I was on this forum 2 years ago
http://www.geekstogo...emote-download/
that was cleared with your help.
recently malwarebytes blocked some RTP
just noticed today that "adminsitrator" as a new user was created several days ago!
here is frst file
FRST.txt 29.67KB 175 downloads
Amy help would be appreciated!
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by Eyeformatics (administrator) on EMRSERVERHPZ600 (Hewlett-Packard HP Z600 Workstation) (13-03-2020 11:08:31)
Running from C:\Users\Eyeformatics\Desktop
Loaded Profiles: User & VSRUSER & Eyeformatics & Guest & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS & ConnectEHR Patient Portal AppPool (Available Profiles: User & VSRUSER & Eyeformatics & Adminsitrator & Administrator & Guest & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS & Classic .NET AppPool & ConnectEHR AppPool & CQMsolution AppPool & DefaultAppPool & ConnectEHR Patient Portal AppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitvise Limited -> ) C:\Program Files\Bitvise SSH Server\BssCtrl.exe
(Bitvise Limited -> Bitvise Limited) C:\Program Files\Bitvise SSH Server\BvSshServer.exe
(CobianSoft, Luis Cobian) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
(Dynamic Health IT, Inc.) [File not signed] C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe
(Dynamic Health IT, Inc.) [File not signed] C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsase.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmserver.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmsib.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Database Server\fmxdbc_listener.exe
(FileMaker, Inc -> FileMaker, Inc.) C:\Program Files\FileMaker\FileMaker Server\Web Publishing\publishing-engine\cwpc\fmscwpc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Luis Cobian, CobianSoft) [File not signed] C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\inetsrv\w3wp.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\java.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Java\jre1.8.0_241\bin\javaw.exe
(PcWinTech.com) [File not signed] C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-10-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
HKLM-x32\...\Run: [Bitvise SSH Server Activation State Checker] => C:\Program Files\Bitvise SSH Server\BssActStateCheck.exe [245064 2015-04-09] (Bitvise Limited -> Bitvise Limited)
HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [379824 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951450\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951486\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3866400975-1191489592-655960364-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951635\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-3866400975-1191489592-655960364-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951919\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953048\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953117\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953241\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-1036420768-1044797643-1061213386-2937092688-4282445334-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953336\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-1817433644-933353629-1310384419-1423244486-3076509252-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953414\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-2489493308-486773822-1786417886-2571693098-4028040717-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953523\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953644\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-4016458102-2210263096-3625409667-1209427945-2153979972\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-82-4016458102-2210263096-3625409667-1209427945-2153979972-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104953730\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 BvLsa
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0D390859-4532-450F-9CE9-987B76B56DA0} - System32\Tasks\WeeklyMirror => C:\Users\Eyeformatics\Documents\mirrorffs.bat [105 2017-04-05] () [File not signed]
Task: {1BB561B3-675E-42C4-8253-AE7D779AEE15} - System32\Tasks\G2MUpdateTask-S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Users\Eyeformatics\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: {2FEEF02C-DDC5-440C-8838-10265ECFBE9E} - System32\Tasks\FileSync DB => C:\Users\Eyeformatics\Documents\dailyffs.bat [115 2017-04-05] () [File not signed]
Task: {30382559-196A-4774-8FE1-33D311F14759} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {38A155C3-2909-49B0-844F-814CA416D0BA} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem\mini_monitor.exe [1421312 2014-08-20] (PcWinTech.com) [File not signed]
Task: {64898C46-62DC-4B91-A8BA-0FA94E51880D} - System32\Tasks\Bitvise\Persistent BvSshServer Control Panel\S-1-5-21-3866400975-1191489592-655960364-1002 => C:\Program Files\Bitvise SSH Server\BssCtrl.exe [4760368 2015-04-09] (Bitvise Limited -> )
Task: {7FFE1D4F-D1F0-4EDF-85D5-11C9C6987491} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [61440 2014-08-20] (PcWinTech.com) [File not signed]
Task: {83BC1EB2-B03C-452F-BBDC-0AE37FCA99A4} - System32\Tasks\fmserestart => C:\Users\Eyeformatics\Desktop\restartfmse.bat [73 2018-08-21] () [File not signed]
Task: {973B6504-985B-4B53-B3D8-9882BEAF6CD5} - System32\Tasks\Run Hl7 Batch => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed]
Task: {9F5824C6-ACFA-4F2C-AA71-232A342B6087} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD5FC1CA-5A56-4501-84E6-5B64BBD08869} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-11-23] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {C0FEAFF2-9223-4E77-A0B8-ECFB1FECAA1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc -> Google Inc.)
Task: {C31D4ACD-A586-44F0-ACA0-47A6F484B23F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd -> Piriform Ltd)
Task: {E4404C67-0974-46D2-ACFD-699D03D4361D} - System32\Tasks\hl7 Grab Messages => C:\HL7\HL7Grab.bat [91 2015-03-04] () [File not signed]
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.)
Tcpip\..\Interfaces\{385993E2-FCF6-42E8-989B-34FDF866CEFA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5FCA3713-F36F-4F94-BA68-BA1AF0357EF2}: [DhcpNameServer] 167.206.112.138 167.206.7.4
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.1.1,-1]
Internet Explorer:
==================
HKU\S-1-5-21-3866400975-1191489592-655960364-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951551\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-3866400975-1191489592-655960364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104951635\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3866400975-1191489592-655960364-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03132020104952822] ATTENTION => Default URLSearchHook is missing
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FireFox:
========
FF DefaultProfile: y1n7dfxv.default
FF ProfilePath: C:\Users\Eyeformatics\AppData\Roaming\Mozilla\Firefox\Profiles\y1n7dfxv.default [2020-03-13]
FF Plugin: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-01-17] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-09] (NVIDIA Corporation -> NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-17] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default [2020-03-10]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Google Drive) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google Search) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-01-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-01-07]
CHR Extension: (Gmail) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-26]
CHR Extension: (Chrome Media Router) - C:\Users\Eyeformatics\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-03-03]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> AMD)
R2 BvSshServer; C:\Program Files\Bitvise SSH Server\BvSshServer.exe [14359408 2015-04-09] (Bitvise Limited -> Bitvise Limited)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-08] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-08] (Luis Cobian, CobianSoft) [File not signed]
R2 ConnectEHR_Agent; C:\Program Files\ConnectEHR\ConnectEHR Agent\ConnectEHR Agent.exe [49152 2014-09-25] (Dynamic Health IT, Inc.) [File not signed]
R2 CQMsolution_Agent; C:\Program Files\CQMsolution\CQMAgent\CQMAgent.exe [23552 2014-09-17] (Dynamic Health IT, Inc.) [File not signed]
R2 FileMaker Server; C:\Program Files\FileMaker\FileMaker Server\Database Server\fmshelper.exe [379224 2014-11-11] (FileMaker, Inc -> FileMaker, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [162392 2020-01-20] (SurfRight B.V. -> SurfRight B.V.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6960640 2019-11-25] (Malwarebytes Inc -> Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1113008 2016-07-27] (Cyber Power Systems, Inc. -> Cyber Power Systems, Inc.)
R2 ReportServer$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
S2 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13206544 2020-03-09] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Windows -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [326656 2012-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10497024 2012-05-24] (Microsoft Windows Hardware Compatibility Publisher -> ATI Technologies Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-02-18] (Malwarebytes Corporation -> Malwarebytes)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [214496 2020-02-18] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [226448 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73584 2020-02-24] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [109168 2020-02-24] (Malwarebytes Inc -> Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation -> Microsoft Corporation)
U3 aswbdisk; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ===================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-13 11:08 - 2020-03-13 10:52 - 002279936 _____ (Farbar) C:\Users\Eyeformatics\Desktop\FRST64 (1).exe
2020-02-24 08:32 - 2020-02-24 08:32 - 000226448 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-02-24 08:32 - 2020-02-24 08:32 - 000073584 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-02-24 08:31 - 2020-02-24 08:31 - 000109168 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-02-24 08:29 - 2020-02-24 08:29 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-02-18 21:09 - 2020-02-18 21:09 - 000214496 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2020-03-13 11:10 - 2015-03-04 16:02 - 000000600 _____ C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd
2020-03-13 11:09 - 2018-01-23 20:10 - 000025727 _____ C:\Users\Eyeformatics\Desktop\FRST.txt
2020-03-13 11:09 - 2018-01-23 20:01 - 000000000 ____D C:\FRST
2020-03-13 10:53 - 2018-01-23 20:14 - 000040761 _____ C:\Users\Eyeformatics\Desktop\Addition.txt
2020-03-13 03:16 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-03-13 03:16 - 2009-07-14 00:45 - 000034704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-03-13 01:00 - 2017-04-25 14:58 - 000000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2020-03-12 01:11 - 2020-01-28 13:49 - 000000000 ____D C:\Users\Adminsitrator
2020-03-12 01:11 - 2015-04-28 07:23 - 000000000 ____D C:\Users\Administrator
2020-03-12 01:11 - 2014-12-24 10:37 - 000000000 ____D C:\Users\ConnectEHR AppPool
2020-03-12 01:11 - 2014-12-24 10:25 - 000000000 ____D C:\Users\ConnectEHR Patient Portal AppPool
2020-03-12 01:11 - 2014-12-24 10:24 - 000000000 ____D C:\Users\CQMsolution AppPool
2020-03-12 01:11 - 2014-12-23 15:39 - 000000000 ____D C:\Users\Classic .NET AppPool
2020-03-12 01:11 - 2014-12-23 14:42 - 000000000 ____D C:\Users\DefaultAppPool
2020-03-11 21:00 - 2014-12-20 13:30 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2020-03-10 14:10 - 2017-04-05 11:19 - 000003612 _____ C:\Windows\system32\Tasks\WeeklyMirror
2020-03-10 13:20 - 2014-12-22 15:12 - 000000000 ____D C:\Users\Guest
2020-03-04 16:57 - 2014-12-19 16:34 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-03-04 16:57 - 2014-12-19 16:34 - 000002183 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-03-03 14:02 - 2015-03-04 15:07 - 000000000 ____D C:\HL7
2020-03-03 11:46 - 2009-07-14 01:13 - 000998798 _____ C:\Windows\system32\PerfStringBackup.INI
2020-03-03 11:46 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2020-03-02 17:00 - 2017-01-09 15:50 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\ElevatedDiagnostics
2020-03-02 17:00 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\system32\NDF
2020-02-24 08:29 - 2013-06-18 15:00 - 000000000 ____D C:\ProgramData\NVIDIA
2020-02-24 08:29 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-02-24 08:24 - 2019-11-25 08:47 - 000000000 ____D C:\Users\Eyeformatics\AppData\Local\cache
2020-02-18 21:08 - 2019-11-11 08:44 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
==================== Files in the root of some directories ========
2015-04-24 08:20 - 2015-04-24 08:18 - 000000022 _____ () C:\Users\SuperContainer\get all files recursive.bat
2017-04-24 18:15 - 2018-08-17 14:41 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\PUTTY.RND
2015-03-04 16:02 - 2020-03-13 11:10 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Roaming\winscp.rnd
2015-04-16 12:44 - 2019-11-19 08:50 - 000000600 _____ () C:\Users\Eyeformatics\AppData\Local\PUTTY.RND
2015-04-20 15:23 - 2019-01-29 16:53 - 000007604 _____ () C:\Users\Eyeformatics\AppData\Local\Resmon.ResmonCfg
==================== FLock ==============================
2015-11-20 15:40 C:\Windows\ERUNT.exe
2017-07-17 13:30 C:\Windows\mod_frst.exe
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
LastRegBack: 2020-03-08 01:08
==================== End of FRST.txt ========================