Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Disk space drops even after removing large files, disk constantly runn


  • Please log in to reply

#1
codesWithaFist

codesWithaFist

    Member

  • Member
  • PipPip
  • 43 posts

Windows 8/8.1 machine -- disk is constantly running and disk space is down to 2.5 gigs (of 450+ gb drive).  No obvious offenders -- no individual folder looks like it has too much on it.  When I remove large files (for example, install files for old programs, large document files, or a large number of reasonably sized files) the amount of free space goes up briefly, but I can see it drop again just by hitting F5 and refreshing Windows Explorer.

 

This machine has not had a Windows update since 2014 (not sure who turned off Windows update but it's created a big mess now).  Because there are no current updates, I wouldn't be surprised if the disk space problems are malware related.

 

Also, I am unable to run the Disk Cleanup utility (even from command line).

 

Let me know if there's anything else you need and many thanks for your help.  

 

FRST scan logs are embedded below.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Springboard General (administrator) on SPRINGBOARD (12-12-2015 19:03:30)
Running from C:\Users\Springboard General.Springboard\Desktop
Loaded Profiles: Tricia & Springboard General (Available Profiles: Tricia & Springboard General)
Platform: Windows 8.1 (Update 1) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.bak
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\loggingserver.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intuit Inc. All rights reserved.) C:\Users\Tricia\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
() C:\Program Files (x86)\AVG Web TuneUp\CefHost.exe
() C:\Program Files (x86)\AVG Web TuneUp\CefHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\sfc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_fa50b3979b1bcb4a\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-05] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2811792 2015-12-10] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-341979965-2309638416-527897743-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-341979965-2309638416-527897743-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [131072 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-341979965-2309638416-527897743-1011\...\MountPoints2: {4707cb77-a19a-11e4-be99-4c72b91cd879} - "F:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-03-07]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-03-07]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-03-07]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Springboard General.Springboard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-06-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\Users\Springboard General.Springboard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-06-20]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{502891E9-FB41-4DD7-B22B-9242504B768D}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-341979965-2309638416-527897743-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-341979965-2309638416-527897743-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-341979965-2309638416-527897743-1011\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={CAD5A84E-8BB6-41DE-91ED-729696126DD0}&mid=16eec25dcc3147cd9d269d3bfff8318a-fad2ca52042e0667b55dd00104c3e1a87f697606&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415avt&pr=fr&d=2015-05-01 07:49:24&v=4.1.0.411&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-341979965-2309638416-527897743-1011\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {938F2926-5B1B-4E07-AF15-987E92E964A3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {938F2926-5B1B-4E07-AF15-987E92E964A3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-341979965-2309638416-527897743-1001 -> {938F2926-5B1B-4E07-AF15-987E92E964A3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-341979965-2309638416-527897743-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-341979965-2309638416-527897743-1011 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-341979965-2309638416-527897743-1011 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={CAD5A84E-8BB6-41DE-91ED-729696126DD0}&mid=16eec25dcc3147cd9d269d3bfff8318a-fad2ca52042e0667b55dd00104c3e1a87f697606&lang=en&ds=AVG&coid=avgtbavg&cmpid=0415avt&pr=fr&d=2015-05-01 07:49:24&v=4.1.0.411&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-341979965-2309638416-527897743-1011 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll [2015-12-10] (AVG)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.3.128\AVG Web TuneUp.dll [2015-12-10] (AVG)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-341979965-2309638416-527897743-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.3\\npsitesafety.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-14] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-14] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-341979965-2309638416-527897743-1011: @citrixonline.com/appdetectorplugin -> C:\Users\Springboard General.Springboard\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-02-27] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Springboard General.Springboard\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-28] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-07]
CHR Extension: (Google Drive) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-28]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2015-02-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Springboard General.Springboard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2877112 2015-11-19] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-11-14] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-08-01] (Realtek Semiconductor)
R3 TermService; C:\Windows\System32\termsrv.dll [1032704 2014-06-06] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater40.2.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\ToolbarUpdater.exe [1923984 2015-12-10] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164688 2015-12-10] ()
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-11-14] (Intel Corporation)
R3 ROCKEYNT; C:\Windows\system32\DRIVERS\Rockey4.sys [36904 2014-05-10] (Feitian Technologies Co., Ltd.)
S3 Rockey_USB; C:\Windows\system32\DRIVERS\Rockey4USB.sys [23592 2014-05-10] (Feitian Technologies Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [35856 2014-03-23] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [257880 2014-03-23] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 19:03 - 2015-12-12 19:06 - 00025929 _____ C:\Users\Springboard General.Springboard\Desktop\FRST.txt
2015-12-12 19:01 - 2015-12-12 19:03 - 00000000 ____D C:\FRST
2015-12-12 18:59 - 2015-12-12 19:00 - 02369536 _____ (Farbar) C:\Users\Springboard General.Springboard\Desktop\FRST64.exe
2015-12-11 12:57 - 2015-12-11 13:09 - 00000000 ____D C:\Users\Tricia\Documents\Fax
2015-12-11 12:57 - 2015-12-11 12:57 - 00000000 ___RD C:\Users\Tricia\Documents\Scanned Documents
2015-12-10 23:27 - 2015-12-10 23:27 - 00000000 ___HD C:\Program Files\Common Files\AVG Secure Search
2015-12-09 12:11 - 2015-12-09 12:11 - 00163961 _____ C:\Users\Tricia\Downloads\securedoc_20151103T083857 (2).html
2015-12-09 11:56 - 2015-12-09 11:56 - 00163961 _____ C:\Users\Tricia\Downloads\securedoc_20151103T083857 (1).html
2015-12-05 08:12 - 2015-12-05 08:12 - 01180838 _____ C:\Users\Springboard General.Springboard\Documents\Eastwick amidatu performance review final.pdf
2015-12-03 11:43 - 2015-12-03 11:43 - 00000582 _____ C:\Users\Springboard General.Springboard\Downloads\EventDate.ics
2015-12-02 13:58 - 2015-12-02 13:58 - 00014695 _____ C:\Users\Springboard General.Springboard\Downloads\Record of Interventions-(11-25-2015-12-01-2015).pdf
2015-11-28 19:51 - 2015-11-28 19:51 - 00002205 _____ C:\Users\Tricia\Desktop\HP Support Assistant.lnk
2015-11-22 11:33 - 2015-11-22 11:33 - 00000000 ____D C:\Program Files (x86)\LogMeIn Ignition
2015-11-21 18:05 - 2015-11-21 18:05 - 00000633 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (5).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000597 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (1).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000594 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (3).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000477 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (7).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000474 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate.ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000417 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (4).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000375 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (8).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000375 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (6).ics
2015-11-21 18:05 - 2015-11-21 18:05 - 00000375 _____ C:\Users\Springboard General.Springboard\Downloads\AgendaDate (2).ics
2015-11-19 07:52 - 2015-11-19 07:52 - 03024219 _____ C:\Users\Springboard General.Springboard\Documents\Ann Taylor.pdf
2015-11-18 16:58 - 2015-11-18 16:58 - 00016910 _____ C:\Users\Tricia\Downloads\November 5th 2015.xlsx
2015-11-18 15:50 - 2015-11-18 15:50 - 00163961 _____ C:\Users\Tricia\Downloads\securedoc_20151103T083857.html
2015-11-18 15:48 - 2015-11-18 15:48 - 00089218 _____ C:\Users\Tricia\Downloads\CI0000321792.PDF
2015-11-18 09:05 - 2015-11-18 09:05 - 00082685 _____ C:\Users\Springboard General.Springboard\Documents\Power Point Presentation.pptx
2015-11-16 07:31 - 2015-11-16 07:42 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Essential Oils
2015-11-14 17:29 - 2015-11-14 17:29 - 00613901 _____ C:\Users\Tricia\Documents\merrick.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 19:03 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-12 18:46 - 2013-08-21 18:26 - 00000000 ____D C:\ProgramData\LogMeIn
2015-12-12 18:37 - 2015-02-27 08:43 - 00000718 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-341979965-2309638416-527897743-1011.job
2015-12-12 18:33 - 2014-05-27 09:03 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Archive
2015-12-12 18:23 - 2013-08-21 19:05 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 17:53 - 2014-03-11 19:54 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Temporary
2015-12-12 17:52 - 2014-03-13 21:27 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Outlook Files
2015-12-12 17:41 - 2015-04-03 13:53 - 00000000 ____D C:\ProgramData\MFAData
2015-12-12 17:38 - 2015-05-29 22:38 - 00000814 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-341979965-2309638416-527897743-1011.job
2015-12-12 13:59 - 2014-06-12 15:03 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\IMProData
2015-12-12 08:57 - 2014-03-10 17:27 - 00007875 _____ C:\WINDOWS\BRRBCOM.INI
2015-12-12 06:40 - 2014-03-11 08:15 - 00003994 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23458CCD-A116-49B2-B923-4A233E28CF83}
2015-12-12 04:17 - 2013-08-21 19:05 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 19:13 - 2014-03-10 18:22 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341979965-2309638416-527897743-1011
2015-12-11 19:08 - 2014-04-13 07:02 - 00003130 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341979965-2309638416-527897743-1011
2015-12-11 19:08 - 2014-04-13 07:02 - 00000000 ___RD C:\Users\Springboard General.Springboard\OneDrive
2015-12-11 17:34 - 2014-09-03 15:57 - 00033792 _____ C:\Users\Tricia\Documents\Rose Ann bills.xls
2015-12-11 14:22 - 2014-03-09 17:03 - 00000000 ____D C:\Users\Tricia\Documents\Outlook Files
2015-12-11 11:51 - 2015-10-28 12:21 - 00013761 _____ C:\Users\Tricia\Desktop\Daily Therapist Worksheet-Fall Schedule.xlsx
2015-12-11 10:43 - 2014-03-08 17:19 - 00000000 ___RD C:\Users\Tricia\OneDrive
2015-12-11 10:43 - 2013-06-17 18:52 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341979965-2309638416-527897743-1001
2015-12-11 08:54 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-11 07:47 - 2013-06-17 18:45 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB6BBE0A-B234-483E-957F-05F1D0D8D4F4}
2015-12-11 07:41 - 2014-03-11 19:54 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Springboard Forms
2015-12-10 23:27 - 2015-05-01 06:49 - 00000000 ___HD C:\Program Files\AVG Web TuneUp
2015-12-10 23:27 - 2015-05-01 06:49 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-12-10 20:29 - 2014-01-28 20:24 - 00000966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-12-10 20:29 - 2013-08-21 18:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2015-12-10 20:26 - 2013-08-21 18:27 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-12-10 20:26 - 2013-08-21 18:27 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-12-10 20:26 - 2013-08-21 18:27 - 00035328 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-12-09 11:50 - 2013-06-17 18:43 - 00000000 ____D C:\Users\Tricia\AppData\Local\Packages
2015-12-09 09:11 - 2013-08-21 19:06 - 00002165 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-08 21:33 - 2015-05-29 22:38 - 00003848 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-341979965-2309638416-527897743-1011
2015-12-08 21:33 - 2015-02-27 08:43 - 00003752 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-341979965-2309638416-527897743-1011
2015-12-08 07:09 - 2013-08-22 08:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-07 08:32 - 2014-05-26 09:27 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Springboard Information
2015-12-07 08:04 - 2014-03-10 18:17 - 00000000 ____D C:\Users\Springboard General.Springboard\AppData\Local\Packages
2015-12-06 09:30 - 2014-03-11 20:13 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Tricia
2015-12-06 08:48 - 2014-03-11 19:52 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Jerzie
2015-12-04 04:04 - 2013-08-21 19:05 - 00003902 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 04:04 - 2013-08-21 19:05 - 00003666 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 20:05 - 2014-06-27 13:37 - 00003216 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSPRINGBOARD$
2015-12-03 20:05 - 2014-06-27 13:37 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSPRINGBOARD$.job
2015-12-03 08:58 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-03 08:46 - 2014-03-11 19:54 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Springboard Forms for Email
2015-11-30 07:16 - 2013-02-13 14:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-30 07:16 - 2013-02-13 14:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-11-28 19:51 - 2013-02-13 14:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-11-28 19:51 - 2013-02-13 14:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-28 19:51 - 2013-02-13 14:26 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-28 19:48 - 2012-10-11 22:24 - 00000000 ____D C:\SWSETUP
2015-11-25 14:32 - 2014-06-13 13:37 - 00003176 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForTricia
2015-11-25 14:32 - 2014-06-13 13:37 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForTricia.job
2015-11-24 20:29 - 2014-03-10 18:16 - 00000000 ____D C:\Users\Springboard General.Springboard
2015-11-24 20:29 - 2014-03-07 21:49 - 00000000 ____D C:\Users\Tricia
2015-11-24 20:26 - 2013-08-22 09:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-22 11:36 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-22 11:34 - 2013-02-13 14:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-22 11:33 - 2014-01-28 20:24 - 00001926 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-11-22 11:31 - 2013-08-21 18:27 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2015-11-22 11:31 - 2013-08-21 18:27 - 00107008 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll.000.bak
2015-11-18 15:03 - 2014-07-30 14:08 - 00009427 _____ C:\Users\Tricia\Desktop\Girls Paid through.xlsx
2015-11-18 07:29 - 2014-03-11 19:54 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\Springboard Therapy Logo
2015-11-16 07:37 - 2014-05-10 11:20 - 00000000 ____D C:\Users\Springboard General.Springboard\AppData\Local\Microsoft Help
2015-11-14 17:00 - 2013-08-22 09:44 - 00489744 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-14 16:59 - 2013-08-22 08:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-11-14 10:14 - 2015-01-08 17:32 - 00000000 ____D C:\Users\Springboard General.Springboard\Documents\MWdocs
2015-11-14 09:24 - 2015-04-03 13:58 - 00000943 _____ C:\Users\Public\Desktop\AVG 2015.lnk
2015-11-14 09:24 - 2015-04-03 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-11-13 17:29 - 2013-11-14 02:28 - 00956540 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-13 17:29 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Inf
 
Some files in TEMP:
====================
C:\Users\Springboard General.Springboard\AppData\Local\Temp\Extract.exe
C:\Users\Springboard General.Springboard\AppData\Local\Temp\SP64353.exe
C:\Users\Tricia\AppData\Local\Temp\Abspdf.exe
C:\Users\Tricia\AppData\Local\Temp\acfpdfu.dll
C:\Users\Tricia\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Tricia\AppData\Local\Temp\acfpdfui.dll
C:\Users\Tricia\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Tricia\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Tricia\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Tricia\AppData\Local\Temp\cdintf.dll
C:\Users\Tricia\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\Tricia\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Tricia\AppData\Local\Temp\sp64126.exe
C:\Users\Tricia\AppData\Local\Temp\TeamViewer.exe
C:\Users\Tricia\AppData\Local\Temp\TeamViewer_Desktop.exe
C:\Users\Tricia\AppData\Local\Temp\TeamViewer_Resource_en.dll
C:\Users\Tricia\AppData\Local\Temp\TeamViewer_Service.exe
C:\Users\Tricia\AppData\Local\Temp\tv_w32.dll
C:\Users\Tricia\AppData\Local\Temp\tv_w32.exe
C:\Users\Tricia\AppData\Local\Temp\tv_x64.dll
C:\Users\Tricia\AppData\Local\Temp\tv_x64.exe
C:\Users\Tricia\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Tricia\AppData\Local\Temp\xmllite.dll
C:\Users\Tricia\AppData\Local\Temp\_is53DB.exe
C:\Users\Tricia\AppData\Local\Temp\_is8515.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-10 06:21
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by Springboard General (2015-12-12 19:07:25)
Running from C:\Users\Springboard General.Springboard\Desktop
Windows 8.1 (Update 1) (X64) (2014-03-08 03:01:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-341979965-2309638416-527897743-500 - Administrator - Disabled)
Guest (S-1-5-21-341979965-2309638416-527897743-501 - Limited - Enabled)
Springboard General (S-1-5-21-341979965-2309638416-527897743-1011 - Administrator - Enabled) => C:\Users\Springboard General.Springboard
Tricia (S-1-5-21-341979965-2309638416-527897743-1001 - Administrator - Enabled) => C:\Users\Tricia
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4483 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.3.128 - AVG Technologies)
Az-Tech Rockey4 Device Drivers 6.2.6 (HKLM-x32\...\{4661750E-05A6-11DC-B729-0A0156D89593}) (Version: 6.2.6.0 - Az-Tech Software, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J450DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5630 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4605 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.7.0.4062 (HKU\S-1-5-21-341979965-2309638416-527897743-1011\...\GoToMeeting) (Version: 7.7.0.4062 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
IMPro Universe 9.0 (HKLM-x32\...\{0E811BA9-7B46-4069-A595-734188686F73}_is1) (Version: 9.0 - Interactive Metronome, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3325 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Interactive Metronome 8.3 (HKLM-x32\...\IMPro8.3) (Version: 8.3 - Interactive Metronome, Inc)
join.me (HKU\S-1-5-21-341979965-2309638416-527897743-1001\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
join.me (HKU\S-1-5-21-341979965-2309638416-527897743-1011\...\JoinMe) (Version: 1.20.0.116 - LogMeIn, Inc.)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{26F88B15-E5F0-47D2-8176-1A9312DD44AD}) (Version: 1.3.1648 - LogMeIn, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-341979965-2309638416-527897743-1001\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-341979965-2309638416-527897743-1011\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4004.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5826 - CyberLink Corp.) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
SIPT  Installation 1.000 (HKLM-x32\...\{5A71C7F1-5133-4357-AFEC-C787911B822A}) (Version: 6.213.0000 - WPS)
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.5.1 - startisback.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-341979965-2309638416-527897743-1011_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Springboard General.Springboard\AppData\Local\Citrix\GoToMeeting\2331\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
06-12-2015 06:40:37 Scheduled Checkpoint
12-12-2015 18:24:57 Removed HP Registration Service.
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC5BC03-A141-4F98-B431-FD125560B671} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1491B7CB-2FD5-4EEB-8C54-A65D8601A3F1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {16BBA619-9E79-468B-A921-2CD00738729E} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341979965-2309638416-527897743-1001 => C:\Users\Springboard General.Springboard\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
Task: {2484DF2B-E835-4059-B739-F01714D94358} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2556899C-030A-47D5-A69E-1B2A390DAD68} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {2E58528B-8716-4CBD-818F-979D434D0821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {30FF3124-9254-436A-B64D-A4F2AF8CE4A5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {35CEEA10-F86D-49D5-87AF-6B84374B0364} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)
Task: {67966A52-B901-4A43-923F-01FE79B9C90F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {7B968BDC-1667-4498-93D2-55FC895B2BB9} - System32\Tasks\G2MUpdateTask-S-1-5-21-341979965-2309638416-527897743-1011 => C:\Users\Springboard General.Springboard\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exe [2015-12-08] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7D7FCE0F-F27D-4592-9279-C990FD4B46FF} - System32\Tasks\HPCeeScheduleForTricia => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B675FF94-602A-4BB7-8D13-79117051FD3C} - System32\Tasks\G2MUploadTask-S-1-5-21-341979965-2309638416-527897743-1011 => C:\Users\Springboard General.Springboard\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exe [2015-12-08] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {C1E26501-322A-47E9-A4F5-4E9F3B59F424} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-19] (Microsoft Corporation)
Task: {C7A5D6D7-7E3B-4F7E-887A-2A8F051476F4} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341979965-2309638416-527897743-1011 => C:\Users\Springboard General.Springboard\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-12-11] (Microsoft Corporation)
Task: {D1387823-DA93-4D2A-94E1-175148CC7032} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E14175C1-C94F-41F8-B982-09BD8A9CDB9E} - System32\Tasks\HPCeeScheduleForSPRINGBOARD$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {EEFAADD4-1A16-46C9-B743-DF65EF477504} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {FA19BA88-464F-4374-AB46-77D2EEBC493E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-341979965-2309638416-527897743-1011.job => C:\Users\Springboard General.Springboard\AppData\Local\Citrix\GoToMeeting\4062\g2mupdate.exeOC:\Users\Springboard General.Spr
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-341979965-2309638416-527897743-1011.job => C:\Users\Springboard General.Springboard\AppData\Local\Citrix\GoToMeeting\4062\g2mupload.exeOC:\Users\Springboard General.Spr
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSPRINGBOARD$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForTricia.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-23 09:00 - 2015-11-19 04:26 - 00162472 ____H () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-05-01 06:49 - 2015-12-10 23:27 - 01164688 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-12-10 23:27 - 2015-12-10 23:27 - 00192912 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\loggingserver.exe
2013-10-21 14:52 - 2013-10-21 14:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-05-01 06:49 - 2015-12-10 23:27 - 02811792 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-11-20 05:43 - 2015-11-01 05:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-10 23:27 - 2015-12-10 23:27 - 01393040 _____ () C:\Program Files (x86)\AVG Web TuneUp\CefHost.exe
2014-11-14 15:32 - 2014-11-14 15:32 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-03-11 07:29 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-12-10 23:27 - 2015-12-10 23:27 - 00533904 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.3\log4cplusU.dll
2014-12-10 06:29 - 2014-12-10 06:29 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2015-12-09 09:11 - 2015-12-04 16:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-09 09:11 - 2015-12-04 16:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
2013-02-13 14:34 - 2012-06-07 22:34 - 00627216 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-12-10 06:29 - 2014-12-10 06:29 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-12-10 06:29 - 2014-12-10 06:29 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2013-12-02 17:27 - 2013-12-02 17:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-12-10 06:29 - 2014-12-10 06:29 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-12-10 06:29 - 2014-12-10 06:29 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00087368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetBridge.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00104264 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\IPDWidgetInterop.dll
2014-12-10 06:31 - 2014-12-10 06:31 - 00501576 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\SyncManagerUtils.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QB2WPFBridge.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00129352 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\ReportBridge.dll
2014-12-10 06:31 - 2014-12-10 06:31 - 00115016 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\Webification.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00060232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\htmlhelper.dll
2014-12-10 06:30 - 2014-12-10 06:30 - 00762696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\HPD.dll
2015-11-20 05:38 - 2015-11-20 05:38 - 00149160 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2014-12-10 03:30 - 2014-12-10 03:30 - 00146248 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\qbar.dll
2015-05-01 06:49 - 2015-12-10 23:27 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-341979965-2309638416-527897743-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-341979965-2309638416-527897743-1011\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{78CC7319-B7AF-494E-B82A-C0499AB35FA4}] => (Allow) LPort=1900
FirewallRules: [{6272B289-6871-42A2-A754-5B70C09FDA0E}] => (Allow) LPort=2869
FirewallRules: [{28813AB7-1A86-433A-B842-01B576A8885E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4FCB9E9F-D92F-4C90-912B-9726D891497F}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{64BD10DD-63B3-428E-AC64-02196B89980C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{1D79EEA7-829E-4B99-98E3-C55DD5A19B7C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3A149DFA-B156-485F-8D72-721E4AF664DD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{93BB2399-6315-4D95-9EDF-09CDB291437B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD23543B-A945-44A3-A3F9-40F7E475858F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{390D639C-7155-4FC1-8985-A7B01481CCB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{15E9C5C6-5D94-456E-A913-09D1641D6853}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{ADD2FE42-E7FA-4E63-B997-A928234EE82C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2FB88DF9-611C-4519-82C0-D9AED380F054}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{8BB8DBC5-872F-4E9D-BA74-021470ACE648}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{09A49D63-0650-47EF-9AC7-82543301B956}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{19F6218E-EFCA-4036-85C1-83201257F2CD}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{07EB6EB1-D929-4506-A69B-DD25656D13A0}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{5B541E00-5BD6-4A61-A7F7-4E06B50515FC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{F21EC7C2-7912-4AF4-B226-17A85433ABC2}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7CA5EF45-5BBD-4F7D-83EE-5EFA4D160BD6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2015 06:04:35 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (12/12/2015 04:30:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (12/12/2015 04:01:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (1804) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after svchost0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (12/12/2015 04:01:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (1804) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after svchost0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (12/12/2015 04:00:02 PM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (1804) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
 
Error: (12/12/2015 04:00:02 PM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (1804) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUtmp.log" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after svchost0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (12/12/2015 03:47:41 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2115-11-18T20:47:40Z. Error Code: 0x80070070.
 
Error: (12/12/2015 03:01:00 PM) (Source: ESENT) (EventID: 482) (User: )
Description: svchost (1804) SRUJet: An attempt to write to the file "C:\WINDOWS\system32\SRU\SRUres00002.jrs" at offset 0 (0x0000000000000000) for 65536 (0x00010000) bytes failed after svchost0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (12/12/2015 03:00:03 PM) (Source: ESENT) (EventID: 428) (User: )
Description: svchost (1804) SRUJet: The database engine is rejecting update operations due to low free disk space on the log disk.
 
Error: (12/12/2015 01:41:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avgmfapx.exe, version: 15.0.0.6176, time stamp: 0x5633516f
Faulting module name: avgmfapx.exe, version: 15.0.0.6176, time stamp: 0x5633516f
Exception code: 0xc0000005
Fault offset: 0x002705d3
Faulting process id: 0x39f8
Faulting application start time: 0xavgmfapx.exe0
Faulting application path: avgmfapx.exe1
Faulting module path: avgmfapx.exe2
Report Id: avgmfapx.exe3
Faulting package full name: avgmfapx.exe4
Faulting package-relative application ID: avgmfapx.exe5
 
 
System errors:
=============
Error: (12/12/2015 05:25:54 PM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/11/2015 05:31:22 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1053defragsvcUnavailable{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 
Error: (12/11/2015 05:31:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Optimize drives service failed to start due to the following error: 
%%1053
 
Error: (12/11/2015 05:31:21 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimize drives service to connect.
 
Error: (12/11/2015 05:30:13 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/11/2015 05:29:42 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/10/2015 06:22:00 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/10/2015 06:21:30 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (12/09/2015 05:00:00 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (12/09/2015 04:59:29 AM) (Source: DCOM) (EventID: 10010) (User: Springboard)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3220T CPU @ 2.80GHz
Percentage of memory in use: 72%
Total physical RAM: 3966.65 MB
Available physical RAM: 1071.43 MB
Total Virtual: 7251.63 MB
Available Virtual: 2733.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:447.85 GB) (Free:3.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:16.09 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 70293586)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP

I don't usually work on Win 8 systems but it doesn't look like malware and I wonder if this one is backing up the c: drive on the c:

 

Go in to Control Panel, Backup & Recovery and see if it is set up to backup to a drive.  Make sure it's not using the C drive.

 

 

 

Let's let FRST clear the temp files and see if that helps any

 

 

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP