Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Popups when using Chrome Browser

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Popups when using Chrome Browser

Unread postby goalie79 » May 14th, 2019, 1:50 am

about a week or so ago, the HP Elitebook 840 running Windows 10 began to run slower, and pop-ups began to appear. Symantec Enterprise is installed, and Malwarebytes, CCleaner and HitmanPro were run in an attempt to remove popups. Malwarebytes continually reports approx 155 items but popups continue. I last posted in this forum in 2015 and return for your assistance. FRST logs are included as requested. Thanks for being here !

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05.2019 01
Ran by dawnc (administrator) on DCDLAPTOPHP840 (Hewlett-Packard HP EliteBook 840 G1) (14-05-2019 01:43:05)
Running from C:\Users\dawnc\Desktop\2019-514_Popup Issue
Loaded Profiles: dawnc (Available Profiles: dawnc)
Platform: Windows 10 Pro Version 1803 17134.706 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler.exe
(Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.34.7\GoogleCrashHandler64.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\stacsv64.exe
(IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) pGFX -> ) C:\Windows\System32\igfxTray.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(SurfRight B.V. -> SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe
(Symantec Corporation -> Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [225280 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-08-15] (IDT, Inc.) [File not signed]
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297272 2017-12-11] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [5537600 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [File not signed]
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22515488 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\Run: [Spotify] => C:\Users\dawnc\AppData\Roaming\Spotify\Spotify.exe [26118888 2019-04-30] (Spotify AB -> Spotify Ltd)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.131\Installer\chrmstp.exe [2019-05-08] (Google LLC -> Google Inc.)
Startup: C:\Users\dawnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-02]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0008EB0A-2FF8-4BB3-8D81-86A3C880E613} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {1268F18C-7D56-4A02-9C26-55FE62C8CED1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1427056 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {127F801D-2F0B-4D2C-869A-0B1527A92BF9} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\SymErr.exe [92280 2019-05-03] (Symantec Corporation -> Symantec Corporation)
Task: {19B4B6EE-91A2-416B-A469-512B59DAE87C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {210118B1-A55E-47AC-9A3B-5A6CDAE1D964} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16509040 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {453C27CB-7560-425E-8A17-03D8ED7B2228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {4F1BC6F1-242C-47EB-9D78-E1BE033F12BA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112672 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {5256528D-63AE-4C43-9D4B-0E356947A8C8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-04-04] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {5677BEC0-95C7-4CFE-B262-69652F2CDFE6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {57E6FFA7-25E1-4A80-8A76-935BBEC36721} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3966168 2017-09-06] (Synaptics Incorporated -> Synaptics Incorporated)
Task: {69388318-0896-4B5E-B49F-BA1688B089D4} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {697CB896-03C7-468C-9B3F-9789762A8334} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\SymErr.exe [92280 2019-05-03] (Symantec Corporation -> Symantec Corporation)
Task: {949FEE52-9001-45D0-AFD5-C22EC11D2DD0} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\SymErr.exe [92280 2019-05-03] (Symantec Corporation -> Symantec Corporation)
Task: {94BC8A73-5F73-40A1-850A-C605E7EE4B73} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC2DD96B-5853-4248-B000-EEE51DA810AF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {BE1E1594-BF8D-4C1B-9166-9B90AB15FA23} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe
Task: {C55303F3-F60C-49D4-9210-FD3BF634D6F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26196056 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0E3912E-E57A-4D80-AF9D-2E83B53BB64C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {D928E44D-8D57-4DD7-BA9A-78D4289DDD8E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [515512 2015-07-01] (CyberLink Corp. -> CyberLink Corp.)
Task: {EAED8AEE-7435-4AAC-9CC2-23B285FAE7F6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.)
Task: {ED130F19-8DC7-4062-AAAA-745299C4D2C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1187864 2018-03-21] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {EFC2AD3D-A849-45BE-A6A8-86391871222A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {F270760F-2F8B-43F3-82DF-BC17EF2343A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4382048 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6F94C20-60EA-4D5E-9805-201D01A15B34} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-09-11] (Google Inc -> Google Inc.)
Task: {FBD05693-BBB2-4AF3-99F7-62BB68B16EBE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1439368 2019-05-03] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{0cc8fb58-c0f9-4a0f-83ec-25449632ac90}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{8741ee42-a130-404e-8e1d-4be723fa242d}: [DhcpNameServer] 192.168.1.200 192.168.1.203 192.168.1.241

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-636160677-693394574-652409422-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-636160677-693394574-652409422-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {87B37D6D-84E0-4647-9BB1-842C60F630BE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-636160677-693394574-652409422-1002 -> {87B37D6D-84E0-4647-9BB1-842C60F630BE} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea ... -keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: du2r5cqm.default
FF ProfilePath: C:\Users\dawnc\AppData\Roaming\Mozilla\Firefox\Profiles\du2r5cqm.default [2019-05-14]
FF Homepage: Mozilla\Firefox\Profiles\du2r5cqm.default -> hxxps://sis.lcps.org/
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.7\npGoogleUpdate3.dll [2019-03-27] (Google Inc -> Google LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-636160677-693394574-652409422-1002: jpl.nasa.gov/NASAEyes -> C:\Users\dawnc\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-09-20] (NASA Jet Propulsion Laboratory -> Jet Propulsion Laboratory)

Chrome:
=======
CHR Profile: C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default [2019-05-14]
CHR Extension: (Slides) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-09-11]
CHR Extension: (Docs) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-11]
CHR Extension: (Google Drive) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-11]
CHR Extension: (YouTube) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-09-11]
CHR Extension: (Ebates Rakuten: Get Cash Back For Shopping) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2019-05-14]
CHR Extension: (Adobe Acrobat) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2019-04-03]
CHR Extension: (Sheets) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-11]
CHR Extension: (HP Network Check Launcher) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkfpchpiljkaemlpmpebnglgkomamfeo [2018-09-13]
CHR Extension: (Virtru Email Protection for Gmail) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemmanchfojaehgkbgcfmdiidbopakpp [2019-05-11]
CHR Extension: (Wikibuy) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nenlahapcbofgnanklpelkaejcehkggg [2019-05-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-13]
CHR Extension: (Gmail) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-05-01]
CHR Extension: (Chrome Media Router) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-05-14]
CHR Profile: C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1 [2019-05-12]
CHR Extension: (Docs) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2018-09-12]
CHR Extension: (Google Drive) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-09-12]
CHR Extension: (Ebates: The Free Cash Back Shopping Assistant) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2018-09-12]
CHR Extension: (Adobe Acrobat) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2018-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-12]
CHR Extension: (Virtru Email Protection for Gmail) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nemmanchfojaehgkbgcfmdiidbopakpp [2018-09-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-09-12]
CHR Extension: (Gmail) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-09-12]
CHR Extension: (Chrome Media Router) - C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-12]
CHR Profile: C:\Users\dawnc\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-12]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc. -> Apple Inc.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146240 2019-04-26] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-03-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [139504 2019-05-07] (SurfRight B.V. -> SurfRight B.V.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [184064 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373760 2017-01-26] (Intel(R) pGFX -> Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5074120 2019-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe [157976 2019-05-03] (Symantec Corporation -> Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\snac64.exe [378088 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-15] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [256224 2017-09-06] (Synaptics Incorporated -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-24] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [55696 2018-08-31] (HP Inc. -> HP)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [65248 2015-04-24] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\BASHDefs\20190510.001\BHDrvx64.sys [1934048 2019-04-29] (Symantec Corporation -> Symantec Corporation)
S3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [87552 2011-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [14592 2011-03-30] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.)
R1 ccSettings_{048EFA22-DB32-43D5-879D-841B6EA67048}; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\ccSetx64.sys [179360 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515800 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153304 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [42384 2018-08-31] (HP Inc. -> HP)
S3 HPMoA407; C:\WINDOWS\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 HpqKbFiltr; C:\WINDOWS\System32\drivers\HpqKbFiltr64.sys [37112 2015-06-17] (Hewlett-Packard Company -> Hewlett-Packard Company)
S3 HPubA407; C:\WINDOWS\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation-Wireless Connectivity Solutions -> Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Data\Definitions\IPSDefs\20190513.061\IDSvia64.sys [1305072 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R3 IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [58880 2007-12-18] (Microsoft Windows Hardware Compatibility Publisher -> Infineon Technologies AG)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [46568 2013-08-07] (Intel(R) Smart Connect software -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [199768 2019-05-07] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-05-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [73912 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [275232 2019-05-14] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [117344 2019-05-08] (Malwarebytes Corporation -> Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation)
R3 NETwNb64; C:\WINDOWS\system32\DRIVERS\Netwbw02.sys [3530176 2018-03-06] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [777944 2016-01-13] (Realtek Semiconductor Corp -> Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3222016 2017-03-09] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [51936 2017-09-06] (Synaptics Incorporated -> Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\SRTSP64.SYS [829600 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\SRTSPX64.SYS [49312 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [551936 2013-08-15] (Microsoft Windows Hardware Compatibility Publisher -> IDT, Inc.)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\SyDvCtrl64.sys [44568 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0603000.018\symefasi.sys [1717912 2019-05-03] (Symantec Corporation -> Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\SymELAM.sys [24192 2019-05-03] (Microsoft Windows Early Launch Anti-malware Publisher -> Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\Ironx64.SYS [308896 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0E000EA8\03E8.105\x64\SYMNETS.SYS [567968 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [197992 2019-05-03] (Symantec Corporation -> Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [122352 2019-05-03] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46472 2019-04-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [344544 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-24] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-14 01:42 - 2019-05-14 01:43 - 000000000 ____D C:\FRST
2019-05-14 01:39 - 2019-05-14 01:43 - 000000000 ____D C:\Users\dawnc\Desktop\2019-514_Popup Issue
2019-05-14 01:09 - 2019-05-14 01:09 - 000073912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-05-12 11:18 - 2019-05-12 11:18 - 000000410 _____ C:\WINDOWS\BRWMARK.INI
2019-05-12 11:18 - 2012-06-14 09:37 - 000018944 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPubA407.sys
2019-05-12 11:18 - 2011-10-31 17:12 - 000025088 _____ (Hewlett-Packard.) C:\WINDOWS\system32\Drivers\HPMoA407.sys
2019-05-12 11:18 - 2010-09-17 13:59 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2019-05-08 19:59 - 2019-05-08 19:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2019-05-08 01:02 - 2019-05-08 01:02 - 000002376 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-05-08 01:02 - 2019-05-08 01:02 - 000002335 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-05-08 00:59 - 2019-05-08 00:59 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-05-08 00:58 - 2019-05-14 01:08 - 000275232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-05-08 00:58 - 2019-05-08 00:58 - 000117344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-05-07 20:33 - 2019-05-07 20:33 - 000001965 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2019-05-07 20:33 - 2019-05-07 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2019-05-07 20:33 - 2019-05-07 20:33 - 000000000 ____D C:\Program Files\HitmanPro
2019-05-07 20:32 - 2019-05-07 20:42 - 000000000 ____D C:\ProgramData\HitmanPro
2019-05-07 20:03 - 2019-05-14 01:05 - 000000000 ____D C:\AdwCleaner
2019-05-07 15:51 - 2019-05-07 15:51 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2019-05-07 15:51 - 2019-05-07 15:51 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2019-05-07 00:43 - 2019-05-07 00:43 - 000199768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-05-04 12:41 - 2019-05-04 12:41 - 000000000 ____D C:\Users\dawnc\AppData\Local\mbamtray
2019-05-04 12:41 - 2019-05-04 12:41 - 000000000 ____D C:\Users\dawnc\AppData\Local\mbam
2019-05-04 12:40 - 2019-05-07 00:43 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-05-04 12:40 - 2019-05-04 12:40 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-05-04 12:40 - 2019-05-04 12:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-05-04 12:40 - 2019-05-04 12:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-04 12:40 - 2019-02-01 11:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-05-04 12:34 - 2019-05-04 12:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-03 23:16 - 2019-05-14 01:14 - 000000000 ____D C:\WINDOWS\System32\Tasks\Symantec Endpoint Protection
2019-05-03 23:15 - 2019-05-03 23:15 - 000102608 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2019-05-03 23:15 - 2019-05-03 23:15 - 000008298 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2019-05-03 23:15 - 2019-05-03 23:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\symefasi
2019-05-03 23:15 - 2019-05-03 23:15 - 000000000 ____D C:\ProgramData\SymEFASI
2019-05-03 23:15 - 2019-05-03 23:15 - 000000000 ____D C:\Program Files\Common Files\Symantec Shared
2019-05-03 23:12 - 2019-05-03 23:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2019-05-03 23:12 - 2019-05-03 23:12 - 000607976 _____ (Symantec Corporation) C:\WINDOWS\system32\SymVPN.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000507112 _____ (Symantec Corporation) C:\WINDOWS\system32\sysfer.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000483560 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\SymVPN.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000435944 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\sysfer.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000222440 _____ (Symantec Corporation) C:\WINDOWS\system32\FwsVpn.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000217832 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\FwsVpn.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000197992 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SysPlant.sys
2019-05-03 23:12 - 2019-05-03 23:12 - 000094440 _____ (Symantec Corporation) C:\WINDOWS\system32\snacnp.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000083688 _____ (Symantec Corporation) C:\WINDOWS\SysWOW64\snacnp.dll
2019-05-03 23:12 - 2019-05-03 23:12 - 000047672 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX64.SYS
2019-05-03 23:12 - 2019-05-03 23:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\SEP
2019-05-03 23:12 - 2019-05-03 23:12 - 000000000 ____D C:\ProgramData\regid.1992-12.com.symantec
2019-05-03 23:12 - 2019-05-03 23:12 - 000000000 ____D C:\Program Files (x86)\Symantec
2019-05-03 23:10 - 2019-05-03 23:10 - 000122352 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\Teefer.sys
2019-05-03 21:50 - 2019-05-03 21:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2019-04-29 10:26 - 2019-05-03 21:50 - 000002505 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2019-04-29 10:26 - 2019-05-03 21:50 - 000002442 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-14 01:35 - 2019-03-23 10:03 - 000000000 ____D C:\Users\dawnc\AppData\Local\D3DSCache
2019-05-14 01:32 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-14 01:11 - 2018-04-11 17:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2019-05-14 01:09 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-05-14 01:08 - 2018-09-09 18:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-05-14 01:08 - 2018-09-09 12:13 - 000000000 __SHD C:\Users\dawnc\IntelGraphicsProfiles
2019-05-14 01:08 - 2018-04-13 17:27 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2019-05-14 01:07 - 2018-04-11 17:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2019-05-14 01:06 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-14 00:42 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2019-05-14 00:38 - 2018-09-09 18:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-05-14 00:04 - 2018-08-04 17:27 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2019-05-12 16:11 - 2018-09-09 12:13 - 000000000 ____D C:\Users\dawnc\AppData\Local\Packages
2019-05-11 01:04 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-05-08 20:00 - 2018-09-12 05:13 - 000000000 ____D C:\Program Files (x86)\Dropbox
2019-05-05 19:05 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-05-04 12:40 - 2018-04-11 19:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-05-03 23:16 - 2018-09-12 04:22 - 000000000 ____D C:\ProgramData\Symantec
2019-05-03 22:35 - 2018-09-09 12:47 - 000000000 ____D C:\Users\dawnc\AppData\Local\PlaceholderTileLogoFolder
2019-05-03 22:30 - 2018-09-22 12:08 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2019-05-03 22:30 - 2018-09-22 12:08 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2019-05-03 22:29 - 2018-09-09 18:21 - 000000000 ____D C:\Users\dawnc
2019-05-03 22:24 - 2018-09-12 04:54 - 000000000 ____D C:\Program Files\Macrium
2019-05-03 22:09 - 2018-09-09 18:34 - 000002910 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-636160677-693394574-652409422-1002
2019-05-03 22:09 - 2018-09-09 18:34 - 000002824 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2019-05-03 22:09 - 2018-08-04 17:27 - 000003542 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2019-05-03 22:09 - 2018-08-04 17:27 - 000003522 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2019-05-03 22:09 - 2018-08-04 17:27 - 000003298 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2019-05-03 22:04 - 2018-09-09 12:29 - 000000000 ___DC C:\WINDOWS\Panther
2019-05-03 22:00 - 2018-09-12 04:33 - 000000000 ____D C:\Program Files\CCleaner
2019-05-03 22:00 - 2017-03-21 00:45 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-05-03 21:49 - 2018-09-12 05:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2019-04-30 19:25 - 2018-09-12 08:38 - 000000000 ____D C:\Users\dawnc\AppData\Local\Spotify
2019-04-30 18:47 - 2018-09-12 08:50 - 000000000 ____D C:\Users\dawnc\AppData\Roaming\Spotify
2019-04-24 05:40 - 2018-09-09 12:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2019-04-16 00:06 - 2018-09-09 18:21 - 000002366 _____ C:\Users\dawnc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-04-16 00:06 - 2018-09-09 12:16 - 000000000 ___RD C:\Users\dawnc\OneDrive

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05.2019 01
Ran by dawnc (14-05-2019 01:45:08)
Running from C:\Users\dawnc\Desktop\2019-514_Popup Issue
Windows 10 Pro Version 1803 17134.706 (X64) (2018-09-09 22:35:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-636160677-693394574-652409422-500 - Administrator - Disabled)
dawnc (S-1-5-21-636160677-693394574-652409422-1002 - Administrator - Enabled) => C:\Users\dawnc
DefaultAccount (S-1-5-21-636160677-693394574-652409422-503 - Limited - Disabled)
Guest (S-1-5-21-636160677-693394574-652409422-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-636160677-693394574-652409422-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Symantec Endpoint Protection (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.56 - Piriform)
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6713 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4.4301 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.1.4301 - CyberLink Corp.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 72.4.136 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.189.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 74.0.3729.131 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.7 - Google LLC) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.11.300 - SurfRight B.V.)
HL-L2360D series (HKLM-x32\...\{46B58839-2405-48D6-A59D-F8246158A6ED}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
Lazesoft Recovery Suite version 4.2 Professional Edition (HKLM-x32\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 4.2 - Lazesoft)
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11601.20144 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-636160677-693394574-652409422-1002\...\OneDriveSetup.exe) (Version: 19.043.0304.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Mozilla Firefox 47.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 en-US)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.4.0.6486 - Mozilla)
Mozilla Thunderbird 52.4.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 52.4.0 (x86 en-US)) (Version: 52.4.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11601.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11601.20144 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11601.20144 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.4.5 - Quicken)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21288 - Realtek Semiconduct Corp.)
Spotify (HKU\S-1-5-21-636160677-693394574-652409422-1002\...\Spotify) (Version: 1.1.0.237.g378f6f25 - Spotify AB)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{9096FF5F-09DC-4A17-9172-066560E56E48}) (Version: 14.0.3752.1000 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.63 - Synaptics Incorporated)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{B2E25355-C24E-4E7D-8AD3-455D59810838}) (Version: 2.57.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{A7B60FC9-A750-43C7-B7EC-892CD09147C7}) (Version: 1.18.0.0 - Microsoft Corporation) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version: - )

Packages:
=========
Assigned Access Lock app -> C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy [2018-04-11] (Microsoft Corporation)
Mixed Reality Portal -> C:\Windows\SystemApps\Microsoft.Windows.HolographicFirstRun_cw5n1h2txyewy [2018-04-11] (Microsoft Corporation)
Take a Test -> C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy [2018-04-11] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-636160677-693394574-652409422-1002_Classes\CLSID\{994DDB09-5EF2-4b68-9599-29BB1A2A6944}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-636160677-693394574-652409422-1002_Classes\CLSID\{C591CFEA-E432-495d-A0BE-58E4CCD87B17}\Shell\Open\Command -> C:\Program Files\Synaptics\SynTP\SynTPCpl.dll (Synaptics Incorporated -> Synaptics Incorporated)
CustomCLSID: HKU\S-1-5-21-636160677-693394574-652409422-1002_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\dawnc\Dropbox0
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> [CC]{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\vpshell2.dll [2019-05-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\vpshell2.dll [2019-05-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> [CC]{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => -> No File
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.0.dll [2019-05-07] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\vpshell2.dll [2019-05-03] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-01-27 23:33 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2019-01-27 23:34 - 2013-06-12 20:06 - 000385024 ____R (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2019-01-27 23:34 - 2013-09-25 16:35 - 000282112 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe
2018-04-09 16:45 - 2013-08-15 22:21 - 000339456 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\STacSV64.exe
2018-04-09 16:45 - 2013-08-15 22:21 - 001703424 _____ (IDT, Inc.) [File not signed] C:\Program Files\IDT\WDM\sttray64.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSettings_{048EFA22-DB32-43D5-879D-841B6EA67048}.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-636160677-693394574-652409422-1002\...\sharepoint.com -> hxxps://gwu0-myfiles.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 09:46 - 2017-09-29 09:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-636160677-693394574-652409422-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-636160677-693394574-652409422-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{EDA3F633-1A0A-490C-8F72-9C2EB0D7AA76}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1D9C47E8-7656-4936-A4D9-64E92F189B85}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{730472B6-8F22-4197-8301-9AE28C4E30B5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{FE4895B8-CA83-48CA-961C-9DA62C42CDAF}C:\users\dawnc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dawnc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{1F6B46C7-AFF4-43AE-8474-203FC2772F2A}C:\users\dawnc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dawnc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{59D34F6A-6D4D-424B-BC58-AE3742B9D1C3}C:\users\dawnc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dawnc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{D7865B5C-25E8-4417-923C-185AAF7E2556}C:\users\dawnc\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\dawnc\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{145A3BDD-4054-4913-83D3-059432B852DE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0DA77D42-F945-4B22-9047-9AD261F295EE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F723153C-427A-4780-9628-740F15D81F7A}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{7ACD808E-B023-4CDC-9632-C8EEE8254C73}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{5A6EB107-3E2C-40C4-8C2C-76F7CCEDBF2C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{EFA4DDF4-AC97-409D-A633-1DB1CF8AE4FC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3752.1000.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{C72C1850-F19B-452C-8F45-95C227B83721}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{C4450801-3DF5-4824-B6A4-79968A28C23A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)

==================== Restore Points =========================

26-04-2019 10:23:29 Scheduled Checkpoint
03-05-2019 22:23:20 Removed Macrium Reflect Free Edition
12-05-2019 11:17:08 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2019 01:18:35 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! Tracking Cookies in File: .doubleclick.net by: Manual scan. Action: Quarantine failed : Leave Alone failed. Action Description: The file was deleted successfully.

Error: (05/14/2019 01:06:38 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Symantec Endpoint Protection status to SECURITY_PRODUCT_STATE_SNOOZED.

Error: (05/14/2019 01:02:01 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (05/14/2019 01:02:01 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (05/14/2019 12:57:00 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (05/14/2019 12:57:00 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (05/14/2019 12:51:58 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (05/14/2019 12:51:58 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected


System errors:
=============
Error: (05/14/2019 01:36:27 AM) (Source: DCOM) (EventID: 10016) (User: DCDLAPTOPHP840)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DCDLAPTOPHP840\dawnc SID (S-1-5-21-636160677-693394574-652409422-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:28:15 AM) (Source: DCOM) (EventID: 10016) (User: DCDLAPTOPHP840)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DCDLAPTOPHP840\dawnc SID (S-1-5-21-636160677-693394574-652409422-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:25:23 AM) (Source: DCOM) (EventID: 10016) (User: DCDLAPTOPHP840)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DCDLAPTOPHP840\dawnc SID (S-1-5-21-636160677-693394574-652409422-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:10:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:08:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:08:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/14/2019 01:06:32 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

Error: (05/14/2019 01:06:06 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2019-05-03 10:31:13.998
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {84EB20F8-C812-47CD-AD70-FB89476601A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-03 08:55:06.680
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1CB4C5C4-CA48-4D78-B0C0-ADA123E25190}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-03 08:15:53.438
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3F4FA150-CE2C-4FFA-B25A-F297A002B51E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-03 00:59:20.337
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DF5396B2-C6CB-4CC4-90AA-7A407CC4B838}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-05-03 00:18:08.078
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {37D07987-1A0B-4ABF-8C06-775E2E59D6B8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-04-09 23:27:22.960
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted
Signature version: 1.291.1430.0;1.291.1430.0
Engine version: 1.1.15800.1

Date: 2019-04-09 23:27:20.840
Description:
Windows Defender Antivirus has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
Signatures Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted
Signature version: 1.291.1503.0;1.291.1503.0
Engine version: 1.1.15800.1

Date: 2019-04-04 13:33:08.765
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.291.1162.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15800.1
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2019-05-14 01:20:22.052
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:21.927
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:21.895
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:21.873
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:21.757
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:01.141
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:01.107
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

Date: 2019-05-14 01:20:01.052
Description:
Windows blocked file \Device\HarddiskVolume2\Windows\System32\scrobj.dll which has been disallowed for protected processes.

==================== Memory info ===========================

BIOS: Hewlett-Packard L71 Ver. 01.06 01/24/2014
Motherboard: Hewlett-Packard 198F
Processor: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz
Percentage of memory in use: 83%
Total physical RAM: 3993.11 MB
Available physical RAM: 646.67 MB
Total Virtual: 8601.11 MB
Available Virtual: 4627.62 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:296.68 GB) (Free:207.9 GB) NTFS

\\?\Volume{a06cf1e3-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.54 GB) (Free:0.5 GB) NTFS
\\?\Volume{a06cf1e3-0000-0000-0000-404e4a000000}\ () (Fixed) (Total:0.87 GB) (Free:0.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: A06CF1E3)
Partition 1: (Active) - (Size=549 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=888 MB) - (Type=27)

==================== End of Addition.txt ============================
goalie79
Regular Member
 
Posts: 36
Joined: March 22nd, 2015, 10:39 am
Advertisement
Register to Remove

Re: Popups when using Chrome Browser

Unread postby capnkrunch » May 15th, 2019, 12:49 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello goalie79 and welcome back to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 792
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popups when using Chrome Browser

Unread postby capnkrunch » May 15th, 2019, 1:00 pm

Please complete the following steps and post the requested logs in your reply:

Step one...

Please answer the following questions:
  • Is this computer used for business purposes, including home or small business?
  • Is this computer connected to an educational network, for example at a university?
  • Do you recognize the following website?
    IE trusted site: HKU\S-1-5-21-636160677-693394574-652409422-1002\...\sharepoint.com -> hxxps://gwu0-myfiles.sharepoint.com

Step two...

codecheck
  • Please download codecheck from here to your Desktop.
  • Make sure that codecheck.exe is on the your Desktop before running the application!
  • Double-click on codecheck.exe.
  • After a very short time a codecheck.txt icon will appear on your Desktop
  • Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Step three...

CKScanner
Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Answers to my questions
  • codecheck.txt
  • ckfiles.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 792
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popups when using Chrome Browser

Unread postby capnkrunch » May 17th, 2019, 12:36 pm

Hello goalie79 :)

It has been 48 hours since my last post.
  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 792
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Popups when using Chrome Browser

Unread postby pgmigg » May 18th, 2019, 2:17 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 4432
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware