Jump to content

Recommended Posts

I had event occur today on a computer and after a google search I see this okblcm recently common.

Found this on the event viewer

" Beginning a Windows Installer transaction: http://dl.okblcm.co/3ae5j2cmh43b66ufr4ulr5rsa.jpg. Client Process Id: 2400."

Followed by 

"Product: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU -- Installation completed successfully."

"Windows Installer installed the product. Product Name: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU. Product Version: 1.0.0.0. Product Language: 1033. Manufacturer: TWswYcZBwsCp9mJm3RZGatfnnMNLEUtjTSWU. Installation success or error status: 0."

And then a system restart. 

What is best way to proceed? Thanks

Link to post
Share on other sites

Hello C0nrad and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/19
Scan Time: 5:15 PM
Log File: 88b4ce95-b4a1-11e9-b45e-fcaa1421364a.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11816
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: ChiroServer\Chiro Server

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 328623
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 17 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Injector, C:\WINDOWS\SYSTEM32\MSC6224FF0APP.DLL, Quarantined, [688], [712748],1.0.11816

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/1/19
Scan Time: 8:58 AM
Log File: 1555a436-b45c-11e9-8d12-fcaa1421364a.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11806
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: ChiroServer\Chiro Server

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 327316
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 53 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Trojan.Crypt.GO, C:\WINDOWS\TEMP\SYSGUARD.EXE, Quarantined, [8169], [694836],1.0.11806

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build:    07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    08-01-2019
# Duration: 00:00:04
# OS:       Windows 8.1 Pro
# Cleaned:  43
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\SOFTWARE\Classes\ctTOOLBAR.ctToolBarCtrl.3
Deleted       HKLM\Software\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.HPDigitalImaging
Deleted       Preinstalled.HPSupportAssistant


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2442 octets] - [28/02/2019 12:13:50]
AdwCleaner[C00].txt - [2386 octets] - [28/02/2019 12:14:12]
AdwCleaner[S01].txt - [1748 octets] - [01/08/2019 19:13:15]
AdwCleaner[S02].txt - [1809 octets] - [01/08/2019 19:14:24]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2019
Ran by Chiro Server (administrator) on CHIROSERVER (Gigabyte Technology Co., Ltd. H81M-HD3) (01-08-2019 19:17:49)
Running from C:\Users\Chiro Server\Desktop
Loaded Profiles: Chiro Server & chirotouch (Available Profiles: Chiro Server & chirotouch & LogMeInRemoteUser)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Integrated Practice Solutions, Inc.) [File not signed] E:\Program Files\PSChiro\CTMessagingService.exe
(Intel Corporation - pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Users\Chiro Server\Desktop\adwcleaner_7.4.exe
(Managed Offsite Backup -> Online Backup and Recovery Manager) C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe
(Managed Offsite Backup -> Online Backup and Recovery Manager) C:\Program Files (x86)\Online Backup and Recovery Manager\SUpdateNotifier.exe
(Meinberg Funkuhren GmbH & Co. KG -> ) C:\Program Files (x86)\NTP\bin\ntpd.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wiawow64.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
(Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
(PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
(PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671792 2014-03-14] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [445928 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-10-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2017-04-05] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2892800 2017-03-30] (Brother Industries, Ltd.) [File not signed]
HKLM-x32\...\Run: [M17A] => C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe [77312 2017-10-19] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe [61472 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\Online Backup and Recovery Manager\SMessaging.exe [67104 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\Online Backup and Recovery Manager\AccountCreatorRunner.exe [22048 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-11-11] (Google Inc -> Google Inc.)
HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-1564996262-345107913-3834639567-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\Installer\chrmstp.exe [2019-07-16] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-02] (Adobe Inc. -> Adobe Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{65CD7F9B-E8F3-4bb0-82EB-6F6875B745DF}] -> C:\Windows\system32\LMIinit.dll [2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CardMinder Viewer.lnk [2014-11-14]
ShortcutTarget: CardMinder Viewer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk [2014-11-14]
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-21]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk [2014-12-24]
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) [File not signed]
Startup: C:\Users\Chiro Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-08-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {063B7CCC-BD2B-4401-B62E-6F0A7DA421EB} - System32\Tasks\ChiroTouch Payment Processing Task => E:\Program Files\PSChiro\AutoPaymentProcessor.exe [35840 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
Task: {06987367-0905-4E16-8FA9-155002049E10} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
Task: {1FAD98DC-8704-46CE-BA67-A3B33857DAC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {2D8AC97C-5116-420E-A245-9BA7FF7943F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {6312A266-08D5-4CC5-B7DA-F426A2489B10} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\Online Backup and Recovery Manager\SUpdateNotifier.exe [69664 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
Task: {785E829C-5FA8-4F4A-B700-AD29D2FF1039} - System32\Tasks\Online Backup and Recovery Manager - LC0013 => C:\Program Files (x86)\Online Backup and Recovery Manager\sosuploadagent.exe [61472 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
Task: {7FCA925A-6175-4241-BC18-457AC1525615} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8287E76A-1A99-44AE-B6FE-54040D67504B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {878166DE-7093-4EC8-8CC0-952A265C5B4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {8CE55B38-B42E-42AF-A9B4-71459D423B54} - System32\Tasks\ChiroTouch Update Task => E:\Program Files\PSChiro\AutoUpdate\ct-updater.exe [50688 2019-06-19] (Integrated Practice Solutions) [File not signed]
Task: {92540D19-22B5-447F-8D72-72A2A956AF6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
Task: {A1FC4EE2-0BB3-4AE4-AAE9-69565F2930A9} - System32\Tasks\CTSecureLocalBakCompression => "E:\Program Files\PSChiro\Database\Backup\compress-bak.cmd" 
Task: {AD0E3CED-8900-4DFC-879C-D2603D6B02BF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {C45D2D84-DEC1-4740-9925-0617C5260164} - System32\Tasks\Check CTSecure SAGENTSERVICE => "E:\Program Files\PSChiro\Database\CTSecure\CheckServiceCTSecureSAGENTSERVICE.cmd" 
Task: {D3143C6C-3FBE-40E8-A2F3-F57D86531076} - System32\Tasks\PowerENGAGE => Command(1): msiexec -> /f {BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1} /quiet /qn
Task: {D3143C6C-3FBE-40E8-A2F3-F57D86531076} - System32\Tasks\PowerENGAGE => Command(2): PowerENGAGE.exe -> scheduled-run
Task: {F49A8EFD-0415-4B79-A8BF-F0346631BEF8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD447E71-F27F-4E73-9239-D64AA069B88E} - System32\Tasks\ChiroTouch DB Backup Task => E:\Program Files\PSChiro\demaint.exe [90112 2019-06-19] (ChiroTouch) [File not signed]

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{e33bf844-d3c3-46e6-8b10-48157225928b} <==== ATTENTION (Restriction - IP)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{36A62E59-B234-4B82-BC69-B84A262532D9}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
URLSearchHook: [S-1-5-21-1564996262-345107913-3834639567-1004] ATTENTION => Default URLSearchHook is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2019-06-25] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-23] (Google Inc -> Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-23] (Google Inc -> Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2017-08-15] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Chiro Server\AppData\Roaming\Mozilla\Firefox\Profiles\1m0yfbvr.default [2019-03-01]
FF NetworkProxy: Mozilla\Firefox\Profiles\1m0yfbvr.default -> type", 0
FF Extension: (Google Code Correction) - C:\Users\Chiro Server\AppData\Roaming\Mozilla\Firefox\Profiles\1m0yfbvr.default\features\{8b061f70-366d-4faf-9ffe-27c46fba9ff5}\google-code-correction@mozilla.org.xpi [2018-06-19] [Legacy]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-08-27] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-08-10] (Nero AG -> Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2017-03-03]
FF Plugin ProgramFiles/Appdata: C:\Users\Chiro Server\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-07-14]

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://mail.google.com/mail/u/0/#inbox","hxxps://www.pandora.com/station/4010841139109569296","hxxps://www.clover.com/dashboard","hxxps://member.chiro-trust.org/"
CHR Profile: C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default [2019-08-01]
CHR Extension: (Google Drive) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-17]
CHR Extension: (Adobe Acrobat) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-06-18]
CHR Extension: (Google Docs Offline) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Cisco Webex Extension) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2019-07-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06]
CHR Extension: (Chrome Media Router) - C:\Users\Chiro Server\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-24]
CHR HKU\S-1-5-21-1564996262-345107913-3834639567-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [298496 2017-03-22] (Brother Industries, Ltd.) [File not signed]
S2 ChiroTouch Communicator Service; E:\Program Files\PSChiro\ChiroTouch.Communicator\ChiroTouch.Communicator.exe [112640 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
S2 ChiroTouchDataAgentService; E:\Program Files\PSChiro\DataService\DataAgent.exe [22016 2019-06-19] (Integrated Practice Solutions) [File not signed]
S2 ConnectEHR_Agent; E:\Program Files\PSChiro\ConnectEHRAgent\ConnectEHR Agent.exe [67584 2019-06-19] (Dynamic Health IT, Inc.) [File not signed]
S2 CQMsolution_Agent; E:\Program Files\PSChiro\CQMAgent\CQMAgent.exe [39424 2019-06-19] (Dynamic Health IT, Inc.) [File not signed]
S2 CTIncorporateResult; E:\Program Files\PSChiro\CTIncorporateResult.exe [21504 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
U2 CTMessagingService; E:\Program Files\PSChiro\CTMessagingService.exe [44032 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
S2 CTMobileService; E:\Program Files\PSChiro\CTMobileService.exe [285184 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
S2 CTRcopiaService; E:\Program Files\PSChiro\CTRCopiaService.exe [15872 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
S2 CTReportingService; E:\Program Files\PSChiro\CTReportingService.exe [26112 2019-06-19] (Integrated Practice Solutions, Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation - pGFX -> Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Trusted Connect Service -> Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419304 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [585704 2018-06-29] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-06-15] (LogMeIn, Inc. -> LogMeIn, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTP; C:\Program Files (x86)\NTP\bin\ntpd.exe [1005776 2017-03-23] (Meinberg Funkuhren GmbH & Co. KG -> )
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 sagentservice; C:\Program Files (x86)\Online Backup and Recovery Manager\SAgent.Service.exe [49696 2018-11-12] (Managed Offsite Backup -> Online Backup and Recovery Manager)
S4 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-09-28] (TeamViewer GmbH -> TeamViewer GmbH)
R2 USBAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe [12288 2018-07-23] (Microsoft) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
R2 WorkflowAppControl; C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe [20480 2018-07-23] (Microsoft) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [X]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [X]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 MsC6224FF0App; C:\Windows\System32\MsC6224FF0App.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Broadcom Corporation -> Windows (R) Win 7 DDK provider)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Hewlett-Packard Company -> Windows (R) Win 7 DDK provider)
S3 dot4usb; C:\Windows\system32\DRIVERS\dot4usb.sys [49056 2012-10-19] (Hewlett-Packard Company -> Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R2 LMIInfo; C:\Windows\system32\drivers\LMIInfo.sys [30432 2017-01-11] (LogMeIn, Inc. -> LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [199768 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [224408 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [116112 2019-08-01] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-16] (Apple, Inc.) [File not signed]
R3 VUSB3HUB; C:\Windows\System32\drivers\ViaHub3.sys [227840 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [14464 2008-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Western Digital Technologies)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
R3 xhcdrv; C:\Windows\System32\drivers\xhcdrv.sys [297472 2013-09-25] (Microsoft Windows Hardware Compatibility Publisher -> VIA Technologies, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MsC6224FF0App -> C:\Windows\System32\MsC6224FF0App.dll ==> No File

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 19:17 - 2019-08-01 19:18 - 000030285 _____ C:\Users\Chiro Server\Desktop\FRST.txt
2019-08-01 19:17 - 2019-08-01 19:17 - 000224408 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2019-08-01 19:17 - 2019-08-01 19:17 - 000116112 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2019-08-01 19:17 - 2019-08-01 19:17 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2019-08-01 19:16 - 2019-08-01 19:16 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-08-01 19:11 - 2019-08-01 19:12 - 007623880 _____ (Malwarebytes) C:\Users\Chiro Server\Desktop\adwcleaner_7.4.exe
2019-08-01 17:24 - 2019-08-01 17:24 - 002131598 _____ C:\Users\Chiro Server\Desktop\Christian Reyes Intake.pdf
2019-08-01 17:14 - 2019-08-01 17:14 - 000171947 _____ C:\Users\Chiro Server\Desktop\Christian Reyes ID.pdf
2019-08-01 16:32 - 2019-08-01 16:32 - 000199768 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2019-08-01 16:32 - 2019-08-01 16:32 - 000001883 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-08-01 16:32 - 2019-08-01 16:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-08-01 16:32 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-08-01 16:30 - 2019-08-01 16:30 - 000000042 _____ C:\Users\Chiro Server\Desktop\virus.txt
2019-08-01 16:29 - 2019-08-01 18:37 - 000011020 _____ C:\Users\Chiro Server\Desktop\Book1.xlsx
2019-08-01 16:28 - 2019-08-01 16:28 - 064333800 _____ (Malwarebytes ) C:\Users\Chiro Server\Downloads\mb3-setup-43841.43841-3.8.3.2965-1.0.613-1.0.11270.exe
2019-08-01 15:02 - 2019-08-01 15:02 - 002096128 _____ (Farbar) C:\Users\Chiro Server\Desktop\FRST64.exe
2019-08-01 11:53 - 2019-08-01 11:53 - 001432848 _____ (Microsoft Corporation) C:\Users\Chiro Server\Downloads\NDP472-KB4054531-Web.exe
2019-08-01 11:48 - 2019-08-01 11:48 - 002207472 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (61).exe
2019-08-01 11:19 - 2019-08-01 11:19 - 001821145 _____ C:\Users\Chiro Server\Desktop\Brett Stuart Intake.pdf
2019-08-01 10:42 - 2019-08-01 10:42 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (60).exe
2019-08-01 09:21 - 2019-08-01 09:21 - 000171322 _____ C:\Users\Chiro Server\Desktop\Brett Stuart.pdf
2019-08-01 09:14 - 2019-08-01 09:14 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (59).exe
2019-08-01 09:04 - 2019-08-01 09:04 - 000000072 _____ C:\Windows\SysWOW64\20190801_090329_C01290_response
2019-07-31 15:16 - 2019-07-31 15:16 - 000306137 _____ C:\Users\Chiro Server\Desktop\Anthony Plisko Ins Verification.pdf
2019-07-31 15:04 - 2019-07-31 15:00 - 001795735 _____ C:\Users\Chiro Server\Desktop\Denise Venezia Intake.pdf
2019-07-31 14:54 - 2019-07-31 14:54 - 000069228 _____ C:\Users\Chiro Server\Desktop\Denise Venezia Ins.pdf
2019-07-31 14:53 - 2019-07-31 14:51 - 000105694 _____ C:\Users\Chiro Server\Desktop\Denise Venezia DL.pdf
2019-07-31 14:15 - 2019-07-31 14:15 - 000858605 _____ C:\Users\Chiro Server\Desktop\Janet Hutchinson Standard Life Ins Payment 7.5.19.pdf
2019-07-31 02:06 - 2019-07-31 02:06 - 000003338 _____ C:\Windows\System32\Tasks\ChiroTouch DB Backup Task
2019-07-31 02:06 - 2019-07-31 02:06 - 000003302 _____ C:\Windows\System32\Tasks\ChiroTouch Update Task
2019-07-31 02:06 - 2019-07-31 02:06 - 000003228 _____ C:\Windows\System32\Tasks\ChiroTouch Payment Processing Task
2019-07-31 02:05 - 2019-08-01 10:06 - 000001783 _____ C:\Users\Public\Desktop\ChiroTouch Launcher.lnk
2019-07-31 02:04 - 2019-08-01 18:53 - 000000000 ____D C:\ProgramData\ChiroTouch
2019-07-30 16:16 - 2019-07-30 16:14 - 001687235 _____ C:\Users\Chiro Server\Desktop\V LaCroix Records Sent 7.30.19.pdf
2019-07-30 16:13 - 2019-07-30 16:12 - 000706436 _____ C:\Users\Chiro Server\Desktop\V LaCroix Records Request.pdf
2019-07-30 15:02 - 2019-07-30 15:05 - 000000000 ____D C:\Users\Chiro Server\Desktop\Unused Apps
2019-07-30 15:00 - 2019-07-30 15:00 - 000000000 ____D C:\Users\Chiro Server\Desktop\Normatec
2019-07-30 12:16 - 2019-07-30 12:16 - 000707089 _____ C:\Users\Chiro Server\Desktop\Permit 19-4741 NOC.pdf
2019-07-30 10:21 - 2019-08-01 16:43 - 000056153 _____ C:\Users\Chiro Server\Desktop\The Everything Spreadsheet.xlsx
2019-07-27 11:22 - 2019-07-27 11:22 - 000000074 _____ C:\Windows\SysWOW64\20190727_112150_148A1F_response
2019-07-23 14:36 - 2019-07-23 14:36 - 000000073 _____ C:\Windows\SysWOW64\20190723_143529_22AEC2_response
2019-07-23 10:09 - 2019-07-23 10:09 - 000095380 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222975.pdf
2019-07-22 20:16 - 2019-07-22 20:16 - 000000073 _____ C:\Windows\SysWOW64\20190722_201534_874B52_response
2019-07-22 19:56 - 2019-07-22 19:56 - 000000073 _____ C:\Windows\SysWOW64\20190722_195500_5D5993_response
2019-07-22 16:58 - 2019-07-22 16:58 - 000000073 _____ C:\Windows\SysWOW64\20190722_165743_04BA7D_response
2019-07-22 16:57 - 2019-07-22 16:57 - 000000073 _____ C:\Windows\SysWOW64\20190722_165642_E91A90_response
2019-07-22 10:31 - 2019-07-22 10:31 - 000095190 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222977.pdf
2019-07-22 10:31 - 2019-07-22 10:31 - 000093010 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222978.pdf
2019-07-22 10:31 - 2019-07-22 10:31 - 000092848 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim94222976.pdf
2019-07-19 14:34 - 2019-07-19 14:35 - 001033366 _____ C:\Users\Chiro Server\Downloads\New Member Application - East Broward County Editable V1.0.pdf
2019-07-19 14:34 - 2019-07-19 14:34 - 000271790 _____ C:\Users\Chiro Server\Downloads\NPI ByLaws 06092018 Traditional BOD MT.pdf
2019-07-18 15:33 - 2019-07-30 15:01 - 000000000 ____D C:\Users\Chiro Server\Desktop\Great overview of “abnormalities” found on scans in people without pain._files
2019-07-18 09:55 - 2019-07-18 09:55 - 002508423 _____ C:\Users\Chiro Server\Downloads\REC - STAND UP MRI - MRI C & L SPINE - 4-15-19.pdf
2019-07-17 16:07 - 2019-07-17 16:07 - 001704431 _____ C:\Users\Chiro Server\Downloads\XRAY Compressed (zipped) Folder.zip
2019-07-15 09:19 - 2019-07-15 09:19 - 000276719 _____ C:\Users\Chiro Server\Documents\Thais Brozoza Ins.pdf
2019-07-10 16:20 - 2019-07-10 16:20 - 002207984 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (58).exe
2019-07-09 22:49 - 2019-06-24 23:54 - 001368080 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2019-07-09 22:49 - 2019-06-24 22:59 - 004169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2019-07-09 22:49 - 2019-06-24 22:36 - 000128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2019-07-09 22:49 - 2019-06-24 22:07 - 001994240 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2019-07-09 22:49 - 2019-06-24 21:48 - 001756160 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2019-07-09 22:49 - 2019-06-24 21:44 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2019-07-09 22:49 - 2019-06-24 21:42 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2019-07-09 22:49 - 2019-06-24 21:41 - 001085440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2019-07-09 22:49 - 2019-06-24 21:41 - 000302080 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2019-07-09 22:49 - 2019-06-24 21:39 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2019-07-09 22:49 - 2019-06-24 21:36 - 001549824 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2019-07-09 22:49 - 2019-06-24 21:31 - 001494016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-07-09 22:49 - 2019-06-24 21:28 - 000827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2019-07-09 22:49 - 2019-06-24 21:26 - 000238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2019-07-09 22:49 - 2019-06-18 00:34 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2019-07-09 22:49 - 2019-06-18 00:07 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2019-07-09 22:49 - 2019-06-17 23:59 - 005775872 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2019-07-09 22:49 - 2019-06-17 23:56 - 020274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-07-09 22:49 - 2019-06-17 23:56 - 000790528 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2019-07-09 22:49 - 2019-06-17 23:39 - 000496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-07-09 22:49 - 2019-06-17 23:29 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-07-09 22:49 - 2019-06-17 23:28 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2019-07-09 22:49 - 2019-06-17 23:20 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2019-07-09 22:49 - 2019-06-17 23:19 - 015311872 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2019-07-09 22:49 - 2019-06-17 23:13 - 000166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2019-07-09 22:49 - 2019-06-17 23:08 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2019-07-09 22:49 - 2019-06-17 23:07 - 004494336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-07-09 22:49 - 2019-06-17 23:06 - 004858880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2019-07-09 22:49 - 2019-06-17 23:06 - 000269312 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2019-07-09 22:49 - 2019-06-17 23:03 - 013706752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-07-09 22:49 - 2019-06-17 23:03 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2019-07-09 22:49 - 2019-06-17 22:55 - 001557504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2019-07-09 22:49 - 2019-06-17 22:55 - 000214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2019-07-09 22:49 - 2019-06-17 22:44 - 004386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-07-09 22:49 - 2019-06-17 22:43 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2019-07-09 22:49 - 2019-06-17 22:42 - 001349120 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2019-07-09 22:49 - 2019-06-17 22:41 - 001323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-07-09 22:49 - 2019-06-17 22:39 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2019-07-09 22:49 - 2019-06-17 22:33 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2019-07-09 22:49 - 2019-06-15 11:22 - 000910848 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2019-07-09 22:49 - 2019-06-11 20:51 - 000169256 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2019-07-09 22:49 - 2019-06-11 09:37 - 000293888 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2019-07-09 22:49 - 2019-06-11 09:35 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2019-07-09 22:49 - 2019-06-10 17:42 - 001712640 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000801792 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000732160 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000501760 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000456192 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000315904 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2019-07-09 22:49 - 2019-06-10 17:42 - 000257024 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2019-07-09 22:49 - 2019-06-08 12:09 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2019-07-09 22:49 - 2019-06-08 11:55 - 001101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2019-07-09 22:49 - 2019-06-08 11:43 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2019-07-09 22:49 - 2019-06-08 11:33 - 000856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2019-07-09 22:49 - 2019-06-08 10:55 - 007035392 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2019-07-09 22:49 - 2019-06-08 10:53 - 006217216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2019-07-09 22:49 - 2019-06-06 18:49 - 007362800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2019-07-09 22:49 - 2019-06-06 13:14 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2019-07-09 22:49 - 2019-06-02 11:42 - 000365056 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2019-07-09 22:49 - 2019-05-24 22:32 - 002013432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2019-07-09 22:49 - 2019-05-15 16:33 - 000333552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2019-07-09 22:49 - 2019-05-14 20:53 - 000136800 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2019-07-09 22:49 - 2019-05-14 10:18 - 003718144 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2019-07-09 22:39 - 2019-06-24 22:59 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2019-07-09 22:39 - 2019-06-24 22:24 - 000129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2019-07-09 16:58 - 2019-07-09 16:58 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (57).exe
2019-07-09 13:05 - 2019-07-09 13:05 - 000016279 _____ C:\Users\Chiro Server\Downloads\452498550.449841439.20190709 (1).pdf
2019-07-09 08:54 - 2019-07-09 08:54 - 000016279 _____ C:\Users\Chiro Server\Downloads\452498550.449841439.20190709.pdf
2019-07-08 11:14 - 2019-07-08 11:14 - 000043948 _____ C:\Users\Chiro Server\Downloads\452498550.1TR36816348.20190627.pdf
2019-07-08 11:04 - 2019-07-08 11:04 - 000010359 _____ C:\Users\Chiro Server\Downloads\452498550.1TR37306052.20190705.pdf
2019-07-08 10:17 - 2019-07-08 10:17 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (56).exe
2019-07-02 12:25 - 2019-07-02 12:25 - 000095159 _____ C:\Users\Chiro Server\Downloads\ASHLinkClaim93163646.pdf
2019-07-02 09:28 - 2019-07-02 09:28 - 002054896 _____ (LogMeIn, Inc.) C:\Users\Chiro Server\Downloads\Support-LogMeInRescue (55).exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-08-01 19:17 - 2019-02-28 13:17 - 000000000 ____D C:\FRST
2019-08-01 19:17 - 2019-02-28 12:07 - 000000440 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2019-08-01 19:17 - 2014-11-14 20:48 - 000000000 ____D C:\ProgramData\Online Backup and Recovery Manager
2019-08-01 19:16 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-08-01 19:15 - 2016-03-21 11:34 - 000000000 ____D C:\Users\Chiro Server\AppData\Roaming\Hewlett-Packard
2019-08-01 19:15 - 2016-03-21 11:11 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2019-08-01 19:15 - 2016-03-21 10:32 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\Hewlett-Packard
2019-08-01 19:15 - 2016-03-21 10:32 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2019-08-01 19:10 - 2017-10-17 15:02 - 000003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1564996262-345107913-3834639567-1001
2019-08-01 19:10 - 2014-11-11 15:57 - 000958216 _____ C:\Windows\system32\PerfStringBackup.INI
2019-08-01 19:10 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2019-08-01 18:27 - 2019-03-18 17:50 - 000013601 _____ C:\Users\Chiro Server\Desktop\Alyssa's Hours2019.xlsx
2019-08-01 16:38 - 2018-04-23 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChiroTouch
2019-08-01 16:32 - 2019-02-28 13:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-08-01 16:31 - 2013-08-22 10:44 - 000490272 _____ C:\Windows\system32\FNTCACHE.DAT
2019-08-01 16:30 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2019-08-01 15:28 - 2018-05-16 17:02 - 000003966 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8EECA2E6-9D77-4B19-B02A-991A52C09617}
2019-08-01 13:22 - 2015-02-11 17:49 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\LogMeIn Rescue Applet
2019-08-01 13:13 - 2014-11-14 20:34 - 000000000 ____D C:\Users\Chiro Server\Documents\SQL Server Management Studio
2019-08-01 11:52 - 2014-11-18 11:54 - 002358272 ___SH C:\Users\Chiro Server\Downloads\Thumbs.db
2019-08-01 11:03 - 2014-12-11 17:54 - 000000000 ____D C:\Users\Chiro Server\AppData\Local\CrashDumps
2019-08-01 09:04 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\NDF
2019-07-31 22:38 - 2018-09-05 10:38 - 000000000 ____D C:\Program Files (x86)\PowerENGAGE
2019-07-31 18:28 - 2018-11-01 07:35 - 001056768 _____ C:\Windows\system32\secedit.sdb
2019-07-31 14:54 - 2014-11-15 01:27 - 005345792 ___SH C:\Users\Chiro Server\Desktop\Thumbs.db
2019-07-31 02:06 - 2014-11-14 20:46 - 000000000 ____D C:\Program Files (x86)\NTP
2019-07-29 16:57 - 2014-11-18 17:42 - 007215616 ___SH C:\Users\Chiro Server\Documents\Thumbs.db
2019-07-27 18:39 - 2014-11-11 15:55 - 000000000 ____D C:\Users\Chiro Server
2019-07-25 17:11 - 2018-09-24 17:15 - 000000000 ____D C:\Users\Chiro Server\Desktop\New Patient Intakes
2019-07-24 21:34 - 2014-11-14 20:45 - 000000000 ____D C:\Users\chirotouch
2019-07-24 16:06 - 2017-03-03 11:34 - 000000000 ____D C:\Users\Chiro Server\Desktop\OFFICE INFO AND FILES
2019-07-17 08:52 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2019-07-15 08:51 - 2014-12-15 09:15 - 000000000 ____D C:\Windows\system32\appraiser
2019-07-15 08:51 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\SysWOW64\Dism
2019-07-15 08:51 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Dism
2019-07-11 21:03 - 2014-11-11 18:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2019-07-11 20:56 - 2013-08-22 09:25 - 000000202 _____ C:\Windows\win.ini
2019-07-11 20:55 - 2014-11-11 16:26 - 000000000 ____D C:\Windows\system32\MRT
2019-07-11 20:53 - 2014-11-11 16:26 - 136618864 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-07-09 16:05 - 2014-11-11 16:27 - 000741432 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== FLock ================

2014-11-11 15:54 C:\Windows\CSC

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2017-08-19 10:28
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2019
Ran by Chiro Server (01-08-2019 19:18:52)
Running from C:\Users\Chiro Server\Desktop
Windows 8.1 Pro (Update) (X64) (2014-11-11 19:54:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1564996262-345107913-3834639567-500 - Administrator - Disabled)
Chiro Server (S-1-5-21-1564996262-345107913-3834639567-1001 - Administrator - Enabled) => C:\Users\Chiro Server
chirotouch (S-1-5-21-1564996262-345107913-3834639567-1004 - Administrator - Enabled) => C:\Users\chirotouch
Guest (S-1-5-21-1564996262-345107913-3834639567-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1564996262-345107913-3834639567-1003 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-1564996262-345107913-3834639567-1009 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
6500_E709_eDocs (HKLM-x32\...\{AA787E05-E835-4812-AA3D-4048C8A46587}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (HKLM-x32\...\{F53B432E-BD19-4400-BFA0-2BBD16410F8F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (HKLM-x32\...\{6FEDAA68-D9C4-4042-BECC-9C2656A7B606}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
ABBYY FineReader for ScanSnap (TM) 4.1 (HKLM-x32\...\{FB400000-0002-0000-0000-074957833700}) (Version: 8.02.380.7259 - ABBYY)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20035 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
bpd_scan (HKLM-x32\...\{0E52A52C-E120-461C-AA1B-21B045BEE842}) (Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (HKLM-x32\...\{8E663D89-A2EA-46B6-AD38-A427A3348309}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (HKLM-x32\...\{99F67894-9486-413F-94E1-8B12B1606EAB}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
BrLauncher (HKLM-x32\...\{42D26B47-887C-45FC-BCAE-0BE485C5C0BB}) (Version: 2.0.11.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{190861E7-09C5-42D8-BB4B-0AFB234BCFC1}) (Version: 1.0.3.1 - Brother Industries Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{163B98AC-0284-4031-9582-55B6DCD78EF0}) (Version: 4.0.0.182 - Brother Industries, Ltd.) Hidden
Brother iPrint&Scan (HKLM-x32\...\{a2ad8fab-de88-4376-b41b-0f4c54ce1aaa}) (Version: 4.0.0.182 - Brother Industries, Ltd.)
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{EEA8DF77-9D7E-421A-A9A8-A6E9894A18A3}) (Version: 1.0.3.3 - Brother Industries Ltd.) Hidden
Brother PowerENGAGE (HKLM-x32\...\{05421625-9BA9-482B-ACF2-794221A06F4E}) (Version: 1.0.23 - Aviata, Inc.)
Brother Printer Driver (HKLM-x32\...\{272543B6-B337-4C8F-B9F1-19E884C2C7AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{1162495D-7CE7-4EF9-A0F8-151196F3A660}) (Version: 1.0.17.1 - Brother Industries Ltd.) Hidden
BrSupportTools (HKLM-x32\...\{32F47565-84B1-42CC-B09A-4CDDD9A32F94}) (Version: 1.0.20.0 - Brother Industries Ltd.) Hidden
CardMinder (HKLM-x32\...\{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}) (Version: V4.1L10 - PFU)
CardMinder V4.1 (HKLM-x32\...\{8DCD0779-8811-4060-9227-871E2FD48E45}) (Version: 4.1.10.1 - PFU) Hidden
ChiroTouch (HKLM-x32\...\{E9F30FB0-5596-461B-949F-25DADA514200}) (Version: 7.2.561.0 - Integrated Practice Solutions, Inc.)
ChiroTouch Server (HKLM-x32\...\{95D2842D-90BF-42F8-9405-16574D99AC8C}) (Version: 7.2.561.0 - Integrated Practice Solutions, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ControlCenter4 (HKLM-x32\...\{9091B952-8719-49C3-9CC7-6E20EC61081F}) (Version: 4.6.6.1 - Brother Industries, Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{FD8A9511-BFC9-43B5-BB75-9CEC0EA03CF0}) (Version: 4.6.1.1 - Brother Industries, Ltd.) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.8) (Version: 5.0.1.8 - Coupons.com Incorporated)
CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.)
CTSecure (HKLM-x32\...\{00000000-0000-0000-0000-0000703032F9}) (Version: 7.3.3.760 - Managed Offsite Backup)
CTSecure (HKLM-x32\...\{8cf14a8f-3f5f-422d-983d-2e8e38a24105}) (Version: 7.3.3.760 - Managed Offsite Backup) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 75.0.3770.142 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{2C183CF0-3077-43D0-B001-F93AC5E68942}) (Version: 1.0.487 - LogMeIn, Inc.)
GoToMeeting 8.10.0.7495 (HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\GoToMeeting) (Version: 8.10.0.7495 - LogMeIn, Inc.)
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
LogMeIn (HKLM-x32\...\{C842B328-0D7A-48D5-93C3-13FD71CF5885}) (Version: 4.1.9630 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{8AFDCE81-6BDF-440F-9008-5C8CB886C91B}) (Version: 1.3.2977 - LogMeIn, Inc.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 57.0.0.6525 - Mozilla)
Nero 12 (HKLM-x32\...\{560FC78C-A4B2-461D-9B47-820C1EEF87B8}) (Version: 12.0.02000 - Nero AG)
Nero 12 Content Pack (HKLM-x32\...\{4E7AC009-5212-499F-942F-A5AA42AE359E}) (Version: 12.0.00400 - Nero AG)
Network Time Protocol (HKLM-x32\...\NTP) (Version: 4.2.8p10 - )
NetworkRepairTool (HKLM-x32\...\{86E68F57-FAFE-4052-BDD4-3B90C38236AE}) (Version: 1.2.16.0 - Brother Industries, Ltd.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
P@H-Protocol (HKLM-x32\...\{A2CB3AFC-E449-408A-BF4F-FE64EB1899D8}) (Version: 3.0.8.7 - Valassis)
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
PowerENGAGE (HKLM-x32\...\{BFE5C68B-E6D4-4421-9ACF-2B8C4BC2D2A1}) (Version: 3.2.13 - Aviata, Inc.) Hidden
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0002 - Nero AG) Hidden
ProductContext (HKLM-x32\...\{BC0F3E35-0AFF-4F11-B33D-F6FC31BD1AA0}) (Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7200 - Realtek Semiconductor Corp.)
ScanSnap (HKLM-x32\...\{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}) (Version: 5.0.21.1 - PFU Limited) Hidden
ScanSnap (HKLM-x32\...\{48000C0E-CA0F-4633-AEB3-0D7175BB2C59}) (Version: 5.1.62.2 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V5.1L62 - PFU)
ScanSnap Organizer (HKLM-x32\...\{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}) (Version: 4.1.11.3 - PFU LIMITED) Hidden
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V4.1L11 - PFU)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
SQL Server 2008 R2 SP1 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (HKLM\...\{51E5BC99-A087-4CFF-8D93-462903EA7E12}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (HKLM\...\{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}) (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
StatusMonitor (HKLM-x32\...\{40578A7A-6E36-457F-A4F0-45BC37EB61FD}) (Version: 1.20.1.0 - Brother Insutries Ltd.) Hidden
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
UsbRepairTool (HKLM-x32\...\{F8762A81-32B5-4144-9F3C-9274F515A651}) (Version: 1.4.0.0 - Brother Industries, Ltd.) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (HKLM-x32\...\{828175FA-7307-4DBF-95AD-9CEE086B6F45}) (Version: 12.0.14000 - Nero AG) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

Packages:
=========
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2015-07-06] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-27] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-29] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-07-14] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-23] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-07-06] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-07-06] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-05] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1564996262-345107913-3834639567-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2014-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-03-15] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-03-15] () [File not signed]

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-11-25 10:18 - 2016-11-25 10:18 - 000139264 _____ () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-11-14 22:37 - 2008-11-12 16:32 - 000014848 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
2014-11-14 22:35 - 2012-01-18 17:35 - 000385024 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
2014-11-14 22:35 - 2011-12-14 22:49 - 000233472 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2014-11-14 22:35 - 2003-03-26 19:46 - 000135168 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2014-11-14 22:35 - 2010-08-24 17:56 - 000167936 _____ () [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2014-11-11 18:34 - 2010-03-15 12:28 - 000166400 _____ () [File not signed] C:\Program Files\WinRAR\rarext.dll
2014-11-14 22:35 - 2003-04-21 15:19 - 000020480 _____ () [File not signed] C:\Windows\SSDriver\fi5110\fjipl.dll
2014-11-14 22:35 - 2003-04-21 15:19 - 000851968 _____ () [File not signed] C:\Windows\SSDriver\fi5110\fjiplA6.DLL
2018-09-05 10:15 - 2005-04-22 13:36 - 000143360 _____ () [File not signed] C:\Windows\system32\BrSNMP64.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000622592 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ACE.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 001441792 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AdobeScanLibrary.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000450560 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AdobeXMP.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 001359360 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AGM.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000258048 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ARE.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000151552 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AXE16SharedExpat.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000151552 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\AXE8SharedExpat.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000180224 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\BIB.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000217088 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\BIBUtils.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 002170880 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\CoolType.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 000561152 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\JP2KLib.dll
2014-11-14 22:35 - 2010-06-18 23:51 - 004132864 _____ (Adobe Systems Incorporated) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PDFL70.dll
2016-07-29 17:06 - 2016-07-29 17:06 - 000025299 _____ (Brother Industries, Ltd) [File not signed] C:\Program Files (x86)\Browny02\brlm03a.dll
2016-11-25 10:18 - 2016-11-25 10:18 - 000225280 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
2016-07-29 17:06 - 2016-07-29 17:06 - 000122880 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\brlmw03a.dll
2017-03-22 17:21 - 2017-03-22 17:21 - 000491008 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-03-30 16:39 - 2017-03-30 16:39 - 002892800 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
2016-10-04 14:25 - 2016-10-04 14:25 - 001708032 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2017-03-22 17:21 - 2017-03-22 17:21 - 000298496 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2017-04-05 09:53 - 2017-04-05 09:53 - 000137728 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2017-01-27 15:39 - 2017-01-27 15:39 - 000087552 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2017-01-27 15:39 - 2017-01-27 15:39 - 017974784 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2017-01-27 15:33 - 2017-01-27 15:33 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcLUsa.dll
2017-04-05 09:55 - 2017-04-05 09:55 - 001669120 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
2017-04-05 09:55 - 2017-04-05 09:55 - 000667136 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
2017-04-05 09:53 - 2017-04-05 09:53 - 000440832 _____ (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\ControlCenter4\Track.dll
2018-09-05 10:15 - 2016-11-01 11:27 - 000090112 _____ (Brother Industries, Ltd.) [File not signed] C:\Windows\system32\BrNetSti.dll
2014-11-14 22:35 - 2011-12-27 16:17 - 001294336 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\fjtw32.dll
2019-08-01 19:06 - 2004-12-02 10:36 - 000122880 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\Fjtw6401.fds
2014-11-14 22:35 - 2011-12-27 16:17 - 000352256 _____ (FUJITSU) [File not signed] C:\Windows\SSDriver\fi5110\MERCURY.DLL
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2019-06-19 13:53 - 2019-06-19 13:53 - 000044032 _____ (Integrated Practice Solutions, Inc.) [File not signed] E:\Program Files\PSChiro\CTMessagingService.exe
2014-11-14 22:35 - 2004-09-14 13:16 - 000352256 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ijl15.dll
2014-04-11 10:32 - 2014-04-11 10:32 - 000036352 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
2013-08-27 15:32 - 2013-08-27 15:32 - 000747520 _____ (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
2014-11-14 22:35 - 2003-02-21 08:42 - 000348160 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\PFU\ScanSnap\OCR\ABBYY8\MSVCR71.dll
2014-11-15 05:09 - 2014-11-15 05:09 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
2014-11-15 05:09 - 2014-11-15 05:09 - 000057344 _____ (Microsoft Corporation) [File not signed] C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
2018-07-23 01:56 - 2018-07-23 01:56 - 000012288 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
2018-07-23 01:56 - 2018-07-23 01:56 - 000020480 _____ (Microsoft) [File not signed] C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
2014-11-14 22:37 - 2009-06-08 11:30 - 000049152 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardDialog.dll
2014-11-14 22:37 - 2009-11-11 15:20 - 000147456 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardFinder.dll
2014-11-14 22:37 - 2009-09-16 14:24 - 000077824 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
2014-11-14 22:37 - 2009-11-11 11:14 - 000031232 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardMsg.dll
2014-11-14 22:37 - 2009-11-02 12:09 - 000176128 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardWndCmmn.dll
2014-11-14 22:35 - 2005-02-17 12:55 - 000069632 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\distortion.dll
2014-11-14 22:35 - 2002-02-25 19:00 - 000069632 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\IMGPROC2.dll
2014-11-14 22:35 - 2008-10-29 15:00 - 000061440 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\MonoComp.DLL
2014-11-14 22:35 - 2010-07-02 11:20 - 000880640 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\Option\SSCarrierSheetOption\P2IUnite.dll
2014-11-14 22:35 - 2009-03-30 22:31 - 000765952 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IBSKEW.dll
2014-11-14 22:35 - 2010-07-23 10:54 - 000823296 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICRPPR.dll
2014-11-14 22:35 - 2008-07-03 18:58 - 000118784 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IERSDW.dll
2014-11-14 22:35 - 2011-03-18 10:38 - 000249856 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\pfumkocr.dll
2014-11-14 22:35 - 2011-12-21 14:20 - 000266240 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCommon.dll
2014-11-14 22:35 - 2011-12-14 22:49 - 000258048 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsLaunchapp.dll
2014-11-14 22:35 - 2013-01-10 10:45 - 001097728 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
2014-11-14 22:35 - 2008-11-27 20:23 - 000053248 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsOrgFolder.dll
2014-11-14 22:35 - 2012-01-18 18:07 - 000290816 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsQMSetting.dll
2014-11-14 22:35 - 2011-01-27 13:36 - 000315392 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSvc.dll
2014-11-14 22:35 - 2010-02-04 20:01 - 000225280 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PSLWrapper.dll
2014-11-14 22:35 - 2006-11-01 20:50 - 000054544 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PtsaaEIf.dll
2014-11-14 22:35 - 2005-11-24 13:28 - 000188416 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SignLib.dll
2014-11-14 22:35 - 2008-02-28 20:36 - 001069056 _____ (PFU Limited) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\SsIjl.dll
2014-12-24 12:48 - 2012-01-16 19:19 - 000081920 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\S2OCmnU.dll
2014-12-24 12:48 - 2012-07-12 22:12 - 000634880 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
2014-12-24 12:48 - 2012-01-16 19:19 - 000010752 _____ (PFU LIMITED) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\SSFolder\STOLogOut.dll
2014-11-14 22:37 - 2008-05-09 23:56 - 000102400 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardCommon.dll
2014-11-14 22:37 - 2008-06-17 18:29 - 000077824 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardConfig.dll
2014-11-14 22:37 - 2008-06-17 18:28 - 000110592 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardData.dll
2014-11-14 22:37 - 2008-07-15 18:10 - 000081920 _____ (PFU Limited.) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardHook.dll
2014-11-14 22:37 - 2003-02-19 20:38 - 000176128 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\CardMinder\PGD_FILE\pgd_file.dll
2014-11-14 22:35 - 2008-01-24 17:26 - 000077824 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\ErrorDifusion.dll
2014-11-14 22:35 - 2010-04-20 11:33 - 000069632 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IATRES.DLL
2014-11-14 22:35 - 2008-11-08 14:44 - 000147456 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2ICMUKIS.dll
2014-11-14 22:35 - 2009-06-17 11:41 - 000126976 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IDEPTH.DLL
2014-11-14 22:35 - 2008-07-04 10:28 - 000118784 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Igr2mo.dll
2014-11-14 22:35 - 2008-01-18 15:20 - 000106496 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IJDGWP.dll
2014-11-14 22:35 - 2011-03-17 14:52 - 000094208 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IMOCR.dll
2014-11-14 22:35 - 2008-07-03 19:02 - 000057344 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2IROTAT.dll
2014-11-14 22:35 - 2008-02-04 12:15 - 000065536 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\P2Iscale.dll
2014-11-14 22:35 - 2012-09-06 20:47 - 000458752 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCtl.dll
2014-11-14 22:35 - 2008-10-29 14:59 - 000053248 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsSRGB.dll
2014-11-14 22:35 - 2002-06-19 20:11 - 000516179 _____ (PFU) [File not signed] C:\Program Files (x86)\PFU\ScanSnap\Driver\pgd_file.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dump_C6224FF0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ms10000app => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsC6224FF0App => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dump_C6224FF0.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ms10000app => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsC6224FF0App => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts


2019-02-28 12:07 - 2019-08-01 19:17 - 000000440 _____ C:\Windows\system32\drivers\etc\hosts.ics

192.168.1.4 ChiroServer.mshome.net # 2024 7 2 30 23 17 3 865

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-1564996262-345107913-3834639567-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Theme2\img12.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKU\S-1-5-21-1564996262-345107913-3834639567-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F5E90A05-89BC-4F24-8048-8114CC960812}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7BD4773C-EBAA-49A4-8716-DC998BF2A254}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CD07043-4368-467F-B78E-FE6D2551DEB7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4665CB10-F70D-404E-BB6E-BD1A62412870}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FF26065E-436A-4AF2-8FB9-2AECF99A747E}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{73549318-92B6-4ED2-AAC5-06759D438FDE}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe (Nero AG -> Nero AG)
FirewallRules: [{FDBD0C45-CE65-4550-8910-8E937459FCD3}] => (Allow) LPort=123
FirewallRules: [{EF1593AB-1325-4426-BED2-3DE4508681B6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D953405-30F0-44BF-912C-973BF8900241}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8B4AD9C5-67D7-4AC6-8A58-75B2FC46F33D}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C52143FD-E4FA-49B2-BD32-0EF2EB4747A9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{ED1A3A7E-AF10-4CF7-8CA9-53283B18F237}C:\users\chiro server\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\chiro server\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{E79DB3B3-A3B5-440C-880D-9726572F405D}C:\users\chiro server\appdata\local\logmein client\logmein client.exe] => (Allow) C:\users\chiro server\appdata\local\logmein client\logmein client.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{997E18CA-50FD-46E1-8BCE-7D49A1BA85AA}] => (Allow) LPort=587
FirewallRules: [{A8A68763-C576-4168-B11D-22948218E2E2}] => (Allow) C:\Users\Chiro Server\AppData\Local\Temp\7zS50CB\setup\hpznui40.exe No File
FirewallRules: [{7DCDDDE4-F956-4596-9E04-DC1FF2924E77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe No File
FirewallRules: [{4E22CAC3-9473-45BA-BA2B-3CA559C519D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe No File
FirewallRules: [{07E1A2B3-903B-4295-A4F6-25622B44B8D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe No File
FirewallRules: [{440F56F3-17E8-45E9-8B9E-8FACE3076715}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe No File
FirewallRules: [{EED86FAF-5769-4272-821D-D95660C862FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe No File
FirewallRules: [{A14C0B8D-0FCE-4618-AEC2-EB879D5813A0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe No File
FirewallRules: [{004B3377-8067-4973-811A-7F5299B32C68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe No File
FirewallRules: [{EE50D74B-4E22-410B-BBE9-3619F42EE741}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe No File
FirewallRules: [{777842F0-8EE5-4E3E-B283-3B1F41B2F2CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe No File
FirewallRules: [{B71C184D-F60B-4932-84E3-170051E21F91}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe No File
FirewallRules: [{2E5B2E5E-39CF-4720-AD0E-B83B7CE48D84}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe No File
FirewallRules: [{96E164DA-9713-41CA-82E3-40804C7D3372}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe No File
FirewallRules: [{926ADB30-BFBC-417F-803A-31F7E1C50BE6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe No File
FirewallRules: [{2C85C171-9EAC-4769-9538-95286223D87F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe No File
FirewallRules: [{8F756C49-9D44-48B7-A5FB-F8581AD16E6B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe No File
FirewallRules: [{5E8183E4-A086-433C-B0C7-B43647ED4090}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe No File
FirewallRules: [{BFB63484-4226-4798-9043-F6F5D5D4752E}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{898441C8-40A3-43DB-A0FC-E72970299527}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8A90555-E92F-4FF9-B296-4ABB82A91C38}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D061EF27-2F93-4FFC-BAE5-CC8C19755959}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9A1654A-5607-4084-8653-D2779155C86B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F07C76E2-96EE-4A79-A251-B539A2281F2C}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D9D0D8A9-5A1D-4DCE-B838-37644847E2A8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F316D60A-9BDB-4140-90AD-615FE7722737}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{1AC267AD-FDC8-4331-94C7-178FF7AC8F5D}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [UDP Query User{1CF454E1-1537-42A2-853C-F5D36C0CAD5B}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe (LogMeIn, Inc. -> LogMeIn, Inc.)
FirewallRules: [{F876607D-ACE3-4775-84E6-3137DA1FE757}] => (Allow) LPort=54925
FirewallRules: [{76DBADA8-ACC8-4269-89A1-BAA591C084A9}] => (Allow) LPort=54950
FirewallRules: [{EBE6D998-F251-427F-85F7-A57D12B2D570}] => (Allow) LPort=54955
FirewallRules: [{91F5A344-0038-4869-B86E-284830779511}] => (Allow) LPort=1433
FirewallRules: [{FF31F0B6-5A9C-40D5-B608-B6C32C6478A9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{A4EDFD1D-129C-453B-BE1A-2FE31F68695C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{8B4A21F9-4B32-4C5F-BD11-915CF96C8864}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{21A65AFF-7FBC-4063-BF12-C459FC935C3C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{60CE1529-D70D-4703-98F2-DB5519515BAD}] => (Allow) %systemroot%\system32\alg.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{4B6A849C-AA1F-424E-914C-1134167B68BA}C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe] => (Allow) C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe No File
FirewallRules: [UDP Query User{49A601C6-583D-4B16-83D2-CC579D099BAB}C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe] => (Allow) C:\users\chiro server\appdata\local\logmein rescue applet\lmir08a6d001.tmp\lmi_rescue.exe No File
FirewallRules: [{9E58FC4B-5835-497D-B39C-BAE6C7DCA3E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

13-06-2019 08:26:28 Windows Update
26-06-2019 15:18:43 Removed ChiroTouch.
26-06-2019 15:22:20 Installed ChiroTouch.
26-06-2019 15:31:46 Removed ChiroTouch.
26-06-2019 15:33:28 Installed ChiroTouch.
11-07-2019 20:53:12 Windows Update
17-07-2019 08:51:59 Windows Update
01-08-2019 19:15:28 AdwCleaner_BeforeCleaning_01/08/2019_19:15:27

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Broadcast Receiver Server...

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Wait Workflow Commands request from device.

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Start Server...

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[4]: 192.168.1.4

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[3]: 2603:3020:24c1:9000:2085:1772:d2a1:da34

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[2]: 2603:3020:24c1:9000::d012

Error: (08/01/2019 07:16:09 PM) (Source: WorkflowAppControl) (EventID: 32767) (User: )
Description: Host.AddressList[1]: 2603:3020:24c1:9000:f45c:2255:d02a:ca8


System errors:
=============
Error: (08/01/2019 07:18:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ChiroTouch Messaging Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Run the configured recovery program.

Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: The DHCP allocator has disabled itself on IP address 192.168.1.4, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (08/01/2019 07:17:03 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.

Error: (08/01/2019 07:17:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The ChiroTouch Messaging Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Run the configured recovery program.

Error: (08/01/2019 07:16:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP CUE DeviceDiscovery Service service terminated with the following error: 
The specified module could not be found.

Error: (08/01/2019 07:16:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The MsC6224FF0App service terminated with the following error: 
The specified module could not be found.


Windows Defender:
===================================
Date: 2019-08-01 16:32:03.630
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\MsC6224FF0App.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\svchost.exe
Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-01 16:24:07.634
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDownloader:PowerShell/CoinMiner.C&threatid=2147740830&enterprise=0
Name: TrojanDownloader:PowerShell/CoinMiner.C
ID: 2147740830
Severity: Severe
Category: Trojan Downloader
Path: file:_C:\update.ps1
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Chiro Server\Desktop\FRST64.exe
Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-01 14:54:08.450
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
ID: 2147735505
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\DataFiles\Microsoft\Fonts\up.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\cmd.exe
Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-01 14:53:46.715
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Wacatac.B!ml&threatid=2147735505&enterprise=0
Name: Trojan:Win32/Wacatac.B!ml
ID: 2147735505
Severity: Severe
Category: Trojan
Path: file:_C:\ProgramData\DataFiles\Microsoft\Fonts\up.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\cmd.exe
Signature Version: AV: 1.299.1012.0, AS: 1.299.1012.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-01 08:55:27.784
Description: 
Windows Defender has detected malware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Occamy.C&threatid=2147726780&enterprise=0
Name: Trojan:Win32/Occamy.C
ID: 2147726780
Severity: Severe
Category: Trojan
Path: file:_C:\Windows\System32\MsC6224FF0App.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\svchost.exe
Signature Version: AV: 1.299.981.0, AS: 1.299.981.0, NIS: 119.0.0.0
Engine Version: AM: 1.1.16200.1, NIS: 2.1.14600.4

Date: 2019-08-01 06:28:19.616
Description: 
Windows Defender has encountered an error trying to upload a suspicious file for further analysis.
Filename: C:\Windows\System32\ms10000app.dll
Sha256: 
Current Signature Version: AV: 1.299.981.0, AS: 1.299.981.0
Current Engine Version: 1.1.16200.1
Error code: 0x80508016

CodeIntegrity:
===================================

Date: 2019-08-01 19:18:30.890
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 19:18:27.984
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 19:12:42.061
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 19:12:39.559
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 16:25:11.358
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 16:25:07.513
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 16:25:03.732
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2019-08-01 16:24:59.849
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. F5 05/13/2014
Motherboard: Gigabyte Technology Co., Ltd. H81M-HD3
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8068.73 MB
Available physical RAM: 5034.45 MB
Total Virtual: 9924.73 MB
Available Virtual: 6959.52 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:223.23 GB) (Free:117.57 GB) NTFS
Drive e: (Chiro Back up) (Fixed) (Total:2794.39 GB) (Free:2776.8 GB) NTFS

\\?\Volume{a4114001-6a61-11e4-824b-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: A864B881)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Protective MBR) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

Thanks for the reply, you will see the two malwarebytes log at the top as the 5pm is the most recent when I completed the instructions. I did run malwarebytes this morning and that is the second log from 8:58am

 

Thank you for your assistance thus far

 

Link to post
Share on other sites

Thanks for those logs C0rad,

Run the following please and post the produced logs:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file when running FRST fix"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx


Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window
In the "Scan Type" window, select Quick Scan
Perform a scan and Click Finish when the scan is done.


Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

notepad c:\windows\debug\mrt.log

The log will include log details for each time MSRT has run, we only need the most recent log by date and time....

Thank you,

Kevin..

 

fixlist.txt

Link to post
Share on other sites

Thank you Kevin for the response.

Attached you will find the Fixlog and below is the MSRT recent log date and time.

 

Also Malwarebytes also intercepted the following trojan site right before I began the second set of instructions. I copied the report below

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/2/19
Protection Event Time: 12:24 PM
Log File: f2cbb555-b541-11e9-9238-fcaa1421364a.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.11828
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: 
IP Address: 185.244.25.180
Port: [1900]
Type: Inbound
File: 

(end)

 


---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.74, July 2019 (build 5.74.16130.3)
Started On Fri Aug  2 12:22:53 2019

Engine: 1.1.16000.6
Signatures: 1.295.1362.0
MpGear: 1.1.15747.1
Run Mode: Interactive Graphical Mode

Results Summary:
----------------
No infection found.
Successfully Submitted Heartbeat Report
Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug  2 12:24:47 2019


Return code: 0 (0x0)

 

 

Thank you

Fixlog.txt

Link to post
Share on other sites

Thanks for the update C0nrad, continue to clean up:

Right click on FRST here: C:\Users\Chiro Server\Desktop\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall

That action will remove FRST and all created files and folders...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.