Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Chromium wasn't installed but it keeps opening in the backgraound

Started by slberube , Mar 05 2017 08:53 AM

Chromium yahoo search tabs malware

This topic is locked

#1
slberube

Posted 05 March 2017 - 08:53 AM

New Member

Member
5 posts

When Chrome is opened, Chromium opens in the background along with several Yahoo search tabs. Chromium has never been installed and I never use Yahoo. I ran a malware bites scan last night and removed a bunch. Now the computer is restarting automatically at random times and saying an error was encountered.

Below is the log of what was removed with the Malware bites scan:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 3/4/2017

Scan Time: 8:40 PM

Logfile:

Administrator: Yes

Version: 2.2.1.1043

Malware Database: v2017.03.05.01

Rootkit Database: v2017.02.27.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: New Owner

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 302507

Time Elapsed: 6 min, 24 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 10

PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [382dfbcb75330a2c136ff2e6cf34f60a],

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080CAD-4ADC-49AC-8C63-EDA16E595CBD}, Quarantined, [6005c8feaafe74c2f7860cd8f90949b7],

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{886356D8-37F0-499A-A263-527D8544399B}, Delete-on-Reboot, [b6afe0e69117c37391b3b660a45ccb35],

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered donel, Delete-on-Reboot, [026302c41098350125b3d73e23dde41c],

PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [5510ae18cadee6505f23e4f411f252ae],

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080CAD-4ADC-49AC-8C63-EDA16E595CBD}, Quarantined, [e87db1154b5d4fe79de0f8ecd92904fc],

PUP.Optional.InstallCore, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\csastats, Quarantined, [54118d394068c076413d8f49eb18768a],

PUP.Optional.SearchManager, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [d4914086d4d48aaca0d729bdc141e917],

PUP.Optional.ProductSetup, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\PRODUCTSETUP, Quarantined, [f76e16b04f59ad89a308128634cfa65a],

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{05DDED1D-555D-3C9D-E4DD-4C1D345D9F9D}, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

Registry Values: 9

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.ya...uarantinedBPro,%4, %5

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080cad-4adc-49ac-8c63-eda16e595cbd}|URL, https://us.search.ya...={searchTerms},%4, %5

PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{886356D8-37F0-499A-A263-527D8544399B}|Path, \Yahoo! Powered donel, Delete-on-Reboot, [b6afe0e69117c37391b3b660a45ccb35]

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.ya...uarantinedBPro,%4, %5

PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{26080cad-4adc-49ac-8c63-eda16e595cbd}|URL, https://us.search.ya...={searchTerms},%4, %5

Adware.DealPly.Generic, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|Tisarotonile, C:\WINDOWS\SysWoW64\wscript.exe /E:vbscript /B "C:\Users\NEWOWN~1\AppData\Roaming\06D2A7~1\Cegok.dat", Quarantined, [f2733b8ba7019b9b2b2e835bec14fa06]

PUP.Optional.WinYahoo, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://us.search.ya...uarantinedBPro,%4, %5

PUP.Optional.NotChromeRun, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|GoogleChromeAutoLaunch_9CC58435E1B3EDDA8332026C4A9FB868, "C:\Users\New Owner\AppData\Local\chromium\Application\chrome.exe" --no-startup-window, Quarantined, [acb98d39a5032b0bd6f9494c45bead53]

PUP.Optional.ProductSetup, HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, Quarantined, [f76e16b04f59ad89a308128634cfa65a]

Registry Data: 3

Folders: 26

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\content, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\skin, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\_metadata, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\content, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\content\fonts, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\content\images, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\skin, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\skin\icons, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\_metadata, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

Files: 182

PUP.Optional.WinYahoo, C:\Windows\System32\Tasks\Yahoo! Powered donel, Quarantined, [d88d6d590d9b45f1983f66afaf51758b],

PUP.Optional.WinYahoo, C:\Windows\Tasks\Yahoo! Powered donel.job, Quarantined, [82e3a521bfe97fb738222aec0af69d63],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\lolo.txt, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\aowLC, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\cefa, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\cirefi, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\hdat1, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\hdat2, Quarantined, [d5901bab9d0ba98d3efd4241857bfc04],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\lolo.txt, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\aowLC, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\cirefi, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\coni, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\hdat1, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\hdat2, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.WinYahoo.Generic, C:\ProgramData\{D80A1D69-5248-97AF-D48E-09ED4ECC8223}\ubIjQ, Quarantined, [4025d0f66b3dc373c378176c7f81738d],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [6104d7ef07a12e086f12e0f83ec55aa6],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage, Quarantined, [51148d3935735cda72481ebf649f55ab],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\background.html, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\background.v0.0.1.min.js, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\client.v0.0.1.min.js, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\common.js, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\e_.json, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\index.html, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\manifest.json, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\popupTab2.html, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\popupTab2.js, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\responseConfig.json, Quarantined, [5312a22404a4a49235f01c4f6a969e62],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\2bfc185be71f44cd73ac81511fc1f5a5.woff, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\b495e340f4ef8924fea0284c1bf9e7ac.woff, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\background.html, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\background.v0.0.1.min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\c5a5cbf4dbcaa7064f2bc77f52101aec.otf, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\client.v0.0.1.min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\common.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\e_.json, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\index.html, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\manifest.json, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\popupTab2.html, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\popupTab2.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\responseConfig.json, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\content\bundle.v0.0.1.min.css, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor\md5.min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor\react-dom.min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor\react-with-addons.min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.SearchManager, C:\Users\New Owner\AppData\Local\chromium\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\10.1.0.54_0\vendor\underscore-min.js, Quarantined, [d68f695dfcac5bdb132eaa39cc367888],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\HowToRemove.html, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\chromium-min.jpg, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\control panel-min-min.JPG, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\down.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\ff menu.JPG, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\ff search engine-min.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\hp-min ff.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\hp-min ie.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\search engine.gif, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\setup pages.gif, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\sp-min.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\start-min.jpg, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\HowToRemove\up.png, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\bapi_chmm.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\bapi_ff.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\bapi_ie.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\cota.cfg, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\dola, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\dote.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\fese, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\install.log, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\lede, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\Sqlite3.dll, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\tina, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\uninst.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\uninst.exe, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

PUP.Optional.WinYahoo, C:\Users\New Owner\AppData\Local\{B1488714-95E0-EBAC-F878-CE44DC1032DC}\uninstp.dat, Quarantined, [9acb65615b4dfc3ab53272cad92b619f],

Physical Sectors: 0

(No malicious items detected)

(end)

#2
slberube

Posted 05 March 2017 - 08:58 AM

New Member

Topic Starter
Member
5 posts

Here are the 2 logs from running the Farbar recovery:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017

Ran by New Owner (administrator) on DESKTOP-044JTN3 (05-03-2017 09:34:40)

Running from C:\Users\New Owner\Desktop

Loaded Profiles: New Owner (Available Profiles: New Owner)

Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe

(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Google Inc.) C:\Users\New Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Google Inc.) C:\Users\New Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Google Inc.) C:\Users\New Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

(Google Inc.) C:\Users\New Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe

(The Chromium Authors) C:\Users\New Owner\AppData\Local\chromium\Application\chrome.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Google Inc.) C:\Users\New Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Farbar) C:\Users\New Owner\Downloads\FRST64 (1).exe

(Farbar) C:\Users\New Owner\Desktop\FRST64 (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-25] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26781320 2017-02-21] (Dropbox, Inc.)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [26424960 2016-06-28] (Skype Technologies S.A.)

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [DrvUpdater] => C:\Users\New Owner\AppData\Roaming\DRPSu\DrvUpdater.exe [195256 2013-04-16] ()

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [Google Update] => C:\Users\New Owner\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [Chromium] => c:\users\new owner\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [GoogleChromeAutoLaunch_9CC58435E1B3EDDA8332026C4A9FB868] => C:\Users\New Owner\AppData\Local\chromium\Application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)

HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-02-21] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-09-11]

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

GroupPolicy: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0

Tcpip\..\Interfaces\{bbaff374-0f68-458d-b19c-fc95327bee58}: [DhcpNameServer] 192.168.0.1 0.0.0.0

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-237fed85&q={searchTerms}

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-237fed85&q={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-237fed85&q={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-237fed85&q={searchTerms}

SearchScopes: HKU\S-1-5-21-3576602160-2063071951-4256186603-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-07-07] (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-07-07] (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-08-13]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-07] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-07] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-07-07] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-07-07] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)

FF Plugin HKU\S-1-5-21-3576602160-2063071951-4256186603-1001: @tools.google.com/Google Update;version=3 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-3576602160-2063071951-4256186603-1001: @tools.google.com/Google Update;version=9 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Profile: C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default [2017-03-05]

CHR Extension: (Google Slides) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-13]

CHR Extension: (Google Docs) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-13]

CHR Extension: (Google Drive) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-13]

CHR Extension: (YouTube) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-13]

CHR Extension: (Calendar and Countdown) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2017-02-05]

CHR Extension: (Adobe Acrobat) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]

CHR Extension: (Google Sheets) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-13]

CHR Extension: (Google Docs Offline) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-13]

CHR Extension: (Save to Google Drive) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-08-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]

CHR Extension: (Amazon Assistant for Chrome) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2017-03-04]

CHR Extension: (Gmail) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-13]

CHR Extension: (Chrome Media Router) - C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-23]

CHR HKLM\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx

CHR HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

CHR HKLM-x32\...\Chrome\Extension: [ehlceeijggpdgfcefmipcmdelickjgfg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-26] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-26] (Dropbox, Inc.)

R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-02-09] (Dropbox, Inc.)

R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)

R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-06-23] (Lenovo.)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [736992 2015-08-04] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)

R1 HBtnKey; C:\WINDOWS\system32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R3 qcusbserlno2k; C:\WINDOWS\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)

R0 stmtpm; C:\WINDOWS\System32\DRIVERS\stm_tpm.sys [29184 2007-06-13] (STMicroelectronics, INC)

R3 WacHidRouter; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [109768 2015-08-04] (Wacom Technology, Corp.)

S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 09:34 - 2017-03-05 09:35 - 00023536 _____ C:\Users\New Owner\Desktop\FRST.txt

2017-03-05 09:33 - 2017-03-05 09:25 - 02423808 _____ (Farbar) C:\Users\New Owner\Desktop\FRST64 (1).exe

2017-03-05 09:25 - 2017-03-05 09:34 - 00000000 ____D C:\FRST

2017-03-05 09:24 - 2017-03-05 09:25 - 02423808 _____ (Farbar) C:\Users\New Owner\Downloads\FRST64 (1).exe

2017-03-05 09:23 - 2017-03-05 09:23 - 02423808 _____ (Farbar) C:\Users\New Owner\Downloads\FRST64.exe

2017-03-05 09:12 - 2017-03-05 09:12 - 00265324 _____ C:\WINDOWS\Minidump\030517-10359-01.dmp

2017-03-05 02:32 - 2017-03-05 02:32 - 00251564 _____ C:\WINDOWS\Minidump\030517-10250-01.dmp

2017-03-04 20:42 - 2017-03-05 09:20 - 00004176 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A9A90681-0565-45B3-AEDC-D4C046B4B105}

2017-03-04 19:04 - 2017-03-05 09:18 - 00000000 ___HD C:\Users\Public\Documents\AdobeGC

2017-02-24 13:56 - 2017-02-24 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys

2017-02-21 13:49 - 2017-02-21 13:49 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

2017-02-09 03:33 - 2017-02-09 03:33 - 00046408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

2017-02-09 03:33 - 2017-02-09 03:33 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys

2017-02-05 09:57 - 2017-02-05 09:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 09:31 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-03-05 09:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-03-05 09:31 - 2016-07-06 13:12 - 00000000 ____D C:\Users\New Owner\AppData\Local\Packages

2017-03-05 09:28 - 2016-09-10 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager

2017-03-05 09:17 - 2016-07-06 14:53 - 01486676 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-03-05 09:13 - 2016-12-26 19:26 - 00000000 ___RD C:\Users\New Owner\Dropbox

2017-03-05 09:12 - 2016-11-02 23:01 - 00000000 ____D C:\WINDOWS\Minidump

2017-03-05 09:12 - 2016-09-25 16:56 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-03-05 09:12 - 2016-09-25 16:50 - 00000000 ____D C:\Users\New Owner

2017-03-05 09:12 - 2016-09-25 16:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-03-05 09:12 - 2016-09-05 08:58 - 457804120 _____ C:\WINDOWS\MEMORY.DMP

2017-03-05 02:00 - 2016-08-13 23:10 - 00000000 ____D C:\Users\New Owner\AppData\Local\Adobe

2017-03-04 20:48 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI

2017-03-04 20:39 - 2016-08-27 18:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-03-04 15:10 - 2016-12-18 10:07 - 00000370 _____ C:\Users\New Owner\AppData\Roaming\WB.CFG

2017-02-27 19:27 - 2016-12-21 20:00 - 00003298 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

2017-02-27 19:27 - 2016-07-06 13:14 - 00002424 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2017-02-27 19:27 - 2016-07-06 13:14 - 00000000 ___RD C:\Users\New Owner\OneDrive

2017-02-26 21:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-02-26 20:52 - 2016-12-22 22:49 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForNew Owner.job

2017-02-24 13:56 - 2016-12-26 19:16 - 00000000 ____D C:\Program Files (x86)\Dropbox

2017-02-24 12:56 - 2016-12-22 22:49 - 00003288 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForNew Owner

2017-02-22 19:41 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-02-22 19:40 - 2016-07-06 13:31 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-02-22 19:38 - 2016-07-06 13:31 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-02-10 06:21 - 2016-08-13 18:09 - 00002538 _____ C:\Users\New Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2017-02-10 06:21 - 2016-08-13 18:09 - 00002530 _____ C:\Users\New Owner\Desktop\Google Chrome.lnk

2017-02-06 14:48 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-02-06 14:48 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-02-05 09:57 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF

==================== Files in the root of some directories =======

2016-12-18 10:07 - 2017-03-04 15:10 - 0000370 _____ () C:\Users\New Owner\AppData\Roaming\WB.CFG

2016-09-11 15:29 - 2016-09-11 15:45 - 0000906 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:

====================

2017-01-19 22:52 - 2017-01-19 22:52 - 0739904 _____ (Oracle Corporation) C:\Users\New Owner\AppData\Local\Temp\jre-8u121-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 21:21

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017

Ran by New Owner (05-03-2017 09:35:20)

Running from C:\Users\New Owner\Desktop

Windows 10 Pro Version 1607 (X64) (2016-09-25 22:01:19)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3576602160-2063071951-4256186603-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-3576602160-2063071951-4256186603-503 - Limited - Disabled)

Guest (S-1-5-21-3576602160-2063071951-4256186603-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3576602160-2063071951-4256186603-1003 - Limited - Enabled)

New Owner (S-1-5-21-3576602160-2063071951-4256186603-1001 - Administrator - Enabled) => C:\Users\New Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1310 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden

1310_Help (x32 Version: 82.0.58.000 - Hewlett-Packard) Hidden

1310Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.16 - Adobe Systems)

Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)

Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)

AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden

AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden

Any Video Converter 6.0.4 (HKLM-x32\...\Any Video Converter) (Version: 6.0.4 - Anvsoft)

AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.34415568.34407008.34415576 - Audible, Inc.)

BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.49.53 - Conexant)

Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden

Dropbox (HKLM-x32\...\Dropbox) (Version: 20.4.19 - Dropbox, Inc.)

Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden

eJuice Me Up (HKLM-x32\...\{399E77D0-5CEC-41CE-AC95-179E2A0B1893}) (Version: 16.3.0 - Breaktru Software)

EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version: - SEIKO EPSON Corporation)

Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden

Google Chrome (HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)

HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.)

HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden

HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)

Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)

SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden

Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)

ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.03 - )

Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden

TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

WinRAR 5.40 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.4 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File

CustomCLSID: HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\New Owner\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0481697D-BCD4-4FB1-9A85-D3C05ADC212D} - System32\Tasks\Bing Search Engine donel => Wscript.exe "C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\lolo.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b33464132464143312d423545302d373030372d333332362d4545343541393634363538427d5c636972656669" "433a5c50726f6772616d446174615c7b33464132464143312d423545302d373030372d33 (the data entry has 82 more characters).

Task: {0B0BBDD3-6F38-4D8A-9275-B7078426CD98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {1479C97C-E7B6-4FA2-BFBB-FFF3BC0D4CE5} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-044JTN3-New Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)

Task: {320E0B52-8CD2-4420-90DF-D31FDC623634} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)

Task: {44CEC2FA-078C-4354-9E50-B37A5A56980E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-02-10] (HP Inc.)

Task: {47A9E459-D40B-40C4-A206-FEC850F43584} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-07] (Adobe Systems Incorporated)

Task: {54B3DB8D-537F-4C8F-9498-727F99C579B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)

Task: {73AA0FC8-2C15-4641-88EE-AD8E3A899EE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001Core1d25881478dfc0 => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)

Task: {85E95808-A930-4450-9A86-CA1CF6609749} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)

Task: {996F810A-C820-48DD-9192-8B43933B02AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001UA1d2588148565c2 => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)

Task: {9EDD243D-9F96-4C80-9099-E900440D1D41} - System32\Tasks\HPCeeScheduleForNew Owner => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)

Task: {B0F3D5A6-94EA-4118-853B-903276E1EC78} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-26] (Dropbox, Inc.)

Task: {B28A8099-BA0D-4FB3-9DFB-78F1E0061C44} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

Task: {BAED02E5-1632-4175-A7C6-FF5A90D0F4FE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001UA => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)

Task: {C87CA2AA-6A6D-49B0-92DD-5DFE4D51C580} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-26] (Dropbox, Inc.)

Task: {CA19166D-405A-46CC-BC4D-437A3DEEC890} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001Core => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2016-08-13] (Google Inc.)

Task: {DB2D6390-E558-4D63-BD60-54BB18D55612} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)

Task: {DBDEFACC-FE3D-4232-89F8-9495273B2D85} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\New Owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe

Task: {EED28DEC-D824-47AF-BEB1-DCABB60D1C3D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-02-08] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\Bing Search Engine donel.job => Wscript.exe C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\lolo.txt <==== ATTENTION

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001Core.job => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3576602160-2063071951-4256186603-1001UA.job => C:\Users\New Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\HPCeeScheduleForNew Owner.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-12-18 10:33 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-12-18 10:33 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2015-08-04 21:06 - 2015-08-04 21:06 - 01373920 _____ () C:\Program Files\Tablet\ISD\libxml2.dll

2016-09-25 20:42 - 2016-09-25 20:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2017-01-10 15:39 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2017-01-10 15:39 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-01-10 15:39 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-01-10 15:39 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2017-01-10 15:39 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll

2017-01-10 15:39 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2017-01-10 15:39 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2017-02-10 06:21 - 2017-02-01 04:47 - 02459992 _____ () C:\Users\New Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-10 06:21 - 2017-02-01 04:47 - 00099672 _____ () C:\Users\New Owner\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll

2012-11-27 01:54 - 2012-11-27 01:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2017-02-22 19:30 - 2017-02-22 19:30 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-02-22 19:30 - 2017-02-22 19:30 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-02-22 19:30 - 2017-02-22 19:30 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-02-10 06:18 - 2017-02-10 06:18 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll

2016-11-25 16:13 - 2016-03-18 06:32 - 02160128 _____ () C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libglesv2.dll

2016-11-25 16:13 - 2016-03-18 06:32 - 00075776 _____ () C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libegl.dll

2017-02-24 13:56 - 2017-02-21 13:58 - 00802112 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll

2017-01-11 19:31 - 2017-01-25 16:03 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd

2017-01-11 19:31 - 2017-01-25 16:03 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd

2017-01-11 19:31 - 2017-01-25 16:03 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd

2017-01-11 19:31 - 2017-01-25 16:03 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd

2017-01-11 19:31 - 2017-01-25 16:04 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 01682768 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd

2017-02-24 13:56 - 2017-01-25 16:03 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd

2017-02-24 13:56 - 2017-01-25 16:04 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd

2017-02-24 13:56 - 2017-01-25 16:03 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll

2017-01-11 19:31 - 2017-01-25 16:06 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00052544 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd

2017-02-24 13:56 - 2017-01-25 16:03 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll

2017-02-24 13:56 - 2017-01-25 16:06 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00381760 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-01-11 19:31 - 2017-01-25 16:05 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd

2017-01-11 19:31 - 2017-01-25 16:04 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 01972536 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00053072 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd

2017-01-28 11:32 - 2017-02-21 14:01 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd

2017-01-28 11:32 - 2017-02-21 14:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-01-28 11:32 - 2017-02-21 14:01 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd

2017-01-28 11:32 - 2017-02-21 14:01 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd

2017-02-24 13:56 - 2017-01-25 16:01 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll

2017-02-24 13:56 - 2017-02-21 14:01 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd

2017-02-24 13:56 - 2017-01-26 21:02 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll

2017-02-24 13:56 - 2017-02-21 14:01 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL

2017-02-24 13:56 - 2017-01-25 16:11 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll

2017-02-24 13:56 - 2017-01-25 16:11 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll

2017-02-24 13:56 - 2017-02-21 14:01 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd

2017-01-11 19:31 - 2017-01-25 16:06 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd

2017-01-11 19:31 - 2017-02-21 14:01 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd

2017-02-24 13:56 - 2017-02-21 14:01 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2016-08-13 23:58 - 00001704 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 hl2rcv.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 na2m-pr.licenses.adobe.com

127.0.0.1 na4r.services.adobe.com

127.0.0.1 ims-na1-prprod.adobelogin.com

127.0.0.1 na1r.services.adobe.com

127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\New Owner\Pictures\Saved Pictures\macro-math-3-keys-to-dialing-in-your-macro-ratios-v2-2-640xh.jpg

DNS Servers: 192.168.0.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\StartupApproved\Run: => "DrvUpdater"

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{A52C7830-4BD1-473F-8898-1EDD50335CEF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe

FirewallRules: [{1CC50172-8251-4D4D-B94A-12F90BC9A1C7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{C29E0B74-26F1-4821-8A0C-478108D02534}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{A12998C2-B49A-43DF-A1D1-8D74D6AF8B24}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{8DC353DE-7BA0-4230-8B51-1B14EA7AEAED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{36E1724E-640C-4992-9498-4B222DB18BF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe

FirewallRules: [{DC3BB139-15BC-4BEC-B226-74A1156DB64F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe

FirewallRules: [{42758E72-1720-4A82-926F-70B70D437434}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{377243D0-8149-4B2B-B5D3-28FBB823437C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe

FirewallRules: [{AC8C6734-58E0-4400-ACEB-C381DFDEF6B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{ED341F66-6110-4EC7-81BF-E2E1DB5FD09F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe

FirewallRules: [{6E0C7684-421C-445E-A514-21B70055320B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{E55DCD3F-4DE4-4082-8B7D-C791BD962851}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe

FirewallRules: [{7D1E05FE-B926-477B-82B3-6BA84A451784}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{18B2669E-4130-4BC6-8521-BE9A23D8FAB5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{17E28EF6-B0A7-47C0-931E-C96A923A23F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe

FirewallRules: [{C29A3B4B-FCAE-4F41-9CF7-2B64FAFBD351}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe

FirewallRules: [{27BE0907-9C40-45A2-A820-7DDF5926B13F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{0DA4460D-8CDE-4623-A8B8-B6865D549D6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [UDP Query User{46E6141E-DB43-4A1E-AE74-0CBE8939BF94}C:\users\new owner\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\new owner\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [TCP Query User{7C0C6436-AF54-4DB0-BF32-4DB4673B59DE}C:\users\new owner\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\new owner\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{6A07C122-319C-4FEA-BCFA-CFB2197159A0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{7FB43EBB-0221-4BBE-8342-1933061FFACF}C:\users\new owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\new owner\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [UDP Query User{C490A33B-A0F1-4F9E-9E2E-595250130EB7}C:\users\new owner\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\new owner\appdata\local\google\chrome\application\chrome.exe

FirewallRules: [{44590D81-AAB6-4FAF-9005-8146218084F6}] => (Allow) C:\Users\New Owner\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [{48B0768D-8C59-463F-B9F5-8E24CE18F6D0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (03/05/2017 09:12:30 AM) (Source: Windows Search Service) (EventID: 3104) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/05/2017 09:12:30 AM) (Source: Windows Search Service) (EventID: 3104) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/05/2017 02:32:39 AM) (Source: Windows Search Service) (EventID: 3104) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/05/2017 02:32:33 AM) (Source: Windows Search Service) (EventID: 3104) (User: )

Description: Enumerating user sessions to generate filter pools failed.

Details:

(HRESULT : 0x80040210) (0x80040210)

Error: (03/04/2017 08:53:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (03/02/2017 10:14:07 PM) (Source: Perflib) (EventID: 1008) (User: )

Error: (02/26/2017 05:01:11 PM) (Source: Perflib) (EventID: 1008) (User: )

Error: (02/24/2017 06:17:50 PM) (Source: Perflib) (EventID: 1008) (User: )

Error: (02/24/2017 01:56:16 PM) (Source: DbxSvc) (EventID: 270) (User: )

Description: (-2145452013) The system could not find the filter specified.

Error: (02/10/2017 06:16:50 AM) (Source: DbxSvc) (EventID: 320) (User: )

Description: (-2147024894) The system cannot find the file specified.

System errors:

=============

Error: (03/05/2017 09:12:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 09:12:28 AM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 18) (User: NT AUTHORITY)

Description: A fatal hardware error has occurred.

Reported by component: Processor Core

Error Source: 3

Error Type: 8

Processor APIC ID: 4

The details view of this entry contains further information.

Error: (03/05/2017 09:12:26 AM) (Source: BugCheck) (EventID: 1001) (User: )

Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x0000000000000000, 0xffffba8c7a9ef028, 0x00000000b2000000, 0x0000000000000014). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: f7544ae3-c24d-4b48-a34b-802107356cd8.

Error: (03/05/2017 09:12:26 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 2:32:29 AM on ‎3/‎5/‎2017 was unexpected.

Error: (03/05/2017 09:05:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

and APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

Error: (03/05/2017 02:33:24 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 5

Error: (03/05/2017 02:33:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-044JTN3)

Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (03/05/2017 02:33:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-044JTN3)

Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (03/05/2017 02:33:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-044JTN3)

Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

Error: (03/05/2017 02:33:20 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-044JTN3)

Description: The server {A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D} did not register with DCOM within the required timeout.

CodeIntegrity:

===================================

Date: 2017-03-04 15:37:10.054

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-28 22:37:15.095

Date: 2017-01-30 19:40:45.436

Date: 2017-01-13 22:47:15.385

Date: 2017-01-11 17:07:35.244

Date: 2016-12-31 19:15:05.150

Date: 2016-12-26 21:37:48.692

Date: 2016-12-18 17:50:03.391

Date: 2016-12-18 12:50:11.960

Date: 2016-11-25 16:15:02.008

Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU L 640 @ 2.13GHz

Percentage of memory in use: 53%

Total physical RAM: 3891.67 MB

Available physical RAM: 1818.9 MB

Total Virtual: 4659.67 MB

Available Virtual: 2234.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.75 GB) (Free:83.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 7658EBE9)

Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=118.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#3
JSntgRvr

Posted 09 March 2017 - 12:22 PM

Global Moderator

Global Moderator
11,579 posts

Welcome.

Lets remove every entry shown as part of chromium:

Download the attached file [attachment=84337:Fixlist.txt] and save it in the same directory FRST64 is saved.

Start FRST64 with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be moved to Quarantine.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

#4
slberube

Posted 11 March 2017 - 10:41 PM

New Member

Topic Starter
Member
5 posts

Thank you!

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-03-2017 01

Ran by New Owner (11-03-2017 23:18:51) Run:1

Running from C:\Users\New Owner\Desktop\Geeks

Loaded Profiles: New Owner (Available Profiles: New Owner)

Boot Mode: Normal

==============================================

fixlist content:

*****************

GroupPolicy: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

Task: C:\WINDOWS\Tasks\Bing Search Engine donel.job => Wscript.exe C:\ProgramData\{3FA2FAC1-B5E0-7007-3326-EE45A964658B}\lolo.txt <==== ATTENTION

ATTENTION: System Restore is disabled

2017-02-22 19:41 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-01-19 22:52 - 2017-01-19 22:52 - 0739904 _____ (Oracle Corporation) C:\Users\New Owner\AppData\Local\Temp\jre-8u121-windows-au.exe

C:\Users\New Owner\AppData\Local\chromium\Application\chrome.exe

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\...\Run: [Chromium] => c:\users\new owner\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)

2016-11-25 16:13 - 2016-03-18 06:32 - 02160128 _____ () C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libglesv2.dll

2016-11-25 16:13 - 2016-03-18 06:32 - 00075776 _____ () C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libegl.dll

C:\Users\New Owner\AppData\Local\chromium

CMD: netsh advfirewall reset

CMD: netsh advfirewall set allprofiles state ON

CMD: ipconfig /flushdns

CMD: netsh winsock reset catalog

CMD: netsh int ip reset C:\resettcpip.txt

CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"

CMD: Bitsadmin /Reset /Allusers

EMPTYTEMP:

Reboot:

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully

C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully

C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully

HKLM\SOFTWARE\Policies\Google => key removed successfully

C:\WINDOWS\Tasks\Bing Search Engine donel.job => moved successfully

ATTENTION: System Restore is disabled => Error: No automatic fix found for this entry.

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully

C:\WINDOWS\CbsTemp => moved successfully

C:\Users\New Owner\AppData\Local\Temp\jre-8u121-windows-au.exe => moved successfully

C:\Users\New Owner\AppData\Local\chromium\Application\chrome.exe => moved successfully

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully

HKU\S-1-5-21-3576602160-2063071951-4256186603-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_9CC58435E1B3EDDA8332026C4A9FB868 => value not found.

C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libglesv2.dll => moved successfully

C:\Users\New Owner\AppData\Local\chromium\Application\51.0.2683.0\libegl.dll => moved successfully

C:\Users\New Owner\AppData\Local\chromium => moved successfully

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

========= netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.

You must restart the computer in order to complete the reset.

========= End of CMD: =========

========= netsh int ip reset C:\resettcpip.txt =========

Resetting Global, OK!

Resetting Interface, OK!

Resetting Unicast Address, OK!

Resetting Neighbor, OK!

Resetting Path, OK!

Resetting , failed.

Access is denied.

Resetting , OK!

Restart the computer to complete this action.

========= End of CMD: =========

========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.

Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

========= End of CMD: =========

========= Bitsadmin /Reset /Allusers =========

BITSADMIN version 3.0

BITS administration utility.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.

Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {CA60921D-06D2-4041-B3FC-B1C2370F638C}.

Unable to cancel {5F4896EA-D293-4089-91E9-486C51A47FEE}.

0 out of 2 jobs canceled.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36291077 B

Java, Flash, Steam htmlcache => 696 B

Windows/system/drivers => 49856601 B

Edge => 33824951 B

Chrome => 475705254 B

Firefox => 0 B

Opera => 0 B

Temp, IE cache, history, cookies, recent:

Default => 0 B

Users => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 0 B

systemprofile32 => 128 B

LocalService => 0 B

NetworkService => 169602 B

New Owner => 295939434 B

RecycleBin => 800366173 B

EmptyTemp: => 1.6 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 23:19:42 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.1 (02.11.2017)

Operating System: Windows 10 Pro x64

Ran by New Owner (Administrator) on Sat 03/11/2017 at 23:25:26.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 2

Successfully deleted: C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)

Successfully deleted: C:\Users\New Owner\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pbjikboenpfhbbejgkoklgkhjpfogcam (Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 03/11/2017 at 23:27:12.46

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#5
JSntgRvr

Posted 12 March 2017 - 09:26 AM

Global Moderator

Global Moderator
11,579 posts

Were you able to run Adwcleaner?

#6
JSntgRvr

Posted 16 March 2017 - 02:05 PM

Global Moderator

Global Moderator
11,579 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Chromium, yahoo search tabs, malware

Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,615 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,694 views	DR M 16 Apr 2023
Security → Virus, Spyware, Malware Removal → Checkmate Ransomware detection / removal? Started by JcTcom , 18 Aug 2022 Checkmate, Ransomware, Virus and 5 more...	0 replies 1,850 views	JcTcom 18 Aug 2022
Security → Virus, Spyware, Malware Removal → Getting a warning over & over but not getting it clean [Solved] Started by Phlegmbot , 28 Mar 2022 malware, spyware, redirect 1 2	Hot 21 replies 6,695 views	DR M 10 Apr 2022
Security → Virus, Spyware, Malware Removal → PC keeps hanging and restarting on its own [Closed] Started by lolx21341 , 29 Jan 2022 Hanging, Restarting, Virus and 2 more...	3 replies 3,587 views	DR M 03 Feb 2022