Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

System is bogging down

This is a discussion on System is bogging down within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My home grown system has issues. Something has gotten into it. I believe it started getting noticeably about a week


Closed Thread
 
Thread Tools Search this Thread
Old 10-05-2017, 05:05 PM   #1
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



My home grown system has issues. Something has gotten into it. I believe it started getting noticeably about a week ago. I vaguely remember doing an update, for I believe was Malwarebytes. Since then all kinds of issues have happened. The most noticeable was that I was getting errors for net.exe. I finally got Malwarebytes back running, but I'm not sure if I trust the installation. I did do a root scan with mssstool64 and that turned out okay. Using the MS SFC I verified that I had issues with net1.exe that could not be corrected.

I am getting extremely slow shut downs and restarts. I recently had an issue with explorer not wanting to start. That appeared to be an issue with Autodesk360, which I uninstalled, so that is now working.

Any help weeding out the bug would be appreciated.
Attached is attach.txt and sfcdetails.txt

Thank you,
Randy

DDS.TXT -
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18792 BrowserJavaVersion: 11.31.2
Run by Randy at 19:41:40 on 2017-10-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16362.8605 [GMT -4:00]
.
AV: Norton Security *Enabled/Updated* {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security *Enabled/Updated* {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton Security *Enabled* {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\nvwmi64.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Corsair\Corsair Link\CorsairLINK_HardwareMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\FileOpen\Services\FileOpenManager64.exe
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Windows\SysWOW64\lkcitdl.exe
C:\Windows\system32\hasplmv.exe
C:\Windows\SysWOW64\lkads.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe
C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe
C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe
C:\Program Files\Autodesk\Inventor 2018\Moldflow\bin\mitsijm.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
C:\Program Files\NVIDIA Corporation\nview\nViewMain64.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NS.exe
C:\Program Files\NVIDIA Corporation\nview\nViewMain.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Randy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Timberline Office\Shared\Sage.CRE.PervasiveLicenseService.exe
C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\NS.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\notifyviewer.exe
C:\Program Files (x86)\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe
C:\Program Files\ShareSync\Tray\ShareSyncTray.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
C:\Program Files\Autodesk\Autodesk SketchBook Pro 2015\SketchBookSnapshot.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\Program Files (x86)\Sage\SIM\Client\SimNotify.exe
C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Program Files\TrueKey\McTkSchedulerService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files (x86)\Common Files\Sage\LS1\ServiceHost\Sage.LS1.ServiceHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Autodesk\Autodesk Desktop App\acwebbrowser\acwebbrowser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\net.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\net.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine32\22.10.1.10\coieplg.dll
TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2A9BWH2705KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Akamai NetSession Interface] "C:\Users\Randy\AppData\Local\Akamai\netsession_win.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [OneDrive] "C:\Users\Randy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [STCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SimNotify.exe] C:\Program Files (x86)\Sage\SIM\Client\SimNotify.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
StartupFolder: C:\Users\Randy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RUNNOT~1.LNK - C:\Windows\Installer\{0A3238D7-AB32-1130-B717-F3E3F18B4A8C}\ico_notifyviewer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SHARES~1.LNK - C:\Program Files\ShareSync\Tray\ShareSyncTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKETCH~1.LNK - C:\Program Files\Autodesk\Autodesk SketchBook Pro 2015\SketchBookSnapshot.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTP~1.LNK - C:\Windows\Installer\{0A3238D7-AB32-1130-B717-F3E3F18B4A8C}\ico_w3dbsmgr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 10.100.100.200
TCP: Interfaces\{6026CFA6-A22A-429E-9EE0-E7E254AD1D9D} : DHCPNameServer = 10.100.100.200
TCP: Interfaces\{9B682F1B-8848-4BDD-8BFF-BE409C3EC4B6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-BHO: True Key Helper: {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} -
x64-BHO: Norton Identity Safety: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coieplg.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} -
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\coieplg.dll
x64-TB: True Key: {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [nwiz] "C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" /installquiet
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [CnxtCoInstallerDefer] C:\Program Files\CONEXANT\PREINSTALL\SETUP582EFB190\SETUP64.EXE -REBOOTED_FROM_NO_ENUM_INSTALL_METHOD=1 -S
x64-Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {28B89EEF-1007-0000-7102-CF3F3A09B77D} - msiexec /fus {28B89EEF-1007-0000-7102-CF3F3A09B77D}
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-mASetup: {AD99243B-F007-0000-B1CC-22A4DDD4B96F} - msiexec /fus {AD99243B-F007-0000-B1CC-22A4DDD4B96F}
x64-mASetup: {CD301C75-E007-0409-8A4F-E62AF995F11C} - msiexec /fus {CD301C75-E007-0409-8A4F-E62AF995F11C}
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Randy\AppData\Roaming\Mozilla\Firefox\Profiles\y6iuiy1g.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Randy\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_185.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\Windows\System32\drivers\nipbcfk.sys [2012-12-18 16984]
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\Windows\System32\drivers\NSx64\160A010.00A\symefasi64.sys [2017-9-6 1868416]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2014-6-17 21104]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20171004.001\BHDrvx64.sys [2017-10-5 1872032]
R1 ccSet_NS;NS Settings Manager;C:\Windows\System32\drivers\NSx64\160A010.00A\ccsetx64.sys [2017-9-6 187520]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20171004.001\IDSvia64.sys [2017-10-4 1056920]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NSx64\160A010.00A\ironx64.sys [2017-9-6 301288]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NSx64\160A010.00A\symnets.sys [2017-9-6 566912]
R2 AdAppMgrSvc;Autodesk Desktop App Service;C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [2017-4-24 1353208]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2016-11-16 390472]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2014-2-7 31192]
R2 ClickToRunSvc;Microsoft Office Click-to-Run Service;C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-4-6 4122824]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2014-6-17 68136]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 FileOpenManager;FileOpen Manager;C:\Program Files\FileOpen\Services\FileOpenManager64.exe [2017-9-6 363176]
R2 hasplms;Sentinel LDK License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-5-21 49464]
R2 mitsijm2015;Autodesk Simulation Moldflow MITSI 2015 Job Manager;C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [2013-10-11 968480]
R2 mitsijm2016;Autodesk Simulation Moldflow MITSI 2016 Job Manager;C:\Program Files\Autodesk\Inventor 2016\Moldflow\bin\mitsijm.exe [2014-9-30 968480]
R2 mitsijm2017;Autodesk Simulation Moldflow MITSI 2017 Job Manager;C:\Program Files\Autodesk\Inventor 2017\Moldflow\bin\mitsijm.exe [2015-8-4 967456]
R2 mitsijm2018;Autodesk Simulation Moldflow MITSI 2018 Job Manager;C:\Program Files\Autodesk\Inventor 2018\Moldflow\bin\mitsijm.exe [2016-9-25 967664]
R2 NIApplicationWebServer;NI Application Web Server;C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 53960]
R2 niLXIDiscovery;NI LXI Discovery Service;C:\Program Files (x86)\ivi foundation\visa\WinNT\NIvisa\niLxiDiscovery.exe [2012-11-7 236768]
R2 nimDNSResponder;NI mDNS Responder Service;C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-5-31 258776]
R2 NS;Norton Security;C:\Program Files (x86)\Norton Security\Engine\22.10.1.10\ns.exe [2017-9-6 326144]
R2 NVWMI;NVIDIA WMI Provider;C:\Windows\System32\nvwmi64.exe [2015-10-13 3079800]
R2 Sage.CRE.PervasiveLicenseService;Sage Pervasive License Service;C:\Program Files (x86)\Timberline Office\Shared\Sage.CRE.PervasiveLicenseService.exe [2013-7-8 34608]
R2 Sage.LS1.ServiceHost;Sage Service Host (v13.1);C:\Program Files (x86)\Common Files\Sage\LS1\ServiceHost\Sage.LS1.ServiceHost.exe [2013-7-8 108848]
R2 SageInstMgrClient;Sage Installation Manager Client;C:\Program Files (x86)\Sage\SIM\Client\Sage.Sim.Client.WindowsService.exe [2013-7-8 17712]
R2 SDLService;SDLService;C:\Program Files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2014-6-17 95264]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2014-6-17 114688]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2017-8-2 731648]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-10-8 609056]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-10-13 417400]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;C:\Program Files\TrueKey\McTkSchedulerService.exe [2016-10-14 16928]
R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-24 493384]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2017-7-11 158336]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2015-6-17 87696]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2015-6-17 23184]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-18 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-18 181248]
R3 rtkio;rtkio;C:\Program Files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2014-6-17 17392]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-6-17 412264]
S2 AcfXAudioService;AcfXAudioService;C:\Windows\System32\svchost.exe -k AcfXAudioService [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648]
S2 InstallerService;Service Installer TrueKey;C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 --> C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [?]
S2 TrueKey;Intel Security True Key;C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [2017-7-12 1001920]
S3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2016-11-18 122624]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2016-11-18 34944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2014-6-17 25640]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2014-6-19 1591264]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2014-6-17 30528]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2017-9-12 116224]
S3 mi-raysat_3dsmax2015_64;mental ray Satellite for Autodesk 3ds Max Design 2015 64-bit;C:\Program Files\Autodesk\3ds Max Design 2015\NVIDIA\Satellite\raysat_3dsmax2015_64server.exe [2011-9-15 86016]
S3 mi-raysat_3dsmax2016_64;mental ray Satellite for Autodesk 3ds Max 2016 64-bit;C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [2011-9-15 86016]
S3 nipalfwedl;nipalfwedl;C:\Windows\System32\drivers\nipalfwedl.sys [2012-12-19 13624]
S3 nipalusbedl;nipalusbedl;C:\Windows\System32\drivers\nipalusbedl.sys [2012-12-19 13624]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 ser2at;ATEN USB to Serial port driver;C:\Windows\System32\drivers\ser2at64.sys [2009-10-15 96256]
S3 ser2attr;Tripp Lite USB to Serial port;C:\Windows\System32\drivers\ser2attr64.sys [2009-11-16 96256]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TrueKeyServiceHelper;TrueKeyServiceHelper;C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [2017-7-12 87760]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-6-18 1255736]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-5-22 76488]
.
=============== File Associations ===============
.
ShellExec: pi11.exe: Open="C:\Program Files (x86)\Microsoft Digital Image 2006\pi.exe" "%1"
.
=============== Created Last 30 ================
.
2017-10-05 23:16:32 -------- d--h--w- C:\OneDriveTemp
2017-10-03 18:45:45 -------- d-----w- C:\Windows\Microsoft Antimalware
2017-10-03 13:45:16 77440 ----a-w- C:\Windows\System32\drivers\mbae64.sys
2017-09-30 02:21:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-28 13:19:24 -------- d-----w- C:\Program Files\Malwarebytes
2017-09-28 13:15:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-28 13:09:51 112592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleHandler.dll
2017-09-28 13:09:49 55248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\pingsender.exe
2017-09-13 00:25:59 880640 ----a-w- C:\Windows\System32\advapi32.dll
2017-09-08 10:54:34 448712 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2017-09-08 10:53:08 28360 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
2017-09-08 10:46:08 207048 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2017-09-06 18:05:14 566912 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\symnets.sys
2017-09-06 18:05:13 810136 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\srtsp64.sys
2017-09-06 18:05:13 49304 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\srtspx64.sys
2017-09-06 18:05:13 301288 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\ironx64.sys
2017-09-06 18:05:13 24608 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\symelam.sys
2017-09-06 18:05:13 187520 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\ccsetx64.sys
2017-09-06 18:05:13 1868416 ----a-w- C:\Windows\System32\drivers\NSx64\160A010.00A\symefasi64.sys
2017-09-06 18:04:36 -------- d-----w- C:\Windows\System32\drivers\NSx64\160A010.00A
2017-09-06 14:03:29 -------- d-----w- C:\Users\Randy\AppData\Roaming\FileOpen
2017-09-06 14:03:22 -------- d-----w- C:\ProgramData\FileOpen
2017-09-06 14:03:20 -------- d-----w- C:\Program Files\FileOpen
2017-09-06 01:03:02 17407232 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
==================== Find3M ====================
.
2017-10-05 23:12:50 25640 ----a-w- C:\Windows\gdrv.sys
2017-09-14 22:55:21 15728682 ----a-w- C:\Windows\System32\net1.exe
2017-08-16 15:29:31 806912 ----a-w- C:\Windows\System32\usp10.dll
2017-08-16 15:10:30 629760 ----a-w- C:\Windows\SysWow64\usp10.dll
2017-08-16 14:57:58 3224576 ----a-w- C:\Windows\System32\win32k.sys
2017-08-15 15:29:34 1867264 ----a-w- C:\Windows\System32\ExplorerFrame.dll
2017-08-15 15:10:42 1499648 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll
2017-08-14 17:35:10 303104 ----a-w- C:\Windows\SysWow64\mmcbase.dll
2017-08-14 17:35:10 2150912 ----a-w- C:\Windows\SysWow64\mmcndmgr.dll
2017-08-14 17:35:10 128512 ----a-w- C:\Windows\SysWow64\mmcshext.dll
2017-08-14 17:35:06 172544 ----a-w- C:\Windows\SysWow64\cic.dll
2017-08-14 17:35:03 355328 ----a-w- C:\Windows\System32\mmcbase.dll
2017-08-14 17:35:03 3203584 ----a-w- C:\Windows\System32\mmcndmgr.dll
2017-08-14 17:35:03 131072 ----a-w- C:\Windows\System32\mmcshext.dll
2017-08-14 17:34:59 211968 ----a-w- C:\Windows\System32\cic.dll
2017-08-13 21:37:59 2144256 ----a-w- C:\Windows\System32\mmc.exe
2017-08-13 21:30:41 1401344 ----a-w- C:\Windows\SysWow64\mmc.exe
2017-08-13 17:24:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2017-08-13 17:24:07 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2017-08-13 1746 66560 ----a-w- C:\Windows\System32\iesetup.dll
2017-08-13 17:05:51 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2017-08-13 17:05:42 417792 ----a-w- C:\Windows\System32\html.iec
2017-08-13 17:05:20 576512 ----a-w- C:\Windows\System32\vbscript.dll
2017-08-13 17:05:13 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2017-08-13 16:51:21 5981696 ----a-w- C:\Windows\System32\jscript9.dll
2017-08-13 16:51:09 116224 ----a-w- C:\Windows\System32\ieetwcollector.exe
2017-08-13 16:51:07 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2017-08-13 16:50:39 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2017-08-13 16:46:10 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2017-08-13 16:41:42 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2017-08-13 16:30:33 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2017-08-13 16:29:56 499200 ----a-w- C:\Windows\SysWow64\vbscript.dll
2017-08-13 16:29:44 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2017-08-13 16:29:41 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2017-08-13 16:29:24 341504 ----a-w- C:\Windows\SysWow64\html.iec
2017-08-13 16:29:11 87552 ----a-w- C:\Windows\System32\tdc.ocx
2017-08-13 16:28:17 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2017-08-13 16:17:51 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2017-08-13 16:17:19 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2017-08-13 16:02:26 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2017-08-13 16:01:54 2134528 ----a-w- C:\Windows\System32\inetcpl.cpl
2017-08-13 16:01:46 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2017-08-13 16:01:15 73216 ----a-w- C:\Windows\SysWow64\tdc.ocx
2017-08-13 15:48:04 4547072 ----a-w- C:\Windows\SysWow64\jscript9.dll
2017-08-13 15:43:48 2058752 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2017-08-13 15:43:00 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2017-08-13 15:40:24 3241472 ----a-w- C:\Windows\System32\wininet.dll
2017-08-13 15:17:15 2767872 ----a-w- C:\Windows\SysWow64\wininet.dll
2017-08-11 06:42:11 631176 ----a-w- C:\Windows\System32\winresume.efi
2017-08-11 06:38:49 706792 ----a-w- C:\Windows\System32\winload.efi
2017-08-11 06:38:48 95464 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2017-08-11 06:38:48 5547752 ----a-w- C:\Windows\System32\ntoskrnl.exe
2017-08-11 06:38:48 154856 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2017-08-11 06:36:37 1732864 ----a-w- C:\Windows\System32\ntdll.dll
2017-08-11 06:34:58 60416 ----a-w- C:\Windows\System32\msobjs.dll
2017-08-11 06:24:04 4001000 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2017-08-11 06:24:04 3945704 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2017-08-11 06:21:22 1314112 ----a-w- C:\Windows\SysWow64\ntdll.dll
2017-08-11 06:20:50 71680 ----a-w- C:\Windows\System32\PrintBrmUi.exe
2017-08-11 06:20:32 48640 ----a-w- C:\Windows\System32\wpnpinst.exe
2017-08-11 06:20:29 61952 ----a-w- C:\Windows\System32\ntprint.exe
2017-08-11 06:12:12 25088 ----a-w- C:\Windows\System32\netbtugc.exe
2017-08-11 06:09:32 61952 ----a-w- C:\Windows\SysWow64\ntprint.exe
2017-08-11 06:07:27 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2017-08-11 06:07:20 62464 ----a-w- C:\Windows\System32\drivers\appid.sys
2017-08-11 06:07:20 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2017-08-11 0640 64000 ----a-w- C:\Windows\System32\auditpol.exe
2017-08-11 06:03:40 338432 ----a-w- C:\Windows\System32\conhost.exe
2017-08-11 06:03:37 26624 ----a-w- C:\Windows\SysWow64\netbtugc.exe
2017-08-11 06:02:48 296960 ----a-w- C:\Windows\System32\rstrui.exe
2017-08-11 06:01:43 7168 ----a-w- C:\Windows\SysWow64\comcat.dll
2017-08-11 06:00:09 159744 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2017-08-11 06:00:01 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2017-08-11 06:00:01 262656 ----a-w- C:\Windows\System32\drivers\netbt.sys
2017-08-11 05:59:55 460800 ----a-w- C:\Windows\System32\drivers\srv.sys
2017-08-11 05:59:48 405504 ----a-w- C:\Windows\System32\drivers\srv2.sys
2017-08-11 05:59:41 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2017-08-11 05:59:35 291328 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2017-08-11 05:59:32 129536 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2017-08-11 05:58:55 26112 ----a-w- C:\Windows\System32\drivers\nsiproxy.sys
2017-08-11 05:58:52 30720 ----a-w- C:\Windows\System32\lsass.exe
2017-08-11 05:58:48 112640 ----a-w- C:\Windows\System32\smss.exe
2017-08-11 05:56:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2017-08-11 05:56:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2017-08-11 05:56:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2017-08-11 05:56:31 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2017-08-11 05:55:46 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll
2017-08-11 05:55:39 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2017-08-11 05:55:39 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2017-08-11 05:55:39 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2017-08-11 05:55:39 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2017-07-29 14:56:30 117248 ----a-w- C:\Windows\System32\drivers\tdx.sys
2017-07-26 16:21:17 102568 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2017-07-21 14:26:31 282624 ----a-w- C:\Windows\SysWow64\mstext40.dll
2017-07-21 14:26:30 518144 ----a-w- C:\Windows\SysWow64\msjetoledb40.dll
2017-07-21 14:26:30 409600 ----a-w- C:\Windows\SysWow64\msexch40.dll
2017-07-21 14:26:30 290816 ----a-w- C:\Windows\SysWow64\msjtes40.dll
2017-07-20 03:21:02 440792 ----a-w- C:\Windows\System32\AcSignOpt.exe
2017-07-20 03:21:00 41944 ----a-w- C:\Windows\System32\AcSignExt.dll
2017-07-14 15:29:15 486400 ----a-w- C:\Windows\System32\wer.dll
.
============= FINISH: 19:44:11.10 ===============
Attached Files
File Type: txt attach.txt (35.0 KB, 16 views)
File Type: txt sfcdetails.txt (61.1 KB, 12 views)
MasterBeorn is offline  
Sponsored Links
Advertisement
 
Old 10-06-2017, 12:56 AM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MasterBeorn,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we?

STEP 1

Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @Bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.

STEP 2

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 10-06-2017, 06:11 AM   #3
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Step 1)

AdwCleaner Report:
# AdwCleaner 7.0.3.1 - Logfile created on Fri Oct 06 12:38:01 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-04-2017.1
# Running on Windows 7 Professional (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Adware.Heuristic, HP AR Program Upload - c2a1159c92384ee7bf0651125a2a396a3ab76c34ec09450db222fbc192523e91
PUP.Adware.Heuristic, HP AR Program Upload - eae20d7313a9469591b4d1d1405decdb5392fcb60a5643cd9b05b41647993321


***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: Norton Safe Search - nortonsafe.search.ask.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [7715 B] - [2016/11/29 22:17:1]
C:/AdwCleaner/AdwCleaner[S0].txt - [7174 B] - [2016/11/29 22:15:17]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

Step 2)
I tried to download frst64.exe from bleepingcomputer.com and my Norton360 has quarantined it. I've tried this from two different computers.
It indicates that it has the threat WS.Reputation.1 I have also ensured that my Norton is up to date and run LiveUpdate prior to downloading the file.

I'm not sure if I believe this, but I would rather take precautions, rather than just disable my antivirus. This could be another symptom of my issues.

Next step?
Randy
MasterBeorn is offline  
Sponsored Links
Advertisement
 
Old 10-06-2017, 06:28 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MasterBeorn,
FRST64 is not harmful. For this reason, disable the security software and try again.
__________________
tekir06 is offline  
Old 10-06-2017, 06:36 AM   #5
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Performing the FRST now, I just realized that I did not do the cleaning portion of the AdwCleaner, but I didn't notice any issues. I hope that makes sense.

I'll upload the results of the FRST once it is complete.

Randy
MasterBeorn is offline  
Old 10-06-2017, 06:55 AM   #6
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Results of FRST64:

Attached files FRST.TXT and ADDITION.TXT

Randy
Attached Files
File Type: txt FRST.txt (116.7 KB, 13 views)
File Type: txt Addition.txt (150.4 KB, 11 views)
MasterBeorn is offline  
Old 10-07-2017, 04:37 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MasterBeorn,

Please do the following.

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (17.0 KB, 24 views)
__________________
tekir06 is offline  
Old 10-09-2017, 05:54 AM   #8
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Per your instructions, I ran FRST64.exe and used the Fix tool.
One problem that has been happening a few times, is I am getting issues with the boot sector not loading. Sometimes it takes a second reboot in order for the hard drive boot sector to load (e.g. operating system not found). Not sure if this is a drive problem or related to ongoing software issues. I am still seeing problems with the net1.exe not operating properly.

Results fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-10-2017
Ran by Randy (09-10-2017 08:10:54) Run:1
Running from C:\Users\Randy\Desktop
Loaded Profiles: Randy (Available Profiles: Randy & CAD_Nubie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{04991C5B-9ABF-48F7-AB39-48051DBBD48E}\InprocServer32 -> AcmPEXCtrl.ocx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No FileCustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0F7BC65C-AB86-4BA1-A3A5-63539C2BD78B}\InprocServer32 -> AcmPEXCtrl.ocx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6E2A9D17-D1DA-43E9-94E6-C513D3315891}\InprocServer32 -> g3vPartAuthEnviron.arx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{91520053-F024-4E94-B185-C80D25E0F985}\InprocServer32 -> g3vPartAuthEnviron.arx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A5DC4F3D-CB7E-46DF-A1DE-51421A94232C}\InprocServer32 -> g3vPartAuthEnviron.arx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C532F3AD-EFAD-41C0-8864-0093FF43D06A}\InprocServer32 -> g3vPartAuthEnviron.arx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DD7A3651-067D-4AC2-AB5B-EB851BA9486C}\InprocServer32 -> AcmPEXCtrl.ocx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EFE2B983-6FB7-463C-AFF2-E513228567F7}\InprocServer32 -> g3vPartAuthEnviron.arx => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll => No File
CustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll => No File
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.exe: => <==== ATTENTION
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.scr: scrfile => <==== ATTENTION
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.com: => <==== ATTENTION
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.cmd: => <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
CMD: bitsadmin /reset /allusers
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{04991C5B-9ABF-48F7-AB39-48051DBBD48E} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll => No FileCustomCLSID: HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{0F7BC65C-AB86-4BA1-A3A5-63539C2BD78B} => key not found.
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6E2A9D17-D1DA-43E9-94E6-C513D3315891} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{91520053-F024-4E94-B185-C80D25E0F985} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A5DC4F3D-CB7E-46DF-A1DE-51421A94232C} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C532F3AD-EFAD-41C0-8864-0093FF43D06A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DD7A3651-067D-4AC2-AB5B-EB851BA9486C} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{EFE2B983-6FB7-463C-AFF2-E513228567F7} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1} => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.exe => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.scr => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.bat => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.com => key removed successfully
HKU\S-1-5-21-4088898873-1417205207-2847333770-1000\Software\Classes\.cmd => key removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13867975 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 544684103 B
Edge => 0 B
Chrome => 1128111817 B
Firefox => 130838695 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55326392 B
systemprofile32 => 95414 B
LocalService => 66228 B
NetworkService => 98040 B
Randy => 89903442 B
CAD_Nubie => 37604 B

RecycleBin => 13447711330 B
EmptyTemp: => 14.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:19:05 ====
MasterBeorn is offline  
Old 10-10-2017, 03:56 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello MasterBeorn,

Thanks for the log. Looks nice.

Ok. Please do the following. Please try again Malwarebytes scan. Than send report.


Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

=========================================================

Go here and click 'SCAN NOW' under 'ESET Online Scanner' to check for remnants.

You will be prompted to download and install esetonlinescanner_enu.exe. Click on the link and save the file to a convenient location.
Double-click on esetonlinescanner_enu.exe to install and a new window will open. Follow the prompts.
Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how
At the bottom of the Terms of use window, tick the option Download latest version of ESET Online Scanner then click Accept
When/if prompted by UAC, 'Do you want to allow this app to make changes to your PC?', please choose Yes
Tick the option Enable detection of potentially unwanted applications
Click on Advanced settings
Make sure that the option Clean threats automatically is unticked.
Ensure these options are ticked:
  • Enable detection of potentially unsafe applications
  • Enable detection of suspicious applications
  • Scan archives
  • Enable Anti-Stealth technology

Click Scan
Wait for the scan to finish.
When the scan is done, if it shows a screen that says Threats found, click Save to text file... then name it and save it to your desktop.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Please copy/paste the contents of the log in your next reply.
To close ESET Online Scanner, select Do not clean then Finish
__________________
tekir06 is offline  
Old 10-10-2017, 05:33 AM   #10
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Hmm I am getting a "Unable to start service" messages from Malwarebytes.

Should I try and uninstall and reinstall? I have the pro version.

Randy
MasterBeorn is offline  
Old 10-10-2017, 11:41 PM   #11
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Randy,

Please try run Eset Online Scanner.
__________________
tekir06 is offline  
Old 10-11-2017, 07:01 PM   #12
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



OK, Randy the ESET Scanner, Results are:

C:\Users\Randy\Downloads\Avery Wizard 5.0_20140331.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

I tried the Malwarebytes again and am still getting the error:

"Unable to Connect the Service".

FYI I have a notification for Windows Updates:

Security Updates for Office 2010, Windows 7, and Office 2007.
I'll plan on doing those tomorrow when I get back to the system and what ever next step you think of.

I also still have the Net1.exe issue. Looking at my Resource Monitor, I have multiple images of CMD.EXE, CONHOST.EXE, and NET.EXE running. when I say multiple, I mean like over a hundred of each program. That's not right.

Ok, waiting for the next step.
Randy
MasterBeorn is offline  
Old 10-12-2017, 10:15 AM   #13
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Still looking for an update in procedure.

Randy
MasterBeorn is offline  
Old 10-12-2017, 10:59 AM   #14
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Randy,

Please try running malwarebytes in safe mode
__________________
tekir06 is offline  
Old 10-12-2017, 11:04 AM   #15
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Will do. So ignore windows updates for now?

Randy
MasterBeorn is offline  
Old 10-12-2017, 11:19 AM   #16
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Ok, rebooted in safe mode and had same symptoms - "Unable to Connect the Service".
MasterBeorn is offline  
Old 10-13-2017, 03:31 AM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello,

Have you made Windows updates?
__________________
tekir06 is offline  
Old 10-13-2017, 08:12 AM   #18
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Ok, I installed the Windows updates. 1st attempt at installation failed, so I rebooted and tried again and succeeded. Still had Can not connect the service error on Malwarebytes. I did a quick look-up and Malwarebytes forum suggested removing and reinstalling.

I just removed it and reinstall Malwarebytes, and made sure it was updated with current versions. It is running currently and will take about an hour or so to complete.

I have been monitoring my resource monitor and something is STILL causing NET.EXE / CMD.EXE / CONHOST.EXE to me executed multiple times. I have hundreds of copies of these programs running each taking 1 to 2 threads each.

FYI Malwarebytes is reporting no threats. I just ran it again after enabling "Scan for Rootkits", and that did not return anything.

I really want to figure out what is generating those exe threads.

Randy
MasterBeorn is offline  
Old 10-16-2017, 04:26 AM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello Randy,

Please run FRST tool again. Then Attach fresh logs.
__________________
tekir06 is offline  
Old 10-18-2017, 05:01 AM   #20
Registered Member
 
Join Date: Nov 2006
Posts: 20
OS: Win2000



Ok, Here are the updated logs from this morning.

Randy
Attached Files
File Type: txt FRST.txt (250.6 KB, 12 views)
File Type: txt Addition.txt (146.4 KB, 10 views)
MasterBeorn is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
random blue screen crash
hello i seem to have a graphics card issue and i am not sure how to fix it what happens is the computer will blue screen at any random time and it will say dumping physical memory to disk and will load till it gets to 100% and then i ususly shut it off as it will stay at that screen if i do...
pandasniper100 BSOD, App Crashes And Hangs 1 12-08-2013 07:32 AM
[BSODs] Numerous BSODs related to atikmpag.sys
I have a custom built computer. It BSODs frequently or freezes with "Display driver has stopped working and has recovered successfully". It's been happening since I first got it and I'm not sure why it's happening. Most of the time it BSODs with an error pointing to atikmpag.sys. I already...
darkxstorm BSOD, App Crashes And Hangs 7 09-14-2011 02:37 AM
Video and Sound lag in full screen videos + 0x116 BSODs
Hello guys... So I have recently formatted my computer and whenever I play a video on fullscreen, the video will lag a lot and the sound will be buggy and cracky.... Also, for example, I am playing Assassin's Creed II at the moment and this also happens in the cut scenes... This has all happened...
rudy_eila BSOD, App Crashes And Hangs 28 09-01-2011 02:49 AM
Sound distortions and bad sound quality, but only ingame
Hello, In five out of ten games I play I get crackling sound distortions and overall bad quality. The weird thing is that this does not happen in all games, and never in video's or MP3 playback. I have installed all the drivers from your website, installed the latest DirectX and DirectX 9.0c,...
Mastermind- PC Gaming Support 29 08-04-2011 02:12 PM
Blue Screen - EpicSight
I've been having blue screens for a long time now. Ever since I did a lot of hardware upgrades, they have been constant. Also, ontop of the blue screens, my internet will randomly go out. A message pops up while troubleshooting that goes something like "Problems with (something) gateway closed". I...
EpicSight BSOD, App Crashes And Hangs 39 07-13-2011 05:08 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:51 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts