Defender. Is this correct? I have the end point protection from Malwarebytes Thanks Fixlog.txt scan report.txt
  4. Thank you for the reply - attached is the file. mbst-grab-results.zip
  5. I had removed some malware from a machine a few weeks ago as noted in this thread Malware from dl.okblcm.co on computer I have noticed that Malwarebytes has been blocking a trojan site several times a day and this is the report Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/13/19 Protection Event Time: 7:41 AM Log File: 4764e77c-bdbf-11e9-8a91-fcaa1421364a.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11983 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: IP Address: 121.156.134.3 Port: [51131] Type: Outbound File: C:\ProgramData\DataFiles\Microsoft\Fonts\up.exe (end) In the previous thread I noticed that this file was picked up by MSRT but is still present on my machine. How do I go about removing the file to prevent further trojan site attempts.
  6. My apologies for delay. Computer is fixed. Many thanks for your help!
  7. I will be able to check tomorrow night and post a response
  8. Thank you Kevin for the response. Attached you will find the Fixlog and below is the MSRT recent log date and time. Also Malwarebytes also intercepted the following trojan site right before I began the second set of instructions. I copied the report below Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 8/2/19 Protection Event Time: 12:24 PM Log File: f2cbb555-b541-11e9-9238-fcaa1421364a.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11828 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Trojan Domain: IP Address: 185.244.25.180 Port: [1900] Type: Inbound File: (end) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3) Started On Fri Aug 2 12:22:53 2019 Engine: 1.1.16000.6 Signatures: 1.295.1362.0 MpGear: 1.1.15747.1 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 2 12:24:47 2019 Return code: 0 (0x0) Thank you Fixlog.txt
  9. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/1/19 Scan Time: 5:15 PM Log File: 88b4ce95-b4a1-11e9-b45e-fcaa1421364a.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11816 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: ChiroServer\Chiro Server -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 328623 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 3 min, 17 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Injector, C:\WINDOWS\SYSTEM32\MSC6224FF0APP.DLL, Quarantined, [688], [712748],1.0.11816 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 8/1/19 Scan Time: 8:58 AM Log File: 1555a436-b45c-11e9-8d12-fcaa1421364a.json -Software Information- Version: 3.8.3.2965 Components Version: 1.0.613 Update Package Version: 1.0.11806 License: Trial -System Information- OS: Windows 8.1 CPU: x64 File System: NTFS User: ChiroServer\Chiro Server -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 327316 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 1 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Trojan.Crypt.GO, C:\WINDOWS\TEMP\SYSGUARD.EXE, Quarantined, [8169], [694836],1.0.11806 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) # ------------------------------- # Malwarebytes AdwCleaner 7.4.0.0 # ------------------------------- # Build: 07-23-2019 # Database: 2019-07-22.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 08-01-2019 # Duration: 00:00:04 # OS: Windows 8.1 Pro # Cleaned: 43 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\SOFTWARE\Classes\ctTOOLBAR.ctToolBarCtrl.3 Deleted HKLM\Software\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPDigitalImaging Deleted Preinstalled.HPSupportAssistant ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2442 octets] - [28/02/2019 12:13:50] AdwCleaner[C00].txt - [2386 octets] - [28/02/2019 12:14:12] AdwCleaner[S01].txt - [1748 octets] - [01/08/2019 19:13:15] AdwCleaner[S02].txt - [1809 octets] - [01/08/2019 19:14:24] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019 Ran by Chiro Server (administrator) on CHIROSERVER (Gigabyte Technology Co., Ltd. H81M-HD3) (01-08-2019 19:17:49) Running from C:\Users\Chiro Server\Desktop Loaded Profiles: Chiro Server & chirotouch (Available Profiles: Chiro Server & chirotouch & LogMeInRemoteUser) Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Integrated Practice Solutions, Inc.) [File not signed] E:\Program Files\PSChiro\CTMessagingService.exe (Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Users\Chiro Server\Desktop\adwcleaner_7.4.exe (Managed Offsite Backup -> Online Backup and Recovery Manager) C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe (Managed Offsite Backup -> Online Backup and Recovery Manager) C:\Program Files (x86)\Online Backup and Recovery Manager\SUpdateNotifier.exe (Meinberg Funkuhren GmbH & Co. KG -> ) C:\Program Files (x86)\NTP\bin\ntpd.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wiawow64.exe (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [445928 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.) HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe" HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc. -> Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2017-04-05] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2892800 2017-03-30] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe [61472 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Online Backup and Recovery Manager\SMessaging.exe [67104 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Online Backup and Recovery Manager\AccountCreatorRunner.exe [22048 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-11] (Google Inc -> Google Inc.) HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation) HKU\S-1-5-21-1564996262-345107913-3834639567-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Windows -> Microsoft Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.) HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2014-11-14] ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2014-11-14] ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) [File not signed] Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (No File) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-12-24] ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) [File not signed] Startup: C:\Users\Chiro Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-18] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {063B7CCC-BD2B-4401-B62E-6F0A7DA421EB} - System32\Tasks\ChiroTouch Payment Processing Task => E:\Program Files\PSChiro\AutoPaymentProcessor.exe [35840 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] Task: {06987367-0905-4E16-8FA9-155002049E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe Task: {1FAD98DC-8704-46CE-BA67-A3B33857DAC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {2D8AC97C-5116-420E-A245-9BA7FF7943F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {6312A266-08D5-4CC5-B7DA-F426A2489B10} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Online Backup and Recovery Manager\SUpdateNotifier.exe [69664 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) Task: {785E829C-5FA8-4F4A-B700-AD29D2FF1039} - System32\Tasks\Online Backup and Recovery Manager - LC0013 => C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe [61472 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) Task: {7FCA925A-6175-4241-BC18-457AC1525615} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {8287E76A-1A99-44AE-B6FE-54040D67504B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Task: {878166DE-7093-4EC8-8CC0-952A265C5B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.) Task: {8CE55B38-B42E-42AF-A9B4-71459D423B54} - System32\Tasks\ChiroTouch Update Task => E:\Program Files\PSChiro\AutoUpdate\ct-updater.exe [50688 2019-06-19] (Integrated Practice Solutions) [File not signed] Task: {92540D19-22B5-447F-8D72-72A2A956AF6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {A1FC4EE2-0BB3-4AE4-AAE9-69565F2930A9} - System32\Tasks\CTSecureLocalBakCompression => "E:\Program Files\PSChiro\Database\Backup\compress-bak.cmd" Task: {AD0E3CED-8900-4DFC-879C-D2603D6B02BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {C45D2D84-DEC1-4740-9925-0617C5260164} - System32\Tasks\Check CTSecure SAGENTSERVICE => "E:\Program Files\PSChiro\Database\CTSecure\CheckServiceCTSecureSAGENTSERVICE.cmd" Task: {D3143C6C-3FBE-40E8-A2F3-F57D86531076} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn Task: {D3143C6C-3FBE-40E8-A2F3-F57D86531076} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run Task: {F49A8EFD-0415-4B79-A8BF-F0346631BEF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) Task: {FD447E71-F27F-4E73-9239-D64AA069B88E} - System32\Tasks\ChiroTouch DB Backup Task => E:\Program Files\PSChiro\demaint.exe [90112 2019-06-19] (ChiroTouch) [File not signed] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e33bf844-d3c3-46e6-8b10-48157225928b} <==== ATTENTION (Restriction - IP) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{36A62E59-B234-4B82-BC69-B84A262532D9}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = URLSearchHook: [S-1-5-21-1564996262-345107913-3834639567-1004] ATTENTION => Default URLSearchHook is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Chiro Server\AppData\Roaming\Mozilla\Firefox\Profiles\1m0yfbvr.default [2019-03-01] FF NetworkProxy: Mozilla\Firefox\Profiles\1m0yfbvr.default -> type", 0 FF Extension: (Google Code Correction) - C:\Users\Chiro Server\AppData\Roaming\Mozilla\Firefox\Profiles\1m0yfbvr.default\features\{8b061f70-366d-4faf-9ffe-27c46fba9ff5}\google-code-correction@mozilla.org.xpi [2018-06-19] [Legacy] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG -> Nero AG) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2017-03-03] FF Plugin ProgramFiles/Appdata: C:\Users\Chiro Server\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-14] Chrome: ======= CHR DefaultProfile: Default CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.pandora.com/station/4010841139109569296","hxxps://www.clover.com/dashboard","hxxps://member.chiro-trust.org/" CHR Profile: C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default [2019-08-01] CHR Extension: (Google Drive) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17] CHR Extension: (Adobe Acrobat) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-18] CHR Extension: (Google Docs Offline) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16] CHR Extension: (Cisco Webex Extension) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06] CHR Extension: (Chrome Media Router) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24] CHR HKU\S-1-5-21-1564996262-345107913-3834639567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed] S2 ChiroTouch Communicator Service; E:\Program Files\PSChiro\ChiroTouch.Communicator\ChiroTouch.Communicator.exe [112640 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] S2 ChiroTouchDataAgentService; E:\Program Files\PSChiro\DataService\DataAgent.exe [22016 2019-06-19] (Integrated Practice Solutions) [File not signed] S2 ConnectEHR_Agent; E:\Program Files\PSChiro\ConnectEHRAgent\ConnectEHR Agent.exe [67584 2019-06-19] (Dynamic Health IT, Inc.) [File not signed] S2 CQMsolution_Agent; E:\Program Files\PSChiro\CQMAgent\CQMAgent.exe [39424 2019-06-19] (Dynamic Health IT, Inc.) [File not signed] S2 CTIncorporateResult; E:\Program Files\PSChiro\CTIncorporateResult.exe [21504 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] U2 CTMessagingService; E:\Program Files\PSChiro\CTMessagingService.exe [44032 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] S2 CTMobileService; E:\Program Files\PSChiro\CTMobileService.exe [285184 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] S2 CTRcopiaService; E:\Program Files\PSChiro\CTRCopiaService.exe [15872 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] S2 CTReportingService; E:\Program Files\PSChiro\CTReportingService.exe [26112 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed] R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation - pGFX -> Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation) S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [585704 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc. -> LogMeIn, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation -> Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NTP; C:\Program Files (x86)\NTP\bin\ntpd.exe [1005776 2017-03-23] (Meinberg Funkuhren GmbH & Co. KG -> ) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] S2 sagentservice; C:\Program Files (x86)\Online Backup and Recovery Manager\SAgent.Service.exe [49696 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager) S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH) R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2018-07-23] (Microsoft) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2018-07-23] (Microsoft) [File not signed] S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X] S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X] S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X] S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X] S2 MsC6224FF0App; C:\Windows\System32\MsC6224FF0App.dll [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider) S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider) S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes) R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-08-01] (Malwarebytes Corporation -> Malwarebytes) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed] R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.) S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: MsC6224FF0App -> C:\Windows\System32\MsC6224FF0App.dll ==> No File ==================== One month (created) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-01 19:17 - 2019-08-01 19:18 - 000030285 _____ C:\Users\Chiro Server\Desktop\FRST.txt 2019-08-01 19:17 - 2019-08-01 19:17 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2019-08-01 19:17 - 2019-08-01 19:17 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2019-08-01 19:17 - 2019-08-01 19:17 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2019-08-01 19:16 - 2019-08-01 19:16 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2019-08-01 19:11 - 2019-08-01 19:12 - 007623880 _____ (Malwarebytes) C:\Users\Chiro Server\Desktop\adwcleaner_7.4.exe 2019-08-01 17:24 - 2019-08-01 17:24 - 002131598 _____ C:\Users\Chiro Server\Desktop\Christian Reyes Intake.pdf 2019-08-01 17:14 - 2019-08-01 17:14 - 000171947 _____ C:\Users\Chiro Server\Desktop\Christian Reyes ID.pdf 2019-08-01 16:32 - 2019-08-01 16:32 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2019-08-01 16:32 - 2019-08-01 16:32 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2019-08-01 16:32 - 2019-08-01 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2019-08-01 16:32 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2019-08-01 16:30 - 2019-08-01 16:30 - 000000042 _____ C:\Users\Chiro Server\Desktop\virus.txt 2019-08-01 16:29 - 2019-08-01 18:37 - 000011020 _____ C:\Users\Chiro Server\Desktop\Book1.xlsx 2019-08-01 16:28 - 2019-08-01 16:28 - 064333800 _____ (Malwarebytes ) C:\Users\Chiro Server\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe 2019-08-01 15:02 - 2019-08-01 15:02 - 002096128 _____ (Farbar) C:\Users\Chiro Server\Desktop\FRST64.exe 2019-08-01 11:53 - 2019-08-01 11:53 - 001432848 _____ (Microsoft Corporation) C:\Users\Chiro Server\Downloads\NDP472-KB4054531-Web.exe 2019-08-01 11:48 - 2019-08-01 11:48 - 002207472 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (61).exe 2019-08-01 11:19 - 2019-08-01 11:19 - 001821145 _____ C:\Users\Chiro Server\Desktop\Brett Stuart Intake.pdf 2019-08-01 10:42 - 2019-08-01 10:42 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (60).exe 2019-08-01 09:21 - 2019-08-01 09:21 - 000171322 _____ C:\Users\Chiro Server\Desktop\Brett Stuart.pdf 2019-08-01 09:14 - 2019-08-01 09:14 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (59).exe 2019-08-01 09:04 - 2019-08-01 09:04 - 000000072 _____ C:\Windows\SysWOW64\20190801_090329_C01290_response 2019-07-31 15:16 - 2019-07-31 15:16 - 000306137 _____ C:\Users\Chiro Server\Desktop\Anthony Plisko Ins Verification.pdf 2019-07-31 15:04 - 2019-07-31 15:00 - 001795735 _____ C:\Users\Chiro Server\Desktop\Denise Venezia Intake.pdf 2019-07-31 14:54 - 2019-07-31 14:54 - 000069228 _____ C:\Users\Chiro Server\Desktop\Denise Venezia Ins.pdf 2019-07-31 14:53 - 2019-07-31 14:51 - 000105694 _____ C:\Users\Chiro Server\Desktop\Denise Venezia DL.pdf 2019-07-31 14:15 - 2019-07-31 14:15 - 000858605 _____ C:\Users\Chiro Server\Desktop\Janet Hutchinson Standard Life Ins Payment 7.5.19.pdf 2019-07-31 02:06 - 2019-07-31 02:06 - 000003338 _____ C:\Windows\System32\Tasks\ChiroTouch DB Backup Task 2019-07-31 02:06 - 2019-07-31 02:06 - 000003302 _____ C:\Windows\System32\Tasks\ChiroTouch Update Task 2019-07-31 02:06 - 2019-07-31 02:06 - 000003228 _____ C:\Windows\System32\Tasks\ChiroTouch Payment Processing Task 2019-07-31 02:05 - 2019-08-01 10:06 - 000001783 _____ C:\Users\Public\Desktop\ChiroTouch Launcher.lnk 2019-07-31 02:04 - 2019-08-01 18:53 - 000000000 ____D C:\ProgramData\ChiroTouch 2019-07-30 16:16 - 2019-07-30 16:14 - 001687235 _____ C:\Users\Chiro Server\Desktop\V LaCroix Records Sent 7.30.19.pdf 2019-07-30 16:13 - 2019-07-30 16:12 - 000706436 _____ C:\Users\Chiro Server\Desktop\V LaCroix Records Request.pdf 2019-07-30 15:02 - 2019-07-30 15:05 - 000000000 ____D C:\Users\Chiro Server\Desktop\Unused Apps 2019-07-30 15:00 - 2019-07-30 15:00 - 000000000 ____D C:\Users\Chiro Server\Desktop\Normatec 2019-07-30 12:16 - 2019-07-30 12:16 - 000707089 _____ C:\Users\Chiro Server\Desktop\Permit 19-4741 NOC.pdf 2019-07-30 10:21 - 2019-08-01 16:43 - 000056153 _____ C:\Users\Chiro Server\Desktop\The Everything Spreadsheet.xlsx 2019-07-27 11:22 - 2019-07-27 11:22 - 000000074 _____ C:\Windows\SysWOW64\20190727_112150_148A1F_response 2019-07-23 14:36 - 2019-07-23 14:36 - 000000073 _____ C:\Windows\SysWOW64\20190723_143529_22AEC2_response 2019-07-23 10:09 - 2019-07-23 10:09 - 000095380 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222975.pdf 2019-07-22 20:16 - 2019-07-22 20:16 - 000000073 _____ C:\Windows\SysWOW64\20190722_201534_874B52_response 2019-07-22 19:56 - 2019-07-22 19:56 - 000000073 _____ C:\Windows\SysWOW64\20190722_195500_5D5993_response 2019-07-22 16:58 - 2019-07-22 16:58 - 000000073 _____ C:\Windows\SysWOW64\20190722_165743_04BA7D_response 2019-07-22 16:57 - 2019-07-22 16:57 - 000000073 _____ C:\Windows\SysWOW64\20190722_165642_E91A90_response 2019-07-22 10:31 - 2019-07-22 10:31 - 000095190 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222977.pdf 2019-07-22 10:31 - 2019-07-22 10:31 - 000093010 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222978.pdf 2019-07-22 10:31 - 2019-07-22 10:31 - 000092848 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222976.pdf 2019-07-19 14:34 - 2019-07-19 14:35 - 001033366 _____ C:\Users\Chiro Server\Downloads\New Member Application - East Broward County Editable V1.0.pdf 2019-07-19 14:34 - 2019-07-19 14:34 - 000271790 _____ C:\Users\Chiro Server\Downloads\NPI ByLaws 06092018 Traditional BOD MT.pdf 2019-07-18 15:33 - 2019-07-30 15:01 - 000000000 ____D C:\Users\Chiro Server\Desktop\Great overview of “abnormalities” found on scans in people without pain._files 2019-07-18 09:55 - 2019-07-18 09:55 - 002508423 _____ C:\Users\Chiro Server\Downloads\REC - STAND UP MRI - MRI C & L SPINE - 4-15-19.pdf 2019-07-17 16:07 - 2019-07-17 16:07 - 001704431 _____ C:\Users\Chiro Server\Downloads\XRAY Compressed (zipped) Folder.zip 2019-07-15 09:19 - 2019-07-15 09:19 - 000276719 _____ C:\Users\Chiro Server\Documents\Thais Brozoza Ins.pdf 2019-07-10 16:20 - 2019-07-10 16:20 - 002207984 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (58).exe 2019-07-09 22:49 - 2019-06-24 23:54 - 001368080 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2019-07-09 22:49 - 2019-06-24 22:59 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2019-07-09 22:49 - 2019-06-24 22:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe 2019-07-09 22:49 - 2019-06-24 22:07 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2019-07-09 22:49 - 2019-06-24 21:48 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll 2019-07-09 22:49 - 2019-06-24 21:44 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll 2019-07-09 22:49 - 2019-06-24 21:42 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll 2019-07-09 22:49 - 2019-06-24 21:41 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2019-07-09 22:49 - 2019-06-24 21:41 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll 2019-07-09 22:49 - 2019-06-24 21:39 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2019-07-09 22:49 - 2019-06-24 21:36 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll 2019-07-09 22:49 - 2019-06-24 21:31 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2019-07-09 22:49 - 2019-06-24 21:28 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe 2019-07-09 22:49 - 2019-06-24 21:26 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll 2019-07-09 22:49 - 2019-06-18 00:34 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2019-07-09 22:49 - 2019-06-18 00:07 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2019-07-09 22:49 - 2019-06-17 23:59 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2019-07-09 22:49 - 2019-06-17 23:56 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2019-07-09 22:49 - 2019-06-17 23:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2019-07-09 22:49 - 2019-06-17 23:39 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2019-07-09 22:49 - 2019-06-17 23:29 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2019-07-09 22:49 - 2019-06-17 23:28 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2019-07-09 22:49 - 2019-06-17 23:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2019-07-09 22:49 - 2019-06-17 23:19 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2019-07-09 22:49 - 2019-06-17 23:13 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll 2019-07-09 22:49 - 2019-06-17 23:08 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2019-07-09 22:49 - 2019-06-17 23:07 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2019-07-09 22:49 - 2019-06-17 23:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2019-07-09 22:49 - 2019-06-17 23:06 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll 2019-07-09 22:49 - 2019-06-17 23:03 - 013706752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2019-07-09 22:49 - 2019-06-17 23:03 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2019-07-09 22:49 - 2019-06-17 22:55 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2019-07-09 22:49 - 2019-06-17 22:55 - 000214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll 2019-07-09 22:49 - 2019-06-17 22:44 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2019-07-09 22:49 - 2019-06-17 22:43 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2019-07-09 22:49 - 2019-06-17 22:42 - 001349120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll 2019-07-09 22:49 - 2019-06-17 22:41 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2019-07-09 22:49 - 2019-06-17 22:39 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2019-07-09 22:49 - 2019-06-17 22:33 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll 2019-07-09 22:49 - 2019-06-15 11:22 - 000910848 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2019-07-09 22:49 - 2019-06-11 20:51 - 000169256 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2019-07-09 22:49 - 2019-06-11 09:37 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe 2019-07-09 22:49 - 2019-06-11 09:35 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe 2019-07-09 22:49 - 2019-06-10 17:42 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2019-07-09 22:49 - 2019-06-10 17:42 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2019-07-09 22:49 - 2019-06-08 12:09 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2019-07-09 22:49 - 2019-06-08 11:55 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll 2019-07-09 22:49 - 2019-06-08 11:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2019-07-09 22:49 - 2019-06-08 11:33 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll 2019-07-09 22:49 - 2019-06-08 10:55 - 007035392 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2019-07-09 22:49 - 2019-06-08 10:53 - 006217216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2019-07-09 22:49 - 2019-06-06 18:49 - 007362800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2019-07-09 22:49 - 2019-06-06 13:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2019-07-09 22:49 - 2019-06-02 11:42 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe 2019-07-09 22:49 - 2019-05-24 22:32 - 002013432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2019-07-09 22:49 - 2019-05-15 16:33 - 000333552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys 2019-07-09 22:49 - 2019-05-14 20:53 - 000136800 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2019-07-09 22:49 - 2019-05-14 10:18 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2019-07-09 22:39 - 2019-06-24 22:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2019-07-09 22:39 - 2019-06-24 22:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2019-07-09 16:58 - 2019-07-09 16:58 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (57).exe 2019-07-09 13:05 - 2019-07-09 13:05 - 000016279 _____ C:\Users\Chiro Server\Downloads\452498550.449841439.20190709 (1).pdf 2019-07-09 08:54 - 2019-07-09 08:54 - 000016279 _____ C:\Users\Chiro Server\Downloads\452498550.449841439.20190709.pdf 2019-07-08 11:14 - 2019-07-08 11:14 - 000043948 _____ C:\Users\Chiro Server\Downloads\452498550.1TR36816348.20190627.pdf 2019-07-08 11:04 - 2019-07-08 11:04 - 000010359 _____ C:\Users\Chiro Server\Downloads\452498550.1TR37306052.20190705.pdf 2019-07-08 10:17 - 2019-07-08 10:17 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (56).exe 2019-07-02 12:25 - 2019-07-02 12:25 - 000095159 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim93163646.pdf 2019-07-02 09:28 - 2019-07-02 09:28 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (55).exe ==================== One month (modified) ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2019-08-01 19:17 - 2019-02-28 13:17 - 000000000 ____D C:\FRST 2019-08-01 19:17 - 2019-02-28 12:07 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2019-08-01 19:17 - 2014-11-14 20:48 - 000000000 ____D C:\ProgramData\Online Backup and Recovery Manager 2019-08-01 19:16 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2019-08-01 19:15 - 2016-03-21 11:34 - 000000000 ____D C:\Users\Chiro Server\AppData\Roaming\Hewlett-Packard 2019-08-01 19:15 - 2016-03-21 11:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard 2019-08-01 19:15 - 2016-03-21 10:32 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\Hewlett-Packard 2019-08-01 19:15 - 2016-03-21 10:32 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard 2019-08-01 19:10 - 2017-10-17 15:02 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1564996262-345107913-3834639567-1001 2019-08-01 19:10 - 2014-11-11 15:57 - 000958216 _____ C:\Windows\system32\PerfStringBackup.INI 2019-08-01 19:10 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf 2019-08-01 18:27 - 2019-03-18 17:50 - 000013601 _____ C:\Users\Chiro Server\Desktop\Alyssa's Hours2019.xlsx 2019-08-01 16:38 - 2018-04-23 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChiroTouch 2019-08-01 16:32 - 2019-02-28 13:08 - 000000000 ____D C:\ProgramData\Malwarebytes 2019-08-01 16:31 - 2013-08-22 10:44 - 000490272 _____ C:\Windows\system32\FNTCACHE.DAT 2019-08-01 16:30 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI 2019-08-01 15:28 - 2018-05-16 17:02 - 000003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8EECA2E6-9D77-4B19-B02A-991A52C09617} 2019-08-01 13:22 - 2015-02-11 17:49 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\LogMeIn Rescue Applet 2019-08-01 13:13 - 2014-11-14 20:34 - 000000000 ____D C:\Users\Chiro Server\Documents\SQL Server Management Studio 2019-08-01 11:52 - 2014-11-18 11:54 - 002358272 ___SH C:\Users\Chiro Server\Downloads\Thumbs.db 2019-08-01 11:03 - 2014-12-11 17:54 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\CrashDumps 2019-08-01 09:04 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF 2019-07-31 22:38 - 2018-09-05 10:38 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE 2019-07-31 18:28 - 2018-11-01 07:35 - 001056768 _____ C:\Windows\system32\secedit.sdb 2019-07-31 14:54 - 2014-11-15 01:27 - 005345792 ___SH C:\Users\Chiro Server\Desktop\Thumbs.db 2019-07-31 02:06 - 2014-11-14 20:46 - 000000000 ____D C:\Program Files (x86)\NTP 2019-07-29 16:57 - 2014-11-18 17:42 - 007215616 ___SH C:\Users\Chiro Server\Documents\Thumbs.db 2019-07-27 18:39 - 2014-11-11 15:55 - 000000000 ____D C:\Users\Chiro Server 2019-07-25 17:11 - 2018-09-24 17:15 - 000000000 ____D C:\Users\Chiro Server\Desktop\New Patient Intakes 2019-07-24 21:34 - 2014-11-14 20:45 - 000000000 ____D C:\Users\chirotouch 2019-07-24 16:06 - 2017-03-03 11:34 - 000000000 ____D C:\Users\Chiro Server\Desktop\OFFICE INFO AND FILES 2019-07-17 08:52 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp 2019-07-15 08:51 - 2014-12-15 09:15 - 000000000 ____D C:\Windows\system32\appraiser 2019-07-15 08:51 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Dism 2019-07-15 08:51 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Dism 2019-07-11 21:03 - 2014-11-11 18:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2019-07-11 20:56 - 2013-08-22 09:25 - 000000202 _____ C:\Windows\win.ini 2019-07-11 20:55 - 2014-11-11 16:26 - 000000000 ____D C:\Windows\system32\MRT 2019-07-11 20:53 - 2014-11-11 16:26 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2019-07-09 16:05 - 2014-11-11 16:27 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== FLock ================ 2014-11-11 15:54 C:\Windows\CSC ==================== SigCheck =============================== (There is no automatic fix for files that do not pass verification.) LastRegBack: 2017-08-19 10:28 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019 Ran by Chiro Server (01-08-2019 19:18:52) Running from C:\Users\Chiro Server\Desktop Windows 8.1 Pro (Update) (X64) (2014-11-11 19:54:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1564996262-345107913-3834639567-500 - Administrator - Disabled) Chiro Server (S-1-5-21-1564996262-345107913-3834639567-1001 - Administrator - Enabled) => C:\Users\Chiro Server chirotouch (S-1-5-21-1564996262-345107913-3834639567-1004 - Administrator - Enabled) => C:\Users\chirotouch Guest (S-1-5-21-1564996262-345107913-3834639567-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1564996262-345107913-3834639567-1003 - Limited - Enabled) LogMeInRemoteUser (S-1-5-21-1564996262-345107913-3834639567-1009 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden 6500_E709_eDocs (HKLM-x32\...\{AA787E05-E835-4812-AA3D-4048C8A46587}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709_Help (HKLM-x32\...\{F53B432E-BD19-4400-BFA0-2BBD16410F8F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden 6500_E709n (HKLM-x32\...\{6FEDAA68-D9C4-4042-BECC-9C2656A7B606}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) bpd_scan (HKLM-x32\...\{0E52A52C-E120-461C-AA1B-21B045BEE842}) (Version: 3.00.0000 - Hewlett-Packard) Hidden BPDSoftware (HKLM-x32\...\{8E663D89-A2EA-46B6-AD38-A427A3348309}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (HKLM-x32\...\{99F67894-9486-413F-94E1-8B12B1606EAB}) (Version: 1.00.0000 - Hewlett-Packard) Hidden BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{163B98AC-0284-4031-9582-55B6DCD78EF0}) (Version: 4.0.0.182 - Brother Industries, Ltd.) Hidden Brother iPrint&Scan (HKLM-x32\...\{a2ad8fab-de88-4376-b41b-0f4c54ce1aaa}) (Version: 4.0.0.182 - Brother Industries, Ltd.) Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Port Driver (HKLM-x32\...\{EEA8DF77-9D7E-421A-A9A8-A6E9894A18A3}) (Version: 1.0.3.3 - Brother Industries Ltd.) Hidden Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.) Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU) CardMinder V4.1 (HKLM-x32\...\{8DCD0779-8811-4060-9227-871E2FD48E45}) (Version: 4.1.10.1 - PFU) Hidden ChiroTouch (HKLM-x32\...\{E9F30FB0-5596-461B-949F-25DADA514200}) (Version: 7.2.561.0 - Integrated Practice Solutions, Inc.) ChiroTouch Server (HKLM-x32\...\{95D2842D-90BF-42F8-9405-16574D99AC8C}) (Version: 7.2.561.0 - Integrated Practice Solutions, Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated) CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.) CTSecure (HKLM-x32\...\{00000000-0000-0000-0000-0000703032F9}) (Version: 7.3.3.760 - Managed Offsite Backup) CTSecure (HKLM-x32\...\{8cf14a8f-3f5f-422d-983d-2e8e38a24105}) (Version: 7.3.3.760 - Managed Offsite Backup) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC) Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.) GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.) GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation) iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.) LogMeIn (HKLM-x32\...\{C842B328-0D7A-48D5-93C3-13FD71CF5885}) (Version: 4.1.9630 - LogMeIn, Inc.) LogMeIn Client (HKLM-x32\...\{8AFDCE81-6BDF-440F-9008-5C8CB886C91B}) (Version: 1.3.2977 - LogMeIn, Inc.) Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation) Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla) Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG) Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG) Network Time Protocol (HKLM-x32\...\NTP) (Version: 4.2.8p10 - ) NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis) Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden ProductContext (HKLM-x32\...\{BC0F3E35-0AFF-4F11-B33D-F6FC31BD1AA0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.) ScanSnap (HKLM-x32\...\{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}) (Version: 5.0.21.1 - PFU Limited) Hidden ScanSnap (HKLM-x32\...\{48000C0E-CA0F-4633-AEB3-0D7175BB2C59}) (Version: 5.1.62.2 - PFU Limited) Hidden ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU) ScanSnap Organizer (HKLM-x32\...\{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}) (Version: 4.1.11.3 - PFU LIMITED) Hidden ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation) SQL Server 2008 R2 SP1 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP1 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer) Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) Packages: ========= Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-07-06] (Microsoft Corporation) [MS Ad] MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad] MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad] Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-07-06] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-07-06] (Skype) [MS Ad] Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-05] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1564996262-345107913-3834639567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google) ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed] ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed] ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google) ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed] ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed] ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed] ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed] ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-11-14 22:37 - 2008-11-12 16:32 - 000014848 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll 2014-11-14 22:35 - 2012-01-18 17:35 - 000385024 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll 2014-11-14 22:35 - 2011-12-14 22:49 - 000233472 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll 2014-11-14 22:35 - 2003-03-26 19:46 - 000135168 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll 2014-11-14 22:35 - 2010-08-24 17:56 - 000167936 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll 2014-11-11 18:34 - 2010-03-15 12:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll 2014-11-14 22:35 - 2003-04-21 15:19 - 000020480 _____ () [File not signed] C:\Windows\SSDriver\fi5110\fjipl.dll 2014-11-14 22:35 - 2003-04-21 15:19 - 000851968 _____ () [File not signed] C:\Windows\SSDriver\fi5110\fjiplA6.DLL 2018-09-05 10:15 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000622592 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ACE.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 001441792 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AdobeScanLibrary.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000450560 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AdobeXMP.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 001359360 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AGM.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000258048 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ARE.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000151552 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AXE16SharedExpat.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000151552 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AXE8SharedExpat.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000180224 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\BIB.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000217088 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\BIBUtils.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 002170880 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\CoolType.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 000561152 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\JP2KLib.dll 2014-11-14 22:35 - 2010-06-18 23:51 - 004132864 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PDFL70.dll 2016-07-29 17:06 - 2016-07-29 17:06 - 000025299 _____ (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll 2016-11-25 10:18 - 2016-11-25 10:18 - 000225280 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe 2016-07-29 17:06 - 2016-07-29 17:06 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll 2017-03-22 17:21 - 2017-03-22 17:21 - 000491008 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2017-03-30 16:39 - 2017-03-30 16:39 - 002892800 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe 2016-10-04 14:25 - 2016-10-04 14:25 - 001708032 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2017-03-22 17:21 - 2017-03-22 17:21 - 000298496 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe 2017-04-05 09:53 - 2017-04-05 09:53 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll 2017-01-27 15:39 - 2017-01-27 15:39 - 000087552 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll 2017-01-27 15:39 - 2017-01-27 15:39 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll 2017-01-27 15:33 - 2017-01-27 15:33 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll 2017-04-05 09:55 - 2017-04-05 09:55 - 001669120 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe 2017-04-05 09:55 - 2017-04-05 09:55 - 000667136 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe 2017-04-05 09:53 - 2017-04-05 09:53 - 000440832 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll 2018-09-05 10:15 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll 2014-11-14 22:35 - 2011-12-27 16:17 - 001294336 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\fjtw32.dll 2019-08-01 19:06 - 2004-12-02 10:36 - 000122880 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\Fjtw6401.fds 2014-11-14 22:35 - 2011-12-27 16:17 - 000352256 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\MERCURY.DLL 2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll 2019-06-19 13:53 - 2019-06-19 13:53 - 000044032 _____ (Integrated Practice Solutions, Inc.) [File not signed] E:\Program Files\PSChiro\CTMessagingService.exe 2014-11-14 22:35 - 2004-09-14 13:16 - 000352256 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ijl15.dll 2014-04-11 10:32 - 2014-04-11 10:32 - 000036352 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe 2013-08-27 15:32 - 2013-08-27 15:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe 2014-11-14 22:35 - 2003-02-21 08:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\MSVCR71.dll 2014-11-15 05:09 - 2014-11-15 05:09 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL 2014-11-15 05:09 - 2014-11-15 05:09 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL 2018-07-23 01:56 - 2018-07-23 01:56 - 000012288 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe 2018-07-23 01:56 - 2018-07-23 01:56 - 000020480 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe 2014-11-14 22:37 - 2009-06-08 11:30 - 000049152 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardDialog.dll 2014-11-14 22:37 - 2009-11-11 15:20 - 000147456 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardFinder.dll 2014-11-14 22:37 - 2009-09-16 14:24 - 000077824 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe 2014-11-14 22:37 - 2009-11-11 11:14 - 000031232 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardMsg.dll 2014-11-14 22:37 - 2009-11-02 12:09 - 000176128 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardWndCmmn.dll 2014-11-14 22:35 - 2005-02-17 12:55 - 000069632 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\distortion.dll 2014-11-14 22:35 - 2002-02-25 19:00 - 000069632 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\IMGPROC2.dll 2014-11-14 22:35 - 2008-10-29 15:00 - 000061440 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\MonoComp.DLL 2014-11-14 22:35 - 2010-07-02 11:20 - 000880640 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\Option\SSCarrierSheetOption\P2IUnite.dll 2014-11-14 22:35 - 2009-03-30 22:31 - 000765952 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IBSKEW.dll 2014-11-14 22:35 - 2010-07-23 10:54 - 000823296 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICRPPR.dll 2014-11-14 22:35 - 2008-07-03 18:58 - 000118784 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IERSDW.dll 2014-11-14 22:35 - 2011-03-18 10:38 - 000249856 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\pfumkocr.dll 2014-11-14 22:35 - 2011-12-21 14:20 - 000266240 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCommon.dll 2014-11-14 22:35 - 2011-12-14 22:49 - 000258048 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsLaunchapp.dll 2014-11-14 22:35 - 2013-01-10 10:45 - 001097728 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe 2014-11-14 22:35 - 2008-11-27 20:23 - 000053248 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsOrgFolder.dll 2014-11-14 22:35 - 2012-01-18 18:07 - 000290816 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsQMSetting.dll 2014-11-14 22:35 - 2011-01-27 13:36 - 000315392 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSvc.dll 2014-11-14 22:35 - 2010-02-04 20:01 - 000225280 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PSLWrapper.dll 2014-11-14 22:35 - 2006-11-01 20:50 - 000054544 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PtsaaEIf.dll 2014-11-14 22:35 - 2005-11-24 13:28 - 000188416 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SignLib.dll 2014-11-14 22:35 - 2008-02-28 20:36 - 001069056 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SsIjl.dll 2014-12-24 12:48 - 2012-01-16 19:19 - 000081920 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\S2OCmnU.dll 2014-12-24 12:48 - 2012-07-12 22:12 - 000634880 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe 2014-12-24 12:48 - 2012-01-16 19:19 - 000010752 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\STOLogOut.dll 2014-11-14 22:37 - 2008-05-09 23:56 - 000102400 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardCommon.dll 2014-11-14 22:37 - 2008-06-17 18:29 - 000077824 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardConfig.dll 2014-11-14 22:37 - 2008-06-17 18:28 - 000110592 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardData.dll 2014-11-14 22:37 - 2008-07-15 18:10 - 000081920 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardHook.dll 2014-11-14 22:37 - 2003-02-19 20:38 - 000176128 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\PGD_FILE\pgd_file.dll 2014-11-14 22:35 - 2008-01-24 17:26 - 000077824 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ErrorDifusion.dll 2014-11-14 22:35 - 2010-04-20 11:33 - 000069632 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IATRES.DLL 2014-11-14 22:35 - 2008-11-08 14:44 - 000147456 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICMUKIS.dll 2014-11-14 22:35 - 2009-06-17 11:41 - 000126976 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDEPTH.DLL 2014-11-14 22:35 - 2008-07-04 10:28 - 000118784 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Igr2mo.dll 2014-11-14 22:35 - 2008-01-18 15:20 - 000106496 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IJDGWP.dll 2014-11-14 22:35 - 2011-03-17 14:52 - 000094208 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IMOCR.dll 2014-11-14 22:35 - 2008-07-03 19:02 - 000057344 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IROTAT.dll 2014-11-14 22:35 - 2008-02-04 12:15 - 000065536 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Iscale.dll 2014-11-14 22:35 - 2012-09-06 20:47 - 000458752 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCtl.dll 2014-11-14 22:35 - 2008-10-29 14:59 - 000053248 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSRGB.dll 2014-11-14 22:35 - 2002-06-19 20:11 - 000516179 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\pgd_file.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_C6224FF0.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ms10000app => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsC6224FF0App => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_C6224FF0.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ms10000app => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsC6224FF0App => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts 2019-02-28 12:07 - 2019-08-01 19:17 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics 192.168.1.4 ChiroServer.mshome.net # 2024 7 2 30 23 17 3 865 ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\QuickTime\QTSystem\ HKU\S-1-5-21-1564996262-345107913-3834639567-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg DNS Servers: 75.75.75.75 - 75.75.76.76 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "LogMeIn GUI" HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{F5E90A05-89BC-4F24-8048-8114CC960812}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7BD4773C-EBAA-49A4-8716-DC998BF2A254}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5CD07043-4368-467F-B78E-FE6D2551DEB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4665CB10-F70D-404E-BB6E-BD1A62412870}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{FF26065E-436A-4AF2-8FB9-2AECF99A747E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG) FirewallRules: [{73549318-92B6-4ED2-AAC5-06759D438FDE}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG) FirewallRules: [{FDBD0C45-CE65-4550-8910-8E937459FCD3}] => (Allow) LPort=123 FirewallRules: [{EF1593AB-1325-4426-BED2-3DE4508681B6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2D953405-30F0-44BF-912C-973BF8900241}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{8B4AD9C5-67D7-4AC6-8A58-75B2FC46F33D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{C52143FD-E4FA-49B2-BD32-0EF2EB4747A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{ED1A3A7E-AF10-4CF7-8CA9-53283B18F237}C:\users\chiro server\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\chiro server\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [UDP Query User{E79DB3B3-A3B5-440C-880D-9726572F405D}C:\users\chiro server\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\chiro server\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [{997E18CA-50FD-46E1-8BCE-7D49A1BA85AA}] => (Allow) LPort=587 FirewallRules: [{A8A68763-C576-4168-B11D-22948218E2E2}] => (Allow) C:\Users\Chiro Server\AppData\Local\Temp\7zS50CB\setup\hpznui40.exe No File FirewallRules: [{7DCDDDE4-F956-4596-9E04-DC1FF2924E77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe No File FirewallRules: [{4E22CAC3-9473-45BA-BA2B-3CA559C519D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe No File FirewallRules: [{07E1A2B3-903B-4295-A4F6-25622B44B8D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe No File FirewallRules: [{440F56F3-17E8-45E9-8B9E-8FACE3076715}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe No File FirewallRules: [{EED86FAF-5769-4272-821D-D95660C862FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe No File FirewallRules: [{A14C0B8D-0FCE-4618-AEC2-EB879D5813A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe No File FirewallRules: [{004B3377-8067-4973-811A-7F5299B32C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe No File FirewallRules: [{EE50D74B-4E22-410B-BBE9-3619F42EE741}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe No File FirewallRules: [{777842F0-8EE5-4E3E-B283-3B1F41B2F2CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe No File FirewallRules: [{B71C184D-F60B-4932-84E3-170051E21F91}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe No File FirewallRules: [{2E5B2E5E-39CF-4720-AD0E-B83B7CE48D84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe No File FirewallRules: [{96E164DA-9713-41CA-82E3-40804C7D3372}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe No File FirewallRules: [{926ADB30-BFBC-417F-803A-31F7E1C50BE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe No File FirewallRules: [{2C85C171-9EAC-4769-9538-95286223D87F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe No File FirewallRules: [{8F756C49-9D44-48B7-A5FB-F8581AD16E6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe No File FirewallRules: [{5E8183E4-A086-433C-B0C7-B43647ED4090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe No File FirewallRules: [{BFB63484-4226-4798-9043-F6F5D5D4752E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard) FirewallRules: [{898441C8-40A3-43DB-A0FC-E72970299527}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{C8A90555-E92F-4FF9-B296-4ABB82A91C38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D061EF27-2F93-4FFC-BAE5-CC8C19755959}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{B9A1654A-5607-4084-8653-D2779155C86B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{F07C76E2-96EE-4A79-A251-B539A2281F2C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D9D0D8A9-5A1D-4DCE-B838-37644847E2A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F316D60A-9BDB-4140-90AD-615FE7722737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{1AC267AD-FDC8-4331-94C7-178FF7AC8F5D}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [UDP Query User{1CF454E1-1537-42A2-853C-F5D36C0CAD5B}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.) FirewallRules: [{F876607D-ACE3-4775-84E6-3137DA1FE757}] => (Allow) LPort=54925 FirewallRules: [{76DBADA8-ACC8-4269-89A1-BAA591C084A9}] => (Allow) LPort=54950 FirewallRules: [{EBE6D998-F251-427F-85F7-A57D12B2D570}] => (Allow) LPort=54955 FirewallRules: [{91F5A344-0038-4869-B86E-284830779511}] => (Allow) LPort=1433 FirewallRules: [{FF31F0B6-5A9C-40D5-B608-B6C32C6478A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{A4EDFD1D-129C-453B-BE1A-2FE31F68695C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{8B4A21F9-4B32-4C5F-BD11-915CF96C8864}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{21A65AFF-7FBC-4063-BF12-C459FC935C3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{60CE1529-D70D-4703-98F2-DB5519515BAD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation) FirewallRules: [TCP Query User{4B6A849C-AA1F-424E-914C-1134167B68BA}C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe] => (Allow) C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe No File FirewallRules: [UDP Query User{49A601C6-583D-4B16-83D2-CC579D099BAB}C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe] => (Allow) C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe No File FirewallRules: [{9E58FC4B-5835-497D-B39C-BAE6C7DCA3E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 13-06-2019 08:26:28 Windows Update 26-06-2019 15:18:43 Removed ChiroTouch. 26-06-2019 15:22:20 Installed ChiroTouch. 26-06-2019 15:31:46 Removed ChiroTouch. 26-06-2019 15:33:28 Installed ChiroTouch. 11-07-2019 20:53:12 Windows Update 17-07-2019 08:51:59 Windows Update 01-08-2019 19:15:28 AdwCleaner_BeforeCleaning_01/08/2019_19:15:27 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Broadcast Receiver Server... Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Wait Workflow Commands request from device. Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Start Server... Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[4]: 192.168.1.4 Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[3]: 2603:3020:24c1:9000:2085:1772:d2a1:da34 Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[2]: 2603:3020:24c1:9000::d012 Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: ) Description: Host.AddressList[1]: 2603:3020:24c1:9000:f45c:2255:d02a:ca8 System errors: ============= Error: (08/01/2019 07:18:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The ChiroTouch Messaging Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Run the configured recovery program. Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 30013) (User: ) Description: The DHCP allocator has disabled itself on IP address 192.168.1.4, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope. Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: ) Description: The ICS_IPV6 failed to configure IPv6 stack. Error: (08/01/2019 07:17:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The ChiroTouch Messaging Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Run the configured recovery program. Error: (08/01/2019 07:16:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP CUE DeviceDiscovery Service service terminated with the following error: The specified module could not be found. Error: (08/01/2019 07:16:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The MsC6224FF0App service terminated with the following error: The specified module could not be found. Windows Defender: =================================== Date: 2019-08-01 16:32:03.630 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C ID: 2147726780 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\MsC6224FF0App.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\SysWOW64\svchost.exe Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4 Date: 2019-08-01 16:24:07.634 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:PowerShell/CoinMiner.C&threatid=2147740830&enterprise=0 Name: TrojanDownloader:PowerShell/CoinMiner.C ID: 2147740830 Severity: Severe Category: Trojan Downloader Path: file:_C:\update.ps1 Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Users\Chiro Server\Desktop\FRST64.exe Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4 Date: 2019-08-01 14:54:08.450 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\DataFiles\Microsoft\Fonts\up.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\cmd.exe Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4 Date: 2019-08-01 14:53:46.715 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0 Name: Trojan:Win32/Wacatac.B!ml ID: 2147735505 Severity: Severe Category: Trojan Path: file:_C:\ProgramData\DataFiles\Microsoft\Fonts\up.exe Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\System32\cmd.exe Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4 Date: 2019-08-01 08:55:27.784 Description: Windows Defender has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0 Name: Trojan:Win32/Occamy.C ID: 2147726780 Severity: Severe Category: Trojan Path: file:_C:\Windows\System32\MsC6224FF0App.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\SysWOW64\svchost.exe Signature Version: AV: 1.299.981.0, AS: 1.299.981.0, NIS: 119.0.0.0 Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4 Date: 2019-08-01 06:28:19.616 Description: Windows Defender has encountered an error trying to upload a suspicious file for further analysis. Filename: C:\Windows\System32\ms10000app.dll Sha256: Current Signature Version: AV: 1.299.981.0, AS: 1.299.981.0 Current Engine Version: 1.1.16200.1 Error code: 0x80508016 CodeIntegrity: =================================== Date: 2019-08-01 19:18:30.890 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 19:18:27.984 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 19:12:42.061 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 19:12:39.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 16:25:11.358 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 16:25:07.513 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 16:25:03.732 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2019-08-01 16:24:59.849 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. F5 05/13/2014 Motherboard: Gigabyte Technology Co., Ltd. H81M-HD3 Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz Percentage of memory in use: 37% Total physical RAM: 8068.73 MB Available physical RAM: 5034.45 MB Total Virtual: 9924.73 MB Available Virtual: 6959.52 MB ==================== Drives ================================ Drive 😄 () (Fixed) (Total:223.23 GB) (Free:117.57 GB) NTFS Drive e: (Chiro Back up) (Fixed) (Total:2794.39 GB) (Free:2776.8 GB) NTFS \\?\Volume{a4114001-6a61-11e4-824b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: A864B881) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Thanks for the reply, you will see the two malwarebytes log at the top as the 5pm is the most recent when I completed the instructions. I did run malwarebytes this morning and that is the second log from 8:58am Thank you for your assistance thus far
  10. I had event occur today on a computer and after a google search I see this okblcm recently common. Found this on the event viewer " Beginning a Windows Installer transaction: http://dl.okblcm.co/3ae5j2cmh43b66ufr4ulr5rsa.jpg. Client Process Id: 2400." Followed by "Product: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU -- Installation completed successfully." "Windows Installer installed the product. Product Name: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU. Product Version: 1.0.0.0. Product Language: 1033. Manufacturer: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU. Installation success or error status: 0." And then a system restart. What is best way to proceed? Thanks
  11. Yes problem has been resolved. Thanks
  12. Thank you for the quick response. I proceeded as your instructions stated Below is the file Thank you for your help thus far Fixlog.txt
  13. I have the virus that does the manual proxy server address lock to http+127.0.0.1:8080 I followed instructions seen on here and here are the log that I did in sequence as has been recommended on other threads I think my next step is a fixlist.txt file placed in the same location as the FRST.txt and Addition.txt files and hit Fix button? Thank you for help malware threat scan.txt adwcleaner log.txt FRST.txt Addition.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.