Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Win 7 Slow to load on startup, sometimes slow internet

Started by monkeyboyblues , Jun 19 2016 10:54 AM

Windows 7 problems

Please log in to reply

#1
monkeyboyblues

Posted 19 June 2016 - 10:54 AM

Member

Member
146 posts

Many times wifi won't load while still showing connection. It will just be searching to lad the page.

Also, downloading large files is a problem.

Thanks for your help.

#2
RKinner

Posted 19 June 2016 - 04:41 PM

Malware Expert

Expert
24,625 posts

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
monkeyboyblues

Posted 20 June 2016 - 10:29 AM

Member

Topic Starter
Member
146 posts

# AdwCleaner v5.200 - Logfile created 20/06/2016 at 11:54:11
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Luke - RPLUKE-PC
# Running from : C:\Users\Luke\Downloads\AdwCleaner(1).exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\slimware utilities inc
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\slimware utilities inc
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\slimcleaner plus
[-] Folder Deleted : C:\Program Files (x86)\Coupons
[-] Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
[-] Folder Deleted : C:\Program Files\slimcleaner plus
[-] Folder Deleted : C:\Program Files\slimservice

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Public\Desktop\slimcleaner plus.lnk

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : SlimCleaner Plus (Scheduled Scan - rpluke)
[-] Task Deleted : SlimCleaner Plus (Scheduled Scan - rpluke)

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key Deleted : HKU\S-1-5-21-2233979149-4233434921-1847507767-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKU\S-1-5-21-2233979149-4233434921-1847507767-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AppDataLow\Software\Freecause
[-] Key Deleted : HKU\S-1-5-21-2233979149-4233434921-1847507767-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
[-] Key Deleted : HKU\S-1-5-21-2233979149-4233434921-1847507767-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{034D35DF-73AB-494A-B194-4B82EE4E7055}
[-] Key Deleted : HKU\S-1-5-21-2233979149-4233434921-1847507767-1000.bak-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\apnews.myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\azlyrics.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\directionsace.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mapsgalaxy.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\radiorage.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\researchresults.com

***** [ Web browsers ] *****

[-] [C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4677 bytes] - [20/06/2016 11:54:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [4545 bytes] - [20/06/2016 11:49:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4823 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Luke (Administrator) on Mon 06/20/2016 at 12:06:11.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 292

Failed to delete: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RBBQ4VQ (Temporary Internet Files Folder)
Failed to delete: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GE6BJA3 (Temporary Internet Files Folder)
Failed to delete: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65MQPREB (Temporary Internet Files Folder)
Failed to delete: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C2QK0TM (Temporary Internet Files Folder)
Failed to delete: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT4OGCKA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\couponprinter.ocx (File)
Successfully deleted: C:\windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\windows\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\ProgramData\SPL1.tmp (File)
Successfully deleted: C:\ProgramData\SPL1195.tmp (File)
Successfully deleted: C:\ProgramData\SPL11C5.tmp (File)
Successfully deleted: C:\ProgramData\SPL1365.tmp (File)
Successfully deleted: C:\ProgramData\SPL1368.tmp (File)
Successfully deleted: C:\ProgramData\SPL1564.tmp (File)
Successfully deleted: C:\ProgramData\SPL188D.tmp (File)
Successfully deleted: C:\ProgramData\SPL19F9.tmp (File)
Successfully deleted: C:\ProgramData\SPL1B65.tmp (File)
Successfully deleted: C:\ProgramData\SPL1B95.tmp (File)
Successfully deleted: C:\ProgramData\SPL1C15.tmp (File)
Successfully deleted: C:\ProgramData\SPL1C56.tmp (File)
Successfully deleted: C:\ProgramData\SPL1E05.tmp (File)
Successfully deleted: C:\ProgramData\SPL23C8.tmp (File)
Successfully deleted: C:\ProgramData\SPL258D.tmp (File)
Successfully deleted: C:\ProgramData\SPL26A3.tmp (File)
Successfully deleted: C:\ProgramData\SPL26D9.tmp (File)
Successfully deleted: C:\ProgramData\SPL28D2.tmp (File)
Successfully deleted: C:\ProgramData\SPL2903.tmp (File)
Successfully deleted: C:\ProgramData\SPL2906.tmp (File)
Successfully deleted: C:\ProgramData\SPL2970.tmp (File)
Successfully deleted: C:\ProgramData\SPL2A8.tmp (File)
Successfully deleted: C:\ProgramData\SPL2B38.tmp (File)
Successfully deleted: C:\ProgramData\SPL2DA5.tmp (File)
Successfully deleted: C:\ProgramData\SPL2E5F.tmp (File)
Successfully deleted: C:\ProgramData\SPL3156.tmp (File)
Successfully deleted: C:\ProgramData\SPL32C7.tmp (File)
Successfully deleted: C:\ProgramData\SPL3309.tmp (File)
Successfully deleted: C:\ProgramData\SPL338F.tmp (File)
Successfully deleted: C:\ProgramData\SPL346B.tmp (File)
Successfully deleted: C:\ProgramData\SPL35A0.tmp (File)
Successfully deleted: C:\ProgramData\SPL39E1.tmp (File)
Successfully deleted: C:\ProgramData\SPL3A42.tmp (File)
Successfully deleted: C:\ProgramData\SPL3CDF.tmp (File)
Successfully deleted: C:\ProgramData\SPL3EE2.tmp (File)
Successfully deleted: C:\ProgramData\SPL3F68.tmp (File)
Successfully deleted: C:\ProgramData\SPL3FB1.tmp (File)
Successfully deleted: C:\ProgramData\SPL4087.tmp (File)
Successfully deleted: C:\ProgramData\SPL4967.tmp (File)
Successfully deleted: C:\ProgramData\SPL49A.tmp (File)
Successfully deleted: C:\ProgramData\SPL49B.tmp (File)
Successfully deleted: C:\ProgramData\SPL4A17.tmp (File)
Successfully deleted: C:\ProgramData\SPL4AA6.tmp (File)
Successfully deleted: C:\ProgramData\SPL5088.tmp (File)
Successfully deleted: C:\ProgramData\SPL533D.tmp (File)
Successfully deleted: C:\ProgramData\SPL538C.tmp (File)
Successfully deleted: C:\ProgramData\SPL53ED.tmp (File)
Successfully deleted: C:\ProgramData\SPL5548.tmp (File)
Successfully deleted: C:\ProgramData\SPL564D.tmp (File)
Successfully deleted: C:\ProgramData\SPL56E3.tmp (File)
Successfully deleted: C:\ProgramData\SPL5772.tmp (File)
Successfully deleted: C:\ProgramData\SPL5A8C.tmp (File)
Successfully deleted: C:\ProgramData\SPL5B9A.tmp (File)
Successfully deleted: C:\ProgramData\SPL5C4C.tmp (File)
Successfully deleted: C:\ProgramData\SPL5C52.tmp (File)
Successfully deleted: C:\ProgramData\SPL5DDC.tmp (File)
Successfully deleted: C:\ProgramData\SPL5FCE.tmp (File)
Successfully deleted: C:\ProgramData\SPL60C6.tmp (File)
Successfully deleted: C:\ProgramData\SPL6159.tmp (File)
Successfully deleted: C:\ProgramData\SPL624E.tmp (File)
Successfully deleted: C:\ProgramData\SPL6386.tmp (File)
Successfully deleted: C:\ProgramData\SPL63A0.tmp (File)
Successfully deleted: C:\ProgramData\SPL64BE.tmp (File)
Successfully deleted: C:\ProgramData\SPL6663.tmp (File)
Successfully deleted: C:\ProgramData\SPL68B1.tmp (File)
Successfully deleted: C:\ProgramData\SPL6BEA.tmp (File)
Successfully deleted: C:\ProgramData\SPL6D7A.tmp (File)
Successfully deleted: C:\ProgramData\SPL6EB7.tmp (File)
Successfully deleted: C:\ProgramData\SPL6F88.tmp (File)
Successfully deleted: C:\ProgramData\SPL72C0.tmp (File)
Successfully deleted: C:\ProgramData\SPL77B2.tmp (File)
Successfully deleted: C:\ProgramData\SPL7829.tmp (File)
Successfully deleted: C:\ProgramData\SPL78D7.tmp (File)
Successfully deleted: C:\ProgramData\SPL7CC0.tmp (File)
Successfully deleted: C:\ProgramData\SPL7D1F.tmp (File)
Successfully deleted: C:\ProgramData\SPL7EC4.tmp (File)
Successfully deleted: C:\ProgramData\SPL82E5.tmp (File)
Successfully deleted: C:\ProgramData\SPL8369.tmp (File)
Successfully deleted: C:\ProgramData\SPL8504.tmp (File)
Successfully deleted: C:\ProgramData\SPL8555.tmp (File)
Successfully deleted: C:\ProgramData\SPL8631.tmp (File)
Successfully deleted: C:\ProgramData\SPL8747.tmp (File)
Successfully deleted: C:\ProgramData\SPL877.tmp (File)
Successfully deleted: C:\ProgramData\SPL8883.tmp (File)
Successfully deleted: C:\ProgramData\SPL89AA.tmp (File)
Successfully deleted: C:\ProgramData\SPL89C2.tmp (File)
Successfully deleted: C:\ProgramData\SPL8A6C.tmp (File)
Successfully deleted: C:\ProgramData\SPL8B41.tmp (File)
Successfully deleted: C:\ProgramData\SPL8C40.tmp (File)
Successfully deleted: C:\ProgramData\SPL8F9A.tmp (File)
Successfully deleted: C:\ProgramData\SPL904.tmp (File)
Successfully deleted: C:\ProgramData\SPL90AA.tmp (File)
Successfully deleted: C:\ProgramData\SPL9119.tmp (File)
Successfully deleted: C:\ProgramData\SPL9141.tmp (File)
Successfully deleted: C:\ProgramData\SPL91B1.tmp (File)
Successfully deleted: C:\ProgramData\SPL9319.tmp (File)
Successfully deleted: C:\ProgramData\SPL93C8.tmp (File)
Successfully deleted: C:\ProgramData\SPL95BA.tmp (File)
Successfully deleted: C:\ProgramData\SPL9694.tmp (File)
Successfully deleted: C:\ProgramData\SPL9720.tmp (File)
Successfully deleted: C:\ProgramData\SPL9953.tmp (File)
Successfully deleted: C:\ProgramData\SPL9989.tmp (File)
Successfully deleted: C:\ProgramData\SPL99A9.tmp (File)
Successfully deleted: C:\ProgramData\SPL9A6E.tmp (File)
Successfully deleted: C:\ProgramData\SPL9AE6.tmp (File)
Successfully deleted: C:\ProgramData\SPL9BD9.tmp (File)
Successfully deleted: C:\ProgramData\SPL9C3.tmp (File)
Successfully deleted: C:\ProgramData\SPL9D2A.tmp (File)
Successfully deleted: C:\ProgramData\SPL9D97.tmp (File)
Successfully deleted: C:\ProgramData\SPL9E45.tmp (File)
Successfully deleted: C:\ProgramData\SPL9F2.tmp (File)
Successfully deleted: C:\ProgramData\SPLA0B5.tmp (File)
Successfully deleted: C:\ProgramData\SPLA0F9.tmp (File)
Successfully deleted: C:\ProgramData\SPLA61C.tmp (File)
Successfully deleted: C:\ProgramData\SPLA67B.tmp (File)
Successfully deleted: C:\ProgramData\SPLA6F3.tmp (File)
Successfully deleted: C:\ProgramData\SPLA7C4.tmp (File)
Successfully deleted: C:\ProgramData\SPLA857.tmp (File)
Successfully deleted: C:\ProgramData\SPLA89D.tmp (File)
Successfully deleted: C:\ProgramData\SPLA8C0.tmp (File)
Successfully deleted: C:\ProgramData\SPLAC58.tmp (File)
Successfully deleted: C:\ProgramData\SPLADD9.tmp (File)
Successfully deleted: C:\ProgramData\SPLAE7A.tmp (File)
Successfully deleted: C:\ProgramData\SPLAF50.tmp (File)
Successfully deleted: C:\ProgramData\SPLB306.tmp (File)
Successfully deleted: C:\ProgramData\SPLB358.tmp (File)
Successfully deleted: C:\ProgramData\SPLB386.tmp (File)
Successfully deleted: C:\ProgramData\SPLB657.tmp (File)
Successfully deleted: C:\ProgramData\SPLB685.tmp (File)
Successfully deleted: C:\ProgramData\SPLB75.tmp (File)
Successfully deleted: C:\ProgramData\SPLBA1B.tmp (File)
Successfully deleted: C:\ProgramData\SPLBC37.tmp (File)
Successfully deleted: C:\ProgramData\SPLBCAA.tmp (File)
Successfully deleted: C:\ProgramData\SPLBDF9.tmp (File)
Successfully deleted: C:\ProgramData\SPLBFD3.tmp (File)
Successfully deleted: C:\ProgramData\SPLC033.tmp (File)
Successfully deleted: C:\ProgramData\SPLC063.tmp (File)
Successfully deleted: C:\ProgramData\SPLC0C0.tmp (File)
Successfully deleted: C:\ProgramData\SPLC323.tmp (File)
Successfully deleted: C:\ProgramData\SPLC532.tmp (File)
Successfully deleted: C:\ProgramData\SPLC683.tmp (File)
Successfully deleted: C:\ProgramData\SPLC861.tmp (File)
Successfully deleted: C:\ProgramData\SPLC9B8.tmp (File)
Successfully deleted: C:\ProgramData\SPLCA39.tmp (File)
Successfully deleted: C:\ProgramData\SPLCA90.tmp (File)
Successfully deleted: C:\ProgramData\SPLCB0E.tmp (File)
Successfully deleted: C:\ProgramData\SPLCCF2.tmp (File)
Successfully deleted: C:\ProgramData\SPLD181.tmp (File)
Successfully deleted: C:\ProgramData\SPLD4CC.tmp (File)
Successfully deleted: C:\ProgramData\SPLD659.tmp (File)
Successfully deleted: C:\ProgramData\SPLD7A7.tmp (File)
Successfully deleted: C:\ProgramData\SPLD846.tmp (File)
Successfully deleted: C:\ProgramData\SPLD913.tmp (File)
Successfully deleted: C:\ProgramData\SPLD98C.tmp (File)
Successfully deleted: C:\ProgramData\SPLDAB3.tmp (File)
Successfully deleted: C:\ProgramData\SPLDB89.tmp (File)
Successfully deleted: C:\ProgramData\SPLDF2B.tmp (File)
Successfully deleted: C:\ProgramData\SPLE108.tmp (File)
Successfully deleted: C:\ProgramData\SPLE16C.tmp (File)
Successfully deleted: C:\ProgramData\SPLE1A7.tmp (File)
Successfully deleted: C:\ProgramData\SPLE36C.tmp (File)
Successfully deleted: C:\ProgramData\SPLE36D.tmp (File)
Successfully deleted: C:\ProgramData\SPLE548.tmp (File)
Successfully deleted: C:\ProgramData\SPLE562.tmp (File)
Successfully deleted: C:\ProgramData\SPLE676.tmp (File)
Successfully deleted: C:\ProgramData\SPLE789.tmp (File)
Successfully deleted: C:\ProgramData\SPLE89D.tmp (File)
Successfully deleted: C:\ProgramData\SPLE917.tmp (File)
Successfully deleted: C:\ProgramData\SPLEA9D.tmp (File)
Successfully deleted: C:\ProgramData\SPLEBA4.tmp (File)
Successfully deleted: C:\ProgramData\SPLEC1A.tmp (File)
Successfully deleted: C:\ProgramData\SPLEC40.tmp (File)
Successfully deleted: C:\ProgramData\SPLEDF4.tmp (File)
Successfully deleted: C:\ProgramData\SPLEE25.tmp (File)
Successfully deleted: C:\ProgramData\SPLEF7.tmp (File)
Successfully deleted: C:\ProgramData\SPLF1F4.tmp (File)
Successfully deleted: C:\ProgramData\SPLF49.tmp (File)
Successfully deleted: C:\ProgramData\SPLF605.tmp (File)
Successfully deleted: C:\ProgramData\SPLF68E.tmp (File)
Successfully deleted: C:\ProgramData\SPLF778.tmp (File)
Successfully deleted: C:\ProgramData\SPLF879.tmp (File)
Successfully deleted: C:\ProgramData\SPLF8D2.tmp (File)
Successfully deleted: C:\ProgramData\SPLFAA1.tmp (File)
Successfully deleted: C:\ProgramData\SPLFC8.tmp (File)
Successfully deleted: C:\ProgramData\SPLFD84.tmp (File)
Successfully deleted: C:\ProgramData\SPLFED0.tmp (File)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UYU0P7I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GMYKTVK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNB53T8C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRJJC51W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2S96R0F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHN2DC5V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQFIA8LT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFKRLPDC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPLAMO1W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ6S0C6I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDMLDXT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Luke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPDP0TCE (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0RBBQ4VQ (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GE6BJA3 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65MQPREB (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6UYU0P7I (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8GMYKTVK (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9C2QK0TM (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNB53T8C (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRJJC51W (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F2S96R0F (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHN2DC5V (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQFIA8LT (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT4OGCKA (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFKRLPDC (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NPLAMO1W (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VJ6S0C6I (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDMLDXT (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZPDP0TCE (Temporary Internet Files Folder)
Successfully deleted: C:\windows\SysWOW64\sho115.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho1248.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho12A0.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho1427.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho187B.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho1EB5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho207A.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho20A7.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho21F.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho225E.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho2B08.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho2E6F.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho2FA.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho2FAF.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho3321.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho3552.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho3B3B.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho3C44.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho4027.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho40B5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho4517.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho48E1.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho4AF2.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho5AA9.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho5DD5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho5E7.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho5F5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho60C3.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho6566.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho6D80.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho7172.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho7174.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho72FC.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho784B.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho7992.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho7AB9.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho8130.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho8341.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho85C2.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho88D6.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho91B1.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9338.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9626.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho98B3.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9996.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9C1D.tmp (File)
Successfully deleted: C:\windows\SysWOW64\sho9C8A.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoA603.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoA66B.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoAB69.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoAC5.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoB74E.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoB806.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoBB18.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoC08F.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoC0E.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoD191.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoD436.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoD4E8.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoD923.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoDB4F.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoDD04.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoE1F3.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoE61A.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoE6FE.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoEEE4.tmp (File)
Successfully deleted: C:\windows\SysWOW64\shoF4B5.tmp (File)

Registry: 4

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SlimService (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/20/2016 at 12:13:25.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by Luke (administrator) on RPLUKE-PC (20-06-2016 12:19:21)
Running from C:\Users\Luke\Downloads
Loaded Profiles: QBDataServiceUser24 & Luke (Available Profiles: Richard P. Luke & QBDataServiceUser24 & Luke)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.223.2074.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1065032 2012-09-13] (Carbonite, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-10-08] (Google)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2012-09-13] (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2586DD56-5E75-4A1E-B93F-90A97320C324}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8184F250-DCBA-43B6-A3C2-6B773F6C6F7E}: [DhcpNameServer] 192.168.1.1 71.250.0.12

Internet Explorer:
==================
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-24] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll [2010-05-03] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-05-08] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-05-08] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\sq7f9n4y.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-08-24] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-05-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-08] (Google)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 lxdi_device; C:\windows\SysWOW64\lxdicoms.exe [517040 2007-06-11] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-06-26] (Intuit, Inc.) [File not signed]
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 12:19 - 2016-06-20 12:20 - 00019249 _____ C:\Users\Luke\Downloads\FRST.txt
2016-06-20 12:18 - 2016-06-20 12:19 - 00000000 ____D C:\FRST
2016-06-20 12:17 - 2016-06-20 12:17 - 02387456 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe
2016-06-20 12:14 - 2016-06-20 12:14 - 00004906 _____ C:\Users\Luke\Desktop\AdwCleaner[C1].txt
2016-06-20 12:13 - 2016-06-20 12:15 - 00022098 _____ C:\Users\Luke\Desktop\JRT.txt
2016-06-20 12:04 - 2016-06-20 12:04 - 01610816 _____ (Malwarebytes) C:\Users\Luke\Downloads\JRT.exe
2016-06-20 11:48 - 2016-06-20 11:54 - 00000000 ____D C:\AdwCleaner
2016-06-20 11:48 - 2016-06-20 11:48 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner(1).exe
2016-06-20 11:46 - 2016-06-20 11:46 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner.exe
2016-06-20 11:44 - 2016-06-20 11:44 - 00000000 ____D C:\Users\Luke\AppData\Local\Macromedia
2016-06-20 11:38 - 2016-06-20 11:45 - 00000000 ____D C:\Users\Luke\AppData\Local\Mozilla
2016-06-20 11:38 - 2016-06-20 11:39 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Mozilla
2016-06-20 11:37 - 2016-06-20 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-20 11:37 - 2016-06-20 11:37 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-20 11:35 - 2016-06-20 11:36 - 00242136 _____ C:\Users\Luke\Desktop\Firefox Setup Stub 47.0.exe
2016-06-17 20:23 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-17 20:23 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-17 20:23 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-17 20:23 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-17 20:23 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-17 20:23 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-17 20:23 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-17 20:23 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-17 20:23 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-17 20:23 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-17 20:23 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-17 20:23 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-17 20:23 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-17 20:23 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-17 20:23 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-17 20:23 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-17 20:22 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-17 20:22 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-17 15:24 - 2016-06-17 15:24 - 00000000 ____D C:\Users\Luke\AppData\Roaming\TeamViewer
2016-06-17 13:04 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-17 13:04 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-17 13:04 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-17 13:03 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-17 13:03 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-17 13:03 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-17 13:03 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-17 13:03 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-17 13:02 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-17 13:02 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-17 13:02 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-17 13:02 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-17 13:02 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-17 13:02 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-17 13:02 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-17 13:02 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-17 13:02 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-17 13:02 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-06-17 13:02 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-06-17 13:02 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-06-17 13:02 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-06-17 13:01 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-17 13:01 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-17 13:01 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-08 17:27 - 2016-06-08 17:27 - 04260592 _____ C:\Users\Luke\Desktop\trim66.7087D436-D603-4598-923A-6C6D86AC154C.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 12:10 - 2012-11-02 20:10 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 12:08 - 2015-06-22 12:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 12:08 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 12:08 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 11:59 - 2013-12-18 11:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-06-20 11:58 - 2012-11-02 20:10 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 11:57 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-20 11:23 - 2011-09-21 11:02 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA.job
2016-06-19 18:57 - 2011-08-24 03:01 - 00000000 ____D C:\ProgramData\Sonic
2016-06-19 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-06-19 14:23 - 2011-09-21 11:02 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core.job
2016-06-18 13:20 - 2011-11-21 08:15 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\Google
2016-06-18 11:04 - 2009-07-14 00:45 - 00873560 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-18 11:01 - 2014-12-11 04:35 - 00000000 ____D C:\windows\system32\appraiser
2016-06-17 20:39 - 2013-08-15 03:02 - 00000000 ____D C:\windows\system32\MRT
2016-06-17 20:20 - 2011-09-06 09:21 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-17 15:24 - 2015-06-28 21:07 - 00000000 ____D C:\Users\Luke\AppData\Local\Google
2016-06-16 16:50 - 2013-12-18 11:08 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 16:50 - 2013-12-18 11:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 16:50 - 2011-08-24 02:31 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 19:31 - 2013-12-16 18:29 - 00889344 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.bcf
2016-06-14 19:31 - 2013-12-16 18:29 - 00330643 _____ C:\Users\Luke\Documents\Christmas Card List 2013.mlb
2016-06-14 19:31 - 2013-12-16 18:29 - 00002396 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.fsif
2016-06-14 19:31 - 2013-12-16 18:29 - 00001748 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.msif
2016-06-14 17:33 - 2009-07-14 01:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-14 17:33 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-14 10:30 - 2014-10-10 15:28 - 00000000 ____D C:\Users\Luke\Desktop\QuickBooksAutoDataRecovery
2016-06-14 10:07 - 2014-10-20 11:26 - 00000000 ____D C:\quickbooks files
2016-06-14 07:46 - 2009-07-14 01:08 - 00032616 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-06-13 16:24 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-06-11 19:12 - 2015-06-30 11:20 - 00000000 ____D C:\Users\Luke\AppData\Roaming\SoftGrid Client
2016-06-02 12:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2016-05-27 03:20 - 2015-04-04 20:56 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-27 03:20 - 2015-04-04 20:56 - 00000000 ___SD C:\windows\system32\GWX

==================== Files in the root of some directories =======

2013-07-26 14:18 - 2013-07-26 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\rpluke\jagex_runescape_preferences.dat
C:\Users\rpluke\jagex_runescape_preferences2.dat

Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\HPPSdr.exe
C:\Users\rpluke\AppData\Local\Temp\Abspdf.exe
C:\Users\rpluke\AppData\Local\Temp\acfpdfu.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfui.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\rpluke\AppData\Local\Temp\cdintf.dll
C:\Users\rpluke\AppData\Local\Temp\dplinst.exe
C:\Users\rpluke\AppData\Local\Temp\GUR45B7.exe
C:\Users\rpluke\AppData\Local\Temp\GURC68D.exe
C:\Users\rpluke\AppData\Local\Temp\install_reader11_en_gtbp_chrd_aih.exe
C:\Users\rpluke\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\rpluke\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\rpluke\AppData\Local\Temp\PDFPRT400.exe
C:\Users\rpluke\AppData\Local\Temp\setup.exe
C:\Users\rpluke\AppData\Local\Temp\utz_bhus.dll
C:\Users\rpluke\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-19 14:54

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Luke (2016-06-20 12:22:16)
Running from C:\Users\Luke\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-02 14:07:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2233979149-4233434921-1847507767-500 - Administrator - Disabled)
Guest (S-1-5-21-2233979149-4233434921-1847507767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2233979149-4233434921-1847507767-1002 - Limited - Enabled)
Luke (S-1-5-21-2233979149-4233434921-1847507767-1006 - Administrator - Enabled) => C:\Users\Luke
QBDataServiceUser24 (S-1-5-21-2233979149-4233434921-1847507767-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser24
Richard P. Luke (S-1-5-21-2233979149-4233434921-1847507767-1004 - Limited - Enabled) => C:\Users\Richard P. Luke.rpluke-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Active@ UNDELETE (HKLM-x32\...\Active@ UNDELETE) (Version: - )
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.3.2 build 2312 (Sep-13-2012) - Carbonite)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{89263C19-557E-4D23-AAD7-113F6175DFC1}) (Version: 1.5.402.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DJ3525FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 3500-4500 Series (HKLM\...\Lexmark 3500-4500 Series) (Version: - Lexmark International, Inc.)
Lexmark Fax Solutions (HKLM\...\Lexmark Fax Solutions) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyLabel Designer Deluxe (HKLM-x32\...\{9D9C6FD3-1B43-43D7-AA90-94E643A312BD}) (Version: 8.0.0.0 - Avanquest USA, LLC)
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickBooks (x32 Version: 19.0.4013.705 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4013.705 - Intuit Inc.)
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{C5A62BD3-AF28-47C5-A5BD-5B0F92A94F5A}) (Version: 1.4.1 - SlimWare Utilities, Inc.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11C4BCB3-8A1C-4368-B46C-52905D4403C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {26E617DA-163A-4F66-9ED3-D18DD288DDF8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {2CDE5F3D-7D9E-47F0-A672-29A6C490909A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {444C5634-3F5A-4396-B7F1-82B27BEA3BF0} - System32\Tasks\HP AR Program Upload - dd2e32d36bfe40a8b0cf07d42bd4d6bda15b567946f544b9949c33df5709b460 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {5FF302DF-C2E5-4AC0-A9C5-C7F23A9F393C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {6272E94A-7D59-4674-BE1A-7AD3B5AF22E4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {63F269C7-8B4A-498D-A86A-132ACF6094DC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {674F62FD-D05C-48F3-9426-1A1903AE89D2} - System32\Tasks\HP AR Program Upload - 6d2525a27ac8449180447fcae82a2d22da66b744b29f49dd8f7d8fa00bd0b9fd => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7ECA217F-5EE4-4560-B3AF-526CFF0F0A60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {96C07585-2EAF-4114-9CAC-877B5F0850E2} - System32\Tasks\HP AR Program Upload - 76c7104eb58a416aa85a7ca45c9fb712aef1dcc13fdb43eaa35083e39f220e7b => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {AE7CFAA2-DBE3-4DBF-A406-0785460148B8} - System32\Tasks\HP AR Program Upload - e0d9687ddc9f4a35a00d0350b09537311c9d80ef6c914328950fdeb93110cd84 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D941DBEE-4100-4D21-97AC-1C223C3A411D} - System32\Tasks\HP AR Program Upload - 1eb4c2c179694a67862cbc719146cc70331380debe5d469aa3a893b8cd2f0634 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DF0BD2CB-9181-4963-9944-BC77E569EC70} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {E58A50C8-9C7C-4ADF-BC37-7EE3E50A46F6} - System32\Tasks\HP AR Program Upload - 70005777ff9e4cb883863b5be266bc003b494f40cae8441999dec37560dc9b31 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {F6418AAB-C759-4353-9DC5-B83DA0FA6030} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FAE2DFEB-6B9B-4BBF-AADB-65428518989D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core.job => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA.job => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-15 10:36 - 2007-02-22 03:15 - 00045056 _____ () C:\windows\System32\LXF3PMON.DLL
2011-09-15 10:36 - 2006-11-07 11:02 - 00036864 _____ () C:\windows\System32\LXF3OEM.DLL
2011-09-15 10:35 - 2007-02-22 03:11 - 00081408 _____ () C:\Program Files (x86)\Lexmark Fax Solutions\ipcmt64.dll
2011-09-15 10:36 - 2007-02-22 03:15 - 00003584 _____ () C:\windows\System32\LXF3PMRC.DLL
2012-03-18 14:05 - 2007-03-15 23:11 - 00138240 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll
2016-05-12 09:36 - 2016-05-12 09:36 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2011-08-24 02:30 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\rpluke\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766 [638]
AlternateDataStreams: C:\Users\rpluke\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964 [638]
AlternateDataStreams: C:\Users\rpluke\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923 [638]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe" /s
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: Google Update => "C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: lxdiamon => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe"
MSCONFIG\startupreg: lxdimon.exe => "C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe"
MSCONFIG\startupreg: MapsGalaxy AppIntegrator 32-bit => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator.exe
MSCONFIG\startupreg: MapsGalaxy AppIntegrator 64-bit => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe
MSCONFIG\startupreg: MapsGalaxy EPM Support => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
MSCONFIG\startupreg: RoxWatchTray => "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{079215A6-BF79-4459-8886-5EBC2B5DB96E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF5B6C4F-EAEE-4450-9E6B-34A3A7AD617D}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{3964FFF7-1505-4795-9C22-2FDA598B9456}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EE784847-1C86-4196-BD48-66BA38354734}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A796783-E2A7-44F3-9227-D4FD620E10C6}] => (Allow) LPort=2869
FirewallRules: [{FE1805EB-EC81-4973-95D3-692D36E2E53D}] => (Allow) LPort=1900
FirewallRules: [{808C7C1B-DA7D-4046-8B02-6C47E121F8C6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{063E5A9D-4C1C-42E6-A363-338EDC3E3291}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2FC72722-6563-4D15-9932-CB7BD0AB6F69}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [{95AF1FD2-3071-446F-B5E2-689A1769A4FC}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [TCP Query User{F37DE1F0-5B7C-42FF-949D-A1650B68A7E3}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe
FirewallRules: [UDP Query User{CFEFEC3F-C83C-4B36-8888-C406532ABAE0}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe
FirewallRules: [TCP Query User{9A67A706-9EC6-4609-8F86-3C757010A078}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe] => (Allow) C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe
FirewallRules: [UDP Query User{468659C3-FD6B-4A15-9547-AC39C78EEE05}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe] => (Allow) C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe
FirewallRules: [{F6DC4C70-C457-474A-91E3-327A0FD6738C}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\TroubleShooter.exe
FirewallRules: [{A5322586-2D4E-44B5-A436-E2577A83AAAC}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\TroubleShooter.exe
FirewallRules: [{A7E9D9FE-EE7E-4C93-BB3F-8B95F092ECD7}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\ToolbarUpdate.exe
FirewallRules: [{8B80A696-81CC-452A-822A-3AA1E1C6B273}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\ToolbarUpdate.exe
FirewallRules: [{7899ABE3-E347-42F9-A9E2-7D27FF4C8C51}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{2BC0CBEC-F6DC-4316-9C02-D992B9B43532}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{C9413B91-66FE-4355-A565-7F2458DF79D0}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{7DE07FEF-D64C-4BF9-9E01-5AC694E9A7B8}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{3393369D-64BA-4D99-9305-F69FCEA7A8A1}] => (Allow) C:\Windows\System32\lxdicoms.exe
FirewallRules: [{B32873C6-2F12-4403-BC4F-235D69E57A8C}] => (Allow) C:\Windows\System32\lxdicoms.exe
FirewallRules: [{4E4ADBF0-8EF1-4390-910B-627C0F5F03F0}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
FirewallRules: [{8C0F74C2-A5D9-4303-8281-3988F60EB191}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
FirewallRules: [{2DC415E6-9BDE-48D2-BC2C-CB8A3725B6CD}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{ECF96635-2407-41CA-B95F-9B6A98E269B1}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{CC22EBB9-8566-432A-9513-33DA4C8404C7}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
FirewallRules: [{8ACB1EFE-B7A8-4CA5-BDC9-D60A9BB43B26}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
FirewallRules: [{0AE9C3A0-30BB-42F0-9910-C566BAF44146}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{ED301484-C6DB-49FA-AE29-BF0F0502CD2D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{9BEE3BFC-FAD4-464B-9A3F-62D777F25827}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxditime.exe
FirewallRules: [{3FF5C28E-AF83-404F-9883-B377B63D8ECF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxditime.exe
FirewallRules: [TCP Query User{12DE12EB-AC98-4F32-B093-B2874E82F10B}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [UDP Query User{7FDC8DF9-FB38-4A14-B8DD-4EF44C4A2A1D}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [{09002221-659D-4010-847A-66A9FFDE31F5}] => (Allow) C:\Users\rpluke\AppData\Local\Temp\7zS3B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{E9E1D0E8-8D0E-40E0-921B-3AF31D65498B}] => (Allow) C:\Users\rpluke\AppData\Local\Temp\7zS3B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{0B585A8D-71B6-475C-AF20-0C009F2AB9B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{2DDF5073-E980-4BC9-9723-31A59DF65904}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{606A2E2D-B46F-407A-8C02-15FB53393830}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DCC4C21C-C5AC-4D1A-BBC9-493C759841B5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A6097FE0-F416-4A39-BDAE-5A7357007BD3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D575371B-1787-431A-96D4-556838FB5AFB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E0EBF8E7-2245-4FB1-9FE8-728D35E66386}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D4CEF7DC-38AF-450C-84CC-8D33E3F17FBE}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0DC1\HPDiagnosticCoreUI.exe
FirewallRules: [{D5729D92-8CBC-4F89-8C2E-4F9203FF844E}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0DC1\HPDiagnosticCoreUI.exe
FirewallRules: [{06401AFB-6083-47FB-BE89-3B1C591E55BD}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0E5E\HPDiagnosticCoreUI.exe
FirewallRules: [{D831BA0C-5BB8-4EDC-8DC5-C6FBF07100F3}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0E5E\HPDiagnosticCoreUI.exe
FirewallRules: [{335171AA-0E6C-4B20-83C8-A1649F8DC453}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS453C\HPDiagnosticCoreUI.exe
FirewallRules: [{B4BB8DFD-D915-481B-B621-287D903063E8}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS453C\HPDiagnosticCoreUI.exe
FirewallRules: [{86FFFB19-12A8-496C-9B8D-4F05330994AF}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5D7D\HPDiagnosticCoreUI.exe
FirewallRules: [{6988605F-CC62-40C4-9F69-F4AB8FEBA928}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5D7D\HPDiagnosticCoreUI.exe
FirewallRules: [{70E434C9-E424-4941-9672-4F09C16D0FCD}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5DF9\HPDiagnosticCoreUI.exe
FirewallRules: [{2267C23E-E837-4C15-9FA0-D86BC748258F}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5DF9\HPDiagnosticCoreUI.exe
FirewallRules: [{147D715F-5D23-400C-B6C3-9385CB53A5A3}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS62DB\HPDiagnosticCoreUI.exe
FirewallRules: [{E6F25767-36A2-4D20-BC4B-E5D443A26A82}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS62DB\HPDiagnosticCoreUI.exe
FirewallRules: [{F4A72FA3-5AA9-4101-B8A7-84FF699BFC95}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS7D97\HPDiagnosticCoreUI.exe
FirewallRules: [{F625FE3E-A002-4B91-8EC7-A6BBEBB0ACA8}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS7D97\HPDiagnosticCoreUI.exe
FirewallRules: [{70937669-BFCB-454D-9CB1-66DBF5B5A815}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7E591D6-46E9-42C5-8A33-7C07FDD14CED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

24-05-2016 09:08:53 Windows Update
27-05-2016 03:01:03 Windows Update
30-05-2016 13:25:46 Windows Update
02-06-2016 21:52:40 Windows Update
06-06-2016 16:47:59 Windows Update
09-06-2016 21:02:26 Windows Update
13-06-2016 08:53:47 Windows Update
17-06-2016 20:08:22 Windows Update
18-06-2016 11:12:40 Windows Update
20-06-2016 12:06:20 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/20/2016 12:06:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d4fe3ee3-250e-43f7-a7cf-daeecec43fc7}

Error: (06/20/2016 11:59:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TeamViewer_Service.exe, version: 9.0.41110.0, time stamp: 0x55261ad4
Faulting module name: TeamViewer_Service.exe, version: 9.0.41110.0, time stamp: 0x55261ad4
Exception code: 0x40000015
Fault offset: 0x0030b027
Faulting process id: 0x1040
Faulting application start time: 0xTeamViewer_Service.exe0
Faulting application path: TeamViewer_Service.exe1
Faulting module path: TeamViewer_Service.exe2
Report Id: TeamViewer_Service.exe3

Error: (06/20/2016 11:59:15 AM) (Source: Application Virtualization Client) (EventID: 2005) (User: )
Description: The Application Virtualization Core Service could not contact the Service Control Dispatcher.

Error: (06/20/2016 11:59:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/20/2016 01:28:28 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/19/2016 06:54:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2016 09:23:33 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/18/2016 03:22:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/18/2016 03:16:50 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Error: (06/18/2016 03:05:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (06/20/2016 12:00:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The TeamViewer 9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.

Error: (06/20/2016 11:59:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (06/20/2016 11:59:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%-2147467243 = The class is configured to run as a security id different from the caller

Error: (06/20/2016 11:59:03 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Application Virtualization Client service terminated with the following error:
%%-2147467243 = The class is configured to run as a security id different from the caller

Error: (06/20/2016 11:58:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SlimWare Utility Service Launcher service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (06/20/2016 11:57:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdiCATSCustConnectService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.

Error: (06/20/2016 11:57:56 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Error: (06/20/2016 11:56:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
%%3 = The system cannot find the path specified.

Error: (06/20/2016 11:56:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.

Error: (06/20/2016 11:55:34 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\IWMSSvc.dll

CodeIntegrity:
===================================
Date: 2015-06-21 15:35:25.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Antivirus\HitmanPro35.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-06-21 15:35:25.064
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Antivirus\HitmanPro35.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-06-21 15:34:58.887
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Antivirus\HitmanPro35.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-06-21 15:34:58.606
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Antivirus\HitmanPro35.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 81%
Total physical RAM: 2979.17 MB
Available physical RAM: 562.29 MB
Total Virtual: 5956.53 MB
Available Virtual: 3252.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:200.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 71895B4D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
RKinner

Posted 20 June 2016 - 12:24 PM

Malware Expert

Expert
24,625 posts

Go into msconfig and check everything under Startup and Services. Apply. Under the Boot tab check Check boot log and then OK.

Reboot.

Clear the Java Cache by following the instructions on

http://www.java.com/...lugin_cache.xml

You do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 7 Update 21

Java™ 6 Update 24

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall:

Bing Bar

Google Toolbar for Internet Explorer

Skype Toolbars

SlimCleaner Plus

If you do not pay for it then uninstall

Carbonite

If you are not using it then uninstall TeamViewer 9

Download the attached fixlist.txt to the same location as FRST

[attachment=81559:fixlist.txt]

Run FRST and press Fix

A fix log will be generated please post that before going on.

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top about 10 lines down.) Save the file. Attach the file to your next post. (More Reply Options, Choose File, Open, Attach This File) Uninstall Speccy.

#5
monkeyboyblues

Posted 25 June 2016 - 07:50 AM

Member

Topic Starter
Member
146 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by Luke (administrator) on RPLUKE-PC (25-06-2016 08:41:06)
Running from C:\Users\Luke\Downloads
Loaded Profiles: QBDataServiceUser24 & Luke (Available Profiles: Richard P. Luke & QBDataServiceUser24 & Luke)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [lxdimon.exe] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [MapsGalaxy EPM Support] => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 64-bit] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-08] (Google)
HKLM-x32\...\Run: [FaxCenterServer] => C:\Program Files (x86)\\Lexmark Fax Solutions\fm3032.exe [312240 2007-05-07] ()
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\...\Run: [Google Update] => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-18\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-10-08] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-10-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-10-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-10-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2586DD56-5E75-4A1E-B93F-90A97320C324}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8184F250-DCBA-43B6-A3C2-6B773F6C6F7E}: [DhcpNameServer] 192.168.1.1 71.250.0.12

Internet Explorer:
==================
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2233979149-4233434921-1847507767-1006 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=PhCGb1TUaj3O1lvSLKwwzAxWCus?q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll [2010-05-03] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\sq7f9n4y.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-31]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-08] (Google)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 lxdi_device; C:\windows\SysWOW64\lxdicoms.exe [517040 2007-06-11] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-06-26] (Intuit, Inc.) [File not signed]
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 08:40 - 2016-06-25 08:40 - 00000000 ____D C:\Users\Luke\Downloads\FRST-OlderVersion
2016-06-24 08:08 - 2016-06-24 08:08 - 00000000 ____D C:\1f4c50587cad276d64e2796ec98ebf41
2016-06-21 16:22 - 2016-06-21 16:23 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Roaming\Mozilla
2016-06-21 16:22 - 2016-06-21 16:22 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\Mozilla
2016-06-21 16:16 - 2016-06-21 16:16 - 00007396 _____ C:\Users\Luke\Desktop\fixlist.txt
2016-06-21 15:49 - 2016-06-21 15:49 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\Sun
2016-06-21 15:41 - 2016-06-21 15:41 - 00000000 ____D C:\Users\Luke\AppData\Roaming\HpUpdate
2016-06-21 15:39 - 2016-06-21 15:39 - 00000000 ____D C:\Users\Luke\AppData\Local\Dell
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Roxio
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Fingertapps
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dell
2016-06-21 15:36 - 2016-06-21 15:36 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Intel Corporation
2016-06-21 15:36 - 2016-06-21 15:36 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dell Touch Zone
2016-06-20 12:22 - 2016-06-20 12:24 - 00041717 _____ C:\Users\Luke\Downloads\Addition.txt
2016-06-20 12:19 - 2016-06-25 08:41 - 00019923 _____ C:\Users\Luke\Downloads\FRST.txt
2016-06-20 12:18 - 2016-06-25 08:41 - 00000000 ____D C:\FRST
2016-06-20 12:17 - 2016-06-25 08:40 - 02387456 _____ (Farbar) C:\Users\Luke\Downloads\FRST64.exe
2016-06-20 12:04 - 2016-06-20 12:04 - 01610816 _____ (Malwarebytes) C:\Users\Luke\Downloads\JRT.exe
2016-06-20 11:48 - 2016-06-20 11:54 - 00000000 ____D C:\AdwCleaner
2016-06-20 11:48 - 2016-06-20 11:48 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner(1).exe
2016-06-20 11:46 - 2016-06-20 11:46 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner.exe
2016-06-20 11:44 - 2016-06-20 11:44 - 00000000 ____D C:\Users\Luke\AppData\Local\Macromedia
2016-06-20 11:38 - 2016-06-20 11:45 - 00000000 ____D C:\Users\Luke\AppData\Local\Mozilla
2016-06-20 11:38 - 2016-06-20 11:39 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Mozilla
2016-06-20 11:37 - 2016-06-20 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-20 11:37 - 2016-06-20 11:37 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-20 11:35 - 2016-06-20 11:36 - 00242136 _____ C:\Users\Luke\Desktop\Firefox Setup Stub 47.0.exe
2016-06-17 20:23 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-17 20:23 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-17 20:23 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-17 20:23 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-17 20:23 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-17 20:23 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-17 20:23 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-17 20:23 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-17 20:23 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-17 20:23 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-17 20:23 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-17 20:23 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-17 20:23 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-17 20:23 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-17 20:23 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-17 20:23 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-17 20:22 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-17 20:22 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-17 15:24 - 2016-06-21 16:08 - 00000000 ____D C:\Users\Luke\AppData\Roaming\TeamViewer
2016-06-17 13:04 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-17 13:04 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-17 13:04 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-17 13:03 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-17 13:03 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-17 13:03 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-17 13:03 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-17 13:03 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-17 13:02 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-17 13:02 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-17 13:02 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-17 13:02 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-17 13:02 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-17 13:02 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-17 13:02 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-17 13:02 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-17 13:02 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-17 13:02 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-06-17 13:02 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-06-17 13:02 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-06-17 13:02 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-06-17 13:01 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-17 13:01 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-17 13:01 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-08 17:27 - 2016-06-08 17:27 - 04260592 _____ C:\Users\Luke\Desktop\trim66.7087D436-D603-4598-923A-6C6D86AC154C.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-25 08:41 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 08:41 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 08:39 - 2015-06-28 21:07 - 00000000 ____D C:\Users\Luke\AppData\Local\Google
2016-06-25 08:39 - 2015-06-22 12:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 08:36 - 2013-12-18 11:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-06-25 08:36 - 2011-09-21 11:02 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA.job
2016-06-25 05:08 - 2014-10-10 15:28 - 00000000 ____D C:\Users\Luke\Desktop\QuickBooksAutoDataRecovery
2016-06-25 05:03 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-24 17:08 - 2011-09-21 11:02 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core.job
2016-06-24 08:27 - 2013-03-21 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-24 08:27 - 2013-03-21 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 08:24 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-06-24 08:20 - 2013-03-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-24 08:12 - 2014-10-10 10:55 - 00000000 ____D C:\Users\QBDataServiceUser24
2016-06-24 08:10 - 2015-06-22 17:19 - 00000000 ____D C:\Users\Luke
2016-06-21 16:29 - 2015-06-22 17:22 - 00283976 _____ C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:28 - 2011-10-08 10:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-21 16:28 - 2009-07-14 00:45 - 00872760 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-21 16:21 - 2011-11-21 08:15 - 00283976 _____ C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:08 - 2011-11-18 10:28 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC
2016-06-21 16:07 - 2011-11-18 10:23 - 00000000 ____D C:\ProgramData\Carbonite
2016-06-21 15:57 - 2011-08-24 03:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-21 15:37 - 2011-08-24 03:01 - 00000000 ____D C:\ProgramData\Sonic
2016-06-21 15:36 - 2015-06-22 18:31 - 00000000 ____D C:\Users\Luke\AppData\Local\Intuit
2016-06-21 15:32 - 2015-06-21 15:38 - 00000000 ____D C:\windows\pss
2016-06-19 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-06-18 13:20 - 2011-11-21 08:15 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\Google
2016-06-18 11:01 - 2014-12-11 04:35 - 00000000 ____D C:\windows\system32\appraiser
2016-06-17 20:39 - 2013-08-15 03:02 - 00000000 ____D C:\windows\system32\MRT
2016-06-17 20:20 - 2011-09-06 09:21 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-16 16:50 - 2013-12-18 11:08 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 16:50 - 2013-12-18 11:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 16:50 - 2011-08-24 02:31 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 19:31 - 2013-12-16 18:29 - 00889344 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.bcf
2016-06-14 19:31 - 2013-12-16 18:29 - 00330643 _____ C:\Users\Luke\Documents\Christmas Card List 2013.mlb
2016-06-14 19:31 - 2013-12-16 18:29 - 00002396 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.fsif
2016-06-14 19:31 - 2013-12-16 18:29 - 00001748 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.msif
2016-06-14 17:33 - 2009-07-14 01:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-14 17:33 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-14 10:07 - 2014-10-20 11:26 - 00000000 ____D C:\quickbooks files
2016-06-14 07:46 - 2009-07-14 01:08 - 00032616 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-06-11 19:12 - 2015-06-30 11:20 - 00000000 ____D C:\Users\Luke\AppData\Roaming\SoftGrid Client
2016-06-02 12:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2016-05-27 03:20 - 2015-04-04 20:56 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-05-27 03:20 - 2015-04-04 20:56 - 00000000 ___SD C:\windows\system32\GWX

==================== Files in the root of some directories =======

2013-07-26 14:18 - 2013-07-26 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\rpluke\jagex_runescape_preferences.dat
C:\Users\rpluke\jagex_runescape_preferences2.dat

Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\HPPSdr.exe
C:\Users\rpluke\AppData\Local\Temp\Abspdf.exe
C:\Users\rpluke\AppData\Local\Temp\acfpdfu.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfui.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\rpluke\AppData\Local\Temp\cdintf.dll
C:\Users\rpluke\AppData\Local\Temp\dplinst.exe
C:\Users\rpluke\AppData\Local\Temp\GUR45B7.exe
C:\Users\rpluke\AppData\Local\Temp\GURC68D.exe
C:\Users\rpluke\AppData\Local\Temp\install_reader11_en_gtbp_chrd_aih.exe
C:\Users\rpluke\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\rpluke\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\rpluke\AppData\Local\Temp\PDFPRT400.exe
C:\Users\rpluke\AppData\Local\Temp\setup.exe
C:\Users\rpluke\AppData\Local\Temp\utz_bhus.dll
C:\Users\rpluke\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-19 14:54

==================== End of FRST.txt ============================

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2016 9:21:51 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 24/06/2016 12:09:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/06/2016 12:44:25 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 19/06/2016 10:52:47 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/05/2016 10:25:11 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 13/05/2016 12:29:53 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/05/2016 7:35:32 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/04/2016 7:22:43 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/02/2016 5:12:10 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2016 9:05:05 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Dell SupportAssist Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 25/06/2016 9:05:05 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.

Log: 'System' Date/Time: 25/06/2016 9:04:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 25/06/2016 9:04:11 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Log: 'System' Date/Time: 25/06/2016 9:04:11 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 25/06/2016 9:04:11 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Log: 'System' Date/Time: 24/06/2016 12:34:52 PM
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 43. The internal error state is 252.

Log: 'System' Date/Time: 24/06/2016 12:34:52 PM
Type: Error Category: 0
Event: 36888 Source: Schannel
The following fatal alert was generated: 43. The internal error state is 252.

Log: 'System' Date/Time: 24/06/2016 12:29:33 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Dell SupportAssist Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2016 12:29:33 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.

Log: 'System' Date/Time: 24/06/2016 12:28:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2016 12:28:39 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Log: 'System' Date/Time: 24/06/2016 12:28:39 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2016 12:28:39 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

Log: 'System' Date/Time: 24/06/2016 12:11:37 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Dell SupportAssist Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2016 12:11:37 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Dell SupportAssist Agent service to connect.

Log: 'System' Date/Time: 24/06/2016 12:10:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 24/06/2016 12:10:50 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the lxdiCATSCustConnectService service to connect.

Log: 'System' Date/Time: 24/06/2016 12:10:13 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 8:08:47 AM on ?6/?24/?2016 was unexpected.

Log: 'System' Date/Time: 24/06/2016 12:01:41 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/06/2016 12:36:47 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name qb24bgocd.quickbooks.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:22:57 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:21:27 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:19:32 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:19:19 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:17:14 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:17:05 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:16:33 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:16:24 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:15:39 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:04:55 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 25/06/2016 9:03:04 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/06/2016 12:04:03 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 24/06/2016 11:48:29 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name watson.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 11:48:07 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 9:08:48 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 9:08:34 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 4:28:15 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 4:28:08 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/06/2016 2:56:25 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sync.adaptv.advertising.com timed out after none of the configured DNS servers responded.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 25/06/2016 9:24:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/06/2016 9:16:05 AM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Log: 'Application' Date/Time: 25/06/2016 9:05:18 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/06/2016 11:48:14 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 24/06/2016 12:29:48 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/06/2016 12:22:58 PM
Type: Error Category: 1
Event: 100 Source: CVHSVC
Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

Log: 'Application' Date/Time: 24/06/2016 12:16:56 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {27477cc6-885e-4f66-b9ba-e2b6fde5a053}

Log: 'Application' Date/Time: 24/06/2016 12:12:07 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/06/2016 12:06:50 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {befcefa3-b50d-4e2c-8193-a79d2eca18c8}

Log: 'Application' Date/Time: 24/06/2016 12:02:37 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 24/06/2016 12:46:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 23/06/2016 7:56:05 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: bb4 Start Time: 01d1cd59b6309507 Termination Time: 193 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id:

Log: 'Application' Date/Time: 23/06/2016 3:00:18 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 23/06/2016 2:10:19 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 22/06/2016 6:35:43 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 16f0 Start Time: 01d1ccb3e918909b Termination Time: 64 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id:

Log: 'Application' Date/Time: 22/06/2016 3:07:58 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-CEIP
A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Log: 'Application' Date/Time: 22/06/2016 9:35:29 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 8:30:53 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 21/06/2016 8:05:30 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {184b8aba-02c6-420b-80d3-f274fc63a0ec}

Log: 'Application' Date/Time: 21/06/2016 7:58:38 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {184b8aba-02c6-420b-80d3-f274fc63a0ec}

Log: 'Application' Date/Time: 21/06/2016 7:57:41 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {184b8aba-02c6-420b-80d3-f274fc63a0ec}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 25/06/2016 9:16:05 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Failed to complete bits job

Log: 'Application' Date/Time: 25/06/2016 9:05:46 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=5BC}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 25/06/2016 9:05:37 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=5BC}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 24/06/2016 12:40:18 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 24/06/2016 12:40:18 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 24/06/2016 12:30:07 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=1374}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 24/06/2016 12:29:49 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=1374}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 24/06/2016 12:26:24 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   7 user registry handles leaked from \Registry\User\S-1-5-21-2233979149-4233434921-1847507767-1006:
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Policies
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Internet Explorer\Main
Process 516 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl

Log: 'Application' Date/Time: 24/06/2016 12:22:57 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. Failed to complete bits job

Log: 'Application' Date/Time: 24/06/2016 12:16:52 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{45cd49f7-dc9e-11e0-b050-ac7289372ee9}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Log: 'Application' Date/Time: 24/06/2016 12:12:37 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=10E8}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 24/06/2016 12:12:16 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=10E8}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 24/06/2016 12:06:47 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{45cd49f7-dc9e-11e0-b050-ac7289372ee9}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
   Removing auto-release shadow copies
   Loading provider

Context:
   Execution Context: System Provider

Log: 'Application' Date/Time: 24/06/2016 12:02:51 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=13E0}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 24/06/2016 12:02:38 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=13E0}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 24/06/2016 12:47:20 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=12B4}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 24/06/2016 12:47:06 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=12B4}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 23/06/2016 2:20:53 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 23/06/2016 2:20:53 PM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 23/06/2016 2:10:45 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=1394}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: RPLUKE-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Process   CPU   Private Bytes   Working Set   PID   Description   Company Name   Verified Signer
AdobeARM.exe       4,416 K   11,384 K   3440   Adobe Reader and Acrobat Manager   Adobe Systems Incorporated   (Verified) Adobe Systems
AESTSr64.exe       1,000 K   2,820 K   1864   Andrea filters APO access service (64-bit)   Andrea Electronics Corporation   (Verified) Microsoft Windows Hardware Compatibility Publisher
armsvc.exe       1,176 K   4,184 K   1756   Adobe Acrobat Update Service   Adobe Systems Incorporated   (Verified) Adobe Systems
audiodg.exe       22,488 K   24,444 K   2572   Windows Audio Device Graph Isolation    Microsoft Corporation   (Verified) Microsoft Windows
btplayerctrl.exe       2,112 K   5,668 K   5272   Bluetooth Media Player Controller   Intel Corporation   (No signature was present in the subject) Intel Corporation
conhost.exe       1,452 K   4,788 K   5512   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
conhost.exe       892 K   2,796 K   1560   Console Window Host   Microsoft Corporation   (Verified) Microsoft Windows
CVHSVC.EXE       5,164 K   10,548 K   4768   Microsoft Office Client Virtualization Service    Microsoft Corporation   (Verified) Microsoft Corporation
DellDataVault.exe       8,824 K   16,600 K   5344   Dell Data Vault Service   Dell Inc.   (Verified) Techporch Incorporated
DellDataVaultWiz.exe       5,312 K   11,140 K   5396   Dell Data Vault Wizard   Dell Inc.   (Verified) Techporch Incorporated
devmonsrv.exe       2,580 K   6,632 K   1900   Bluetooth Device Monitor   Intel Corporation   (No signature was present in the subject) Intel Corporation
dllhost.exe       2,412 K   7,420 K   2108   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
dllhost.exe       2,028 K   5,844 K   5968   COM Surrogate   Microsoft Corporation   (Verified) Microsoft Windows
EvtEng.exe       6,968 K   15,252 K   1992   Intel® PROSet/Wireless Event Log Service   Intel® Corporation   (Verified) Intel Corporation - Mobile Wireless Group
GWX.exe       3,832 K   844 K   1860   GWX   Microsoft Corporation   (Verified) Microsoft Windows
hidfind.exe       1,520 K   4,552 K   5680   Alps Pointing-device Driver   Alps Electric Co., Ltd.   (Verified) Alps Electric Co.
hkcmd.exe       2,184 K   6,432 K   2596   hkcmd Module   Intel Corporation   (Verified) Intel Corporation
hpwuschd2.exe       960 K   3,800 K   3916   hpwuSchd Application   Hewlett-Packard   (Verified) Hewlett-Packard Company
iFrmewrk.exe       8,784 K   20,896 K   2732   Intel® PROSet/Wireless Framework   Intel® Corporation   (Verified) Intel Corporation - Mobile Wireless Group
igfxpers.exe       3,212 K   9,540 K   2624   persistence Module   Intel Corporation   (Verified) Intel Corporation
igfxtray.exe       2,344 K   6,608 K   2556   igfxTray Module   Intel Corporation   (Verified) Intel Corporation
ipoint.exe       7,032 K   17,200 K   2752   IPoint.exe   Microsoft Corporation   (Verified) Microsoft Corporation
lsm.exe       2,708 K   4,644 K   672   Local Session Manager Service   Microsoft Corporation   (Verified) Microsoft Windows
lxdiamon.exe       16,192 K   18,484 K   2836   Device Monitor Application       (Verified) Lexmark International
lxdicoms.exe       4,128 K   10,612 K   2900   Printer Communication System      (Verified) Lexmark International
lxdimon.exe       2,716 K   7,192 K   2816   Device Monitor       (Verified) Lexmark International
mbamscheduler.exe       5,908 K   10,820 K   2944   Malwarebytes Anti-Malware   Malwarebytes   (Verified) Malwarebytes Corporation
mbamservice.exe       356,268 K   157,436 K   2404   Malwarebytes Anti-Malware   Malwarebytes   (Verified) Malwarebytes Corporation
msseces.exe       6,080 K   14,540 K   2760   Microsoft Security Client User Interface   Microsoft Corporation   (Verified) Microsoft Corporation
NisSrv.exe       17,840 K   10,724 K   5220   Microsoft Network Realtime Inspection Service   Microsoft Corporation   (Verified) Microsoft Corporation
procexp.exe       2,360 K   7,632 K   6536   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
QBCFMonitorService.exe       9,088 K   15,444 K   3132   QuickBooks Company File Monitoring Service   Intuit   (No signature was present in the subject) Intuit
QBIDPService.exe       8,276 K   13,108 K   3404   QBIDPService   Intuit Inc.   (No signature was present in the subject) Intuit Inc.
qbupdate.exe       13,156 K   24,312 K   2472   QuickBooks Automatic Update   Intuit Inc.   (Verified) Intuit
quickset.exe       8,312 K   10,448 K   2708   QuickSet   Dell Inc.   (Verified) Dell Inc
RegSrvc.exe       1,980 K   6,492 K   3468   Intel® PROSet/Wireless Registry Service   Intel® Corporation   (Verified) Intel Corporation - Mobile Wireless Group
RoxioBurnLauncher.exe       4,372 K   12,652 K   3324   Roxio Burn Launcher       (Verified) Sonic Solutions
rundll32.exe       2,536 K   7,984 K   2740   Windows host process (Rundll32)   Microsoft Corporation   (Verified) Microsoft Windows
services.exe       6,396 K   12,600 K   624   Services and Controller app   Microsoft Corporation   (Verified) Microsoft Windows
sftlist.exe       7,636 K   16,904 K   4776   Microsoft Application Virtualization Client Service   Microsoft Corporation   (Verified) Microsoft Corporation
sftvsa.exe       1,396 K   4,980 K   3732   Microsoft Application Virtualization Virtual Service Agent   Microsoft Corporation   (Verified) Microsoft Corporation
smss.exe       444 K   1,152 K   336   Windows Session Manager   Microsoft Corporation   (Verified) Microsoft Windows
spoolsv.exe       9,144 K   16,968 K   1612   Spooler SubSystem App   Microsoft Corporation   (Verified) Microsoft Windows
sttray64.exe       8,412 K   18,964 K   2648   IDT PC Audio   IDT, Inc.   (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe       2,492 K   6,072 K   5172   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,728 K   4,896 K   3048   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       1,904 K   5,824 K   3988   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       27,092 K   26,308 K   312   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe       7,880 K   13,136 K   880   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
UNS.exe       3,068 K   7,400 K   7128   User Notification Service   Intel Corporation   (Verified) Intel Corporation
unsecapp.exe       1,484 K   5,048 K   4620   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
unsecapp.exe       1,696 K   6,012 K   6800   Sink to receive asynchronous callbacks for WMI client application   Microsoft Corporation   (Verified) Microsoft Windows
WebcamDell2.exe       48,528 K   8,140 K   3740   Webcam Central   Creative Technology Ltd   (No signature was present in the subject) Creative Technology Ltd
wininit.exe       1,460 K   4,580 K   564   Windows Start-Up Application   Microsoft Corporation   (Verified) Microsoft Windows
winlogon.exe       2,684 K   7,272 K   660   Windows Logon Application   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
wlanext.exe       8,084 K   18,136 K   1544   Windows Wireless LAN 802.11 Extensibility Framework   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVCM.EXE       1,200 K   3,404 K   4944   Microsoft® Windows Live ID Service Monitor   Microsoft Corp.   (Verified) Microsoft Corporation
WmiPrvSE.exe       9,480 K   15,644 K   1656   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WmiPrvSE.exe       4,940 K   9,324 K   3840   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
stacsv64.exe   < 0.01   13,296 K   9,732 K   952   IDT PC Audio   IDT, Inc.   (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe   < 0.01   13,724 K   17,068 K   1640   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
mediasrv.exe   < 0.01   4,084 K   7,992 K   4764   Bluetooth Media Service   Intel Corporation   (No signature was present in the subject) Intel Corporation
QBW32.EXE   < 0.01   53,680 K   91,880 K   2592   QuickBooks   Intuit Inc.   (Verified) Intuit
WmiPrvSE.exe   < 0.01   21,812 K   29,412 K   4392   WMI Provider Host   Microsoft Corporation   (Verified) Microsoft Windows
WLIDSVC.EXE   < 0.01   6,684 K   15,536 K   2252   Microsoft® Windows Live ID Service   Microsoft Corp.   (Verified) Microsoft Corporation
csrss.exe   < 0.01   2,172 K   4,876 K   440   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
IAStorIcon.exe   < 0.01   25,304 K   23,348 K   3884   IAStorIcon   Intel Corporation   (Verified) Intel Corporation
taskhost.exe   < 0.01   16,384 K   19,812 K   2216   Host Process for Windows Tasks   Microsoft Corporation   (No signature was present in the subject) Microsoft Corporation
svchost.exe   < 0.01   5,456 K   11,372 K   1952   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
lsass.exe   < 0.01   6,416 K   14,564 K   632   Local Security Authority Process   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   12,056 K   20,572 K   504   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   16,016 K   18,116 K   1428   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   70,448 K   81,868 K   476   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
SearchIndexer.exe   0.01   31,936 K   21,756 K   5016   Microsoft Windows Search Indexer   Microsoft Corporation   (Verified) Microsoft Windows
wmpnetwk.exe   0.01   14,968 K   13,392 K   3892   Windows Media Player Network Sharing Service   Microsoft Corporation   (Verified) Microsoft Windows
nusb3mon.exe   0.01   1,772 K   5,888 K   3748   USB 3.0 Monitor   Renesas Electronics Corporation   (Verified) Renesas Electronics Corporation
svchost.exe   0.01   30,184 K   47,476 K   444   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.01   13,252 K   17,264 K   6484   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
LMS.exe   0.02   2,676 K   5,224 K   5260   Local Manageability Service   Intel Corporation   (Verified) Intel Corporation
QBDBMgrN.exe   0.02   143,492 K   15,544 K   1984   Intuit Network Database Manager   Intuit, Inc.   (No signature was present in the subject) Intuit, Inc.
svchost.exe   0.03   5,292 K   11,636 K   796   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
svchost.exe   0.03   7,564 K   14,636 K   1444   Host Process for Windows Services   Microsoft Corporation   (Verified) Microsoft Windows
IAStorDataMgrSvc.exe   0.05   18,596 K   16,512 K   5464   IAStorDataSvc   Intel Corporation   (Verified) Intel Corporation
GoogleDesktop.exe   0.09   21,408 K   9,136 K   3964   Google Desktop   Google   (Verified) Google Inc
Apoint.exe   0.12   2,716 K   9,712 K   2692   Alps Pointing-device Driver   Alps Electric Co., Ltd.   (Verified) Alps Electric Co.
ApMsgFwd.exe   0.16   2,032 K   5,456 K   6084   ApMsgFwd   Alps Electric Co., Ltd.   (Verified) Alps Electric Co.
explorer.exe   0.22   46,676 K   72,332 K   2332   Windows Explorer   Microsoft Corporation   (Verified) Microsoft Windows
accuweather.exe   0.33   115,300 K   3,412 K   112   AccuWeather.com desktop weather widget       (No signature was present in the subject)
mbam.exe   0.43   35,228 K   56,600 K   612   Malwarebytes Anti-Malware   Malwarebytes   (Verified) Malwarebytes Corporation
ApntEx.exe   0.63   1,944 K   5,304 K   5276   Alps Pointing-device Driver for Windows NT/2000/XP/Vista   Alps Electric Co., Ltd.   (Verified) Alps Electric Co.
csrss.exe   0.70   3,072 K   27,884 K   588   Client Server Runtime Process   Microsoft Corporation   (Verified) Microsoft Windows
System   0.97   212 K   1,616 K   4
Interrupts   1.23   0 K   0 K   n/a   Hardware Interrupts and DPCs
dwm.exe   1.43   91,880 K   72,908 K   2272   Desktop Window Manager   Microsoft Corporation   (Verified) Microsoft Windows
firefox.exe   2.03   336,172 K   318,948 K   4808   Firefox   Mozilla Corporation   (Verified) Mozilla Corporation
MsMpEng.exe   4.11   142,012 K   167,656 K   968   Antimalware Service Executable   Microsoft Corporation   (Verified) Microsoft Corporation
procexp64.exe   4.32   28,148 K   49,452 K   4652   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com   (Verified) Microsoft Corporation
CCleaner64.exe   20.58   14,740 K   9,760 K   4928   CCleaner   Piriform Ltd   (Verified) Piriform Ltd
System Idle Process   62.40   0 K   24 K   0

#6
RKinner

Posted 25 June 2016 - 08:59 AM

Malware Expert

Expert
24,625 posts

I think you misunderstood what I wanted with the Fixlist. Once you down load it to the same folder as FRST you need to start up FRST then hit the FIX button not the Scan button.

Uninstall CCLeaner. It's hogging the CPU:

CCleaner64.exe 20.58 14,740 K 9,760 K 4928 CCleaner Piriform Ltd (Verified) Piriform Ltd

Uninstall these:

Lexmark 3500-4500 Series

Lexmark Fax Solutions

They are causing errors. If you still have the Lexmark Printer then you can download the latest software from Lexmark and reinstall.

You have Microsoft Office 2010 installed but still have

Microsoft Office Click-to-Run 2010

I do not think you need both and Click to Run is causing problems so please uninstall it.

Use IE and get and run the Fixit from http://support.micro...b;en-US;2545227

That will fix this error:

Log: 'Application' Date/Time: 21/06/2016 8:30:53 PM

Type: Error Category: 0

Event: 10 Source: Microsoft-Windows-WMI

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

To fix these:

Log: 'System' Date/Time: 24/06/2016 4:28:08 PM

Type: Warning Category: 0

Event: 1014 Source: Microsoft-Windows-DNS-Client

Name resolution for the name wpad.fios-router.home timed out after none of the configured DNS servers responded.

Open Internet Explorer, click on the gear icon in the upper right. Click on Internet Options then on Connections then on LAN Settings then UNCHECK all boxes then OK. Close IE.

Download the attached prolist.zip file and Save it.

[attachment=81624:prolist.zip]

Right click on the file and Extract All. Find prolist.reg and right click on it and Merge.

This should fix these errors:

Log: 'Application' Date/Time: 24/06/2016 12:06:50 PM

Type: Error Category: 0

Event: 8193 Source: VSS

Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid. .

Operation:

OnIdentify event

Gathering Writer Data

Context:

Execution Context: Shadow Copy Optimization Writer

Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}

Writer Name: Shadow Copy Optimization Writer

Writer Instance ID: {befcefa3-b50d-4e2c-8193-a79d2eca18c8}

Once you have done all of the above then

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Make a new Process Explorer log and post it too.

#7
monkeyboyblues

Posted 25 June 2016 - 02:29 PM

Member

Topic Starter
Member
146 posts

I did an FRST Fix and now my keyboard is not working and the computer

is slow.

Should I do a system restore?

#8
monkeyboyblues

Posted 25 June 2016 - 03:38 PM

Member

Topic Starter
Member
146 posts

Ok I did one system restore and its good again.

#9
monkeyboyblues

Posted 25 June 2016 - 04:03 PM

Member

Topic Starter
Member
146 posts

Use IE and get and run the Fixit from http://support.micro...b;en-US;2545227

Not seeing any download for Fix it on this page..

#10
RKinner

Posted 25 June 2016 - 05:23 PM

Malware Expert

Expert
24,625 posts

Apparently they moved it. Try https://support.micr...n-us/kb/2545227

Not sure what happend with the fixlist. Can you find a fixlist.txt file?

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#11
monkeyboyblues

Posted 27 June 2016 - 08:15 AM

Member

Topic Starter
Member
146 posts

Still not finding FIX It from the link

FRST logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02
Ran by Luke (administrator) on RPLUKE-PC (27-06-2016 10:09:27)
Running from C:\Users\Luke\Desktop
Loaded Profiles: QBDataServiceUser24 & Luke (Available Profiles: Richard P. Luke & QBDataServiceUser24 & Luke)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
( ) C:\Windows\System32\lxdicoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
() C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [lxdimon.exe] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe [434856 2009-04-27] ()
HKLM\...\Run: [lxdiamon] => C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe [25256 2009-04-27] ()
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-06-26] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [MapsGalaxy EPM Support] => "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39medint.exe" T8EPMSUP.DLL,S
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 64-bit] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe
HKLM-x32\...\Run: [MapsGalaxy AppIntegrator 32-bit] => C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator.exe
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Google Desktop Search] => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-08] (Google)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\...\Run: [Google Update] => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-10-08] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-10-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-10-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-10-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2586DD56-5E75-4A1E-B93F-90A97320C324}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8184F250-DCBA-43B6-A3C2-6B773F6C6F7E}: [DhcpNameServer] 192.168.1.1 71.250.0.12

Internet Explorer:
==================
HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://yahoo.com/
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2233979149-4233434921-1847507767-1006 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = hxxp://127.0.0.1:4664/search&s=PhCGb1TUaj3O1lvSLKwwzAxWCus?q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18] (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll [2010-05-03] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll [2011-05-05] (Cozi Group, Inc.)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll [2012-05-12] (Intuit, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\sq7f9n4y.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-06-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-06-16] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2013-05-08] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-02-15] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-31]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-31]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-31]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-31]
CHR Extension: (Google Docs Offline) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-25]
CHR Extension: (No Name) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2016-06-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-25]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2557136 2015-02-26] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-02-26] (Dell Inc.)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-10-08] (Google)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 lxdi_device; C:\windows\system32\lxdicoms.exe [876976 2007-06-11] ( )
R2 lxdi_device; C:\windows\SysWOW64\lxdicoms.exe [517040 2007-06-11] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]
R3 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2014-06-26] (Intuit, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-04-10] (Dell Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-27] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-27 10:09 - 2016-06-27 10:09 - 00000000 ____D C:\Users\Luke\Desktop\FRST-OlderVersion
2016-06-25 16:25 - 2016-06-25 16:25 - 00000000 ____D C:\Users\Luke\AppData\Local\ElevatedDiagnostics
2016-06-25 15:46 - 2016-06-25 15:59 - 00019859 _____ C:\Users\Luke\Desktop\Fixlog.txt
2016-06-25 09:43 - 2016-06-25 09:43 - 00892561 _____ C:\Users\Luke\Desktop\RPLUKE-PC.txt
2016-06-25 09:41 - 2016-06-25 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-06-25 09:40 - 2016-06-25 17:29 - 00000000 ____D C:\Program Files\Speccy
2016-06-25 09:40 - 2016-06-25 09:40 - 00002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-25 09:39 - 2016-06-25 09:45 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-25 09:35 - 2016-06-25 09:36 - 05111240 _____ (Piriform Ltd) C:\Users\Luke\Downloads\spsetup129.exe
2016-06-25 09:33 - 2016-06-25 09:33 - 00011784 _____ C:\Users\Luke\Desktop\System Idle Process.txt
2016-06-25 09:25 - 2016-06-25 09:25 - 00018063 _____ C:\Users\Luke\Desktop\VEW application.txt
2016-06-25 09:22 - 2016-06-25 09:22 - 00012537 _____ C:\Users\Luke\Desktop\VEW.txt
2016-06-25 09:21 - 2016-06-25 09:24 - 00018063 _____ C:\VEW.txt
2016-06-25 09:18 - 2016-06-25 09:18 - 00000000 _____ C:\Program
2016-06-25 08:43 - 2016-06-27 10:10 - 00018756 _____ C:\Users\Luke\Desktop\FRST.txt
2016-06-24 08:08 - 2016-06-24 08:08 - 00000000 ____D C:\1f4c50587cad276d64e2796ec98ebf41
2016-06-21 16:22 - 2016-06-21 16:23 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Roaming\Mozilla
2016-06-21 16:22 - 2016-06-21 16:22 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\Mozilla
2016-06-21 15:49 - 2016-06-21 15:49 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\Sun
2016-06-21 15:41 - 2016-06-21 15:41 - 00000000 ____D C:\Users\Luke\AppData\Roaming\HpUpdate
2016-06-21 15:39 - 2016-06-21 15:39 - 00000000 ____D C:\Users\Luke\AppData\Local\Dell
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Roxio
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Fingertapps
2016-06-21 15:37 - 2016-06-21 15:37 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dell
2016-06-21 15:36 - 2016-06-21 15:36 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Intel Corporation
2016-06-21 15:36 - 2016-06-21 15:36 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Dell Touch Zone
2016-06-20 12:22 - 2016-06-20 12:24 - 00041717 _____ C:\Users\Luke\Downloads\Addition.txt
2016-06-20 12:19 - 2016-06-25 08:48 - 00050281 _____ C:\Users\Luke\Downloads\FRST.txt
2016-06-20 12:18 - 2016-06-27 10:09 - 00000000 ____D C:\FRST
2016-06-20 12:17 - 2016-06-27 10:09 - 02389504 _____ (Farbar) C:\Users\Luke\Desktop\FRST64.exe
2016-06-20 12:04 - 2016-06-20 12:04 - 01610816 _____ (Malwarebytes) C:\Users\Luke\Downloads\JRT.exe
2016-06-20 11:48 - 2016-06-25 17:29 - 00000000 ____D C:\AdwCleaner
2016-06-20 11:48 - 2016-06-20 11:48 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner(1).exe
2016-06-20 11:46 - 2016-06-20 11:46 - 03703360 _____ C:\Users\Luke\Downloads\AdwCleaner.exe
2016-06-20 11:44 - 2016-06-20 11:44 - 00000000 ____D C:\Users\Luke\AppData\Local\Macromedia
2016-06-20 11:38 - 2016-06-20 11:45 - 00000000 ____D C:\Users\Luke\AppData\Local\Mozilla
2016-06-20 11:38 - 2016-06-20 11:39 - 00000000 ____D C:\Users\Luke\AppData\Roaming\Mozilla
2016-06-20 11:37 - 2016-06-20 11:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-20 11:37 - 2016-06-20 11:37 - 00001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00001153 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-20 11:37 - 2016-06-20 11:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-20 11:35 - 2016-06-20 11:36 - 00242136 _____ C:\Users\Luke\Desktop\Firefox Setup Stub 47.0.exe
2016-06-17 20:23 - 2016-05-23 19:37 - 00394960 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-06-17 20:23 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-06-17 20:23 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-06-17 20:23 - 2016-05-20 18:27 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:27 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-06-17 20:23 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-06-17 20:23 - 2016-05-20 18:10 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-06-17 20:23 - 2016-05-20 18:09 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-06-17 20:23 - 2016-05-20 18:09 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 02895360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-06-17 20:23 - 2016-05-20 18:08 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 18:02 - 06051328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-06-17 20:23 - 2016-05-20 18:00 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:59 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-06-17 20:23 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-06-17 20:23 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:54 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:54 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-06-17 20:23 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-06-17 20:23 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-06-17 20:23 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-06-17 20:23 - 2016-05-20 17:45 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-06-17 20:23 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-06-17 20:23 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-06-17 20:23 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-06-17 20:23 - 2016-05-20 17:41 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-06-17 20:23 - 2016-05-20 17:33 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:32 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-17 20:23 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-06-17 20:23 - 2016-05-20 17:25 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-06-17 20:23 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-06-17 20:23 - 2016-05-20 17:22 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-06-17 20:23 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-06-17 20:23 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-06-17 20:23 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-06-17 20:23 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 15420928 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-06-17 20:23 - 2016-05-20 17:11 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-06-17 20:23 - 2016-05-20 17:09 - 00725504 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-06-17 20:23 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 17:08 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-06-17 20:23 - 2016-05-20 17:06 - 02131968 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-06-17 20:23 - 2016-05-20 16:46 - 02597888 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-06-17 20:23 - 2016-05-20 16:34 - 01544192 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-06-17 20:23 - 2016-05-20 16:23 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-06-17 20:22 - 2016-05-21 13:28 - 25802752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-06-17 20:22 - 2016-05-20 17:28 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-06-17 15:24 - 2016-06-21 16:08 - 00000000 ____D C:\Users\Luke\AppData\Roaming\TeamViewer
2016-06-17 13:04 - 2016-05-18 12:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-06-17 13:04 - 2016-05-18 12:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-06-17 13:04 - 2016-05-12 13:15 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-06-17 13:04 - 2016-05-12 13:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-06-17 13:04 - 2016-05-12 13:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-06-17 13:04 - 2016-05-12 11:18 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-06-17 13:04 - 2016-05-11 13:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-06-17 13:04 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-06-17 13:04 - 2016-05-11 11:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-06-17 13:04 - 2016-05-11 10:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-06-17 13:03 - 2016-05-12 13:20 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-06-17 13:03 - 2016-05-12 13:15 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 13:15 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-06-17 13:03 - 2016-05-12 13:14 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-06-17 13:03 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-06-17 13:03 - 2016-05-12 11:05 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-06-17 13:03 - 2016-05-12 10:58 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-06-17 13:03 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-06-17 13:03 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-06-17 13:03 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-06-17 13:03 - 2016-05-12 09:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-06-17 13:03 - 2016-05-12 09:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-06-17 13:03 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-06-17 13:02 - 2016-06-06 12:58 - 00041704 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-06-17 13:02 - 2016-06-06 12:50 - 01204224 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-06-17 13:02 - 2016-06-03 09:05 - 01413120 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00569856 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00544256 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-06-17 13:02 - 2016-05-27 09:06 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\centel.dll
2016-06-17 13:02 - 2016-05-22 09:06 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-06-17 13:02 - 2016-05-13 18:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-06-17 13:02 - 2016-05-13 18:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-06-17 13:02 - 2016-05-13 17:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-06-17 13:02 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-06-17 13:02 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-06-17 13:02 - 2016-05-12 11:03 - 03217408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-06-17 13:02 - 2016-05-11 13:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-06-17 13:02 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-06-17 13:02 - 2016-04-09 02:58 - 14186496 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:57 - 01867776 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 12881408 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-06-17 13:02 - 2016-04-09 02:54 - 01499648 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-06-17 13:02 - 2016-04-09 01:53 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-06-17 13:02 - 2016-04-09 01:44 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-06-17 13:02 - 2016-03-09 15:00 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2016-06-17 13:02 - 2016-03-09 14:40 - 00316416 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2016-06-17 13:01 - 2016-04-14 12:46 - 00114408 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-06-17 13:01 - 2016-04-14 12:42 - 03243520 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-06-17 13:01 - 2016-04-14 12:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-06-17 13:01 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-06-17 13:01 - 2016-04-14 11:19 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-06-17 13:01 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-06-08 17:27 - 2016-06-08 17:27 - 04260592 _____ C:\Users\Luke\Desktop\trim66.7087D436-D603-4598-923A-6C6D86AC154C.MOV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-27 09:58 - 2013-12-18 11:08 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-06-27 09:53 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-27 09:53 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-27 09:48 - 2014-10-10 15:28 - 00000000 ____D C:\Users\Luke\Desktop\QuickBooksAutoDataRecovery
2016-06-27 09:45 - 2015-06-22 12:23 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-27 09:42 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-06-27 09:41 - 2011-09-15 10:35 - 00000000 ____D C:\Program Files (x86)\Lexmark Fax Solutions
2016-06-27 09:40 - 2011-09-15 10:31 - 00072493 _____ C:\windows\system32\LexFiles.ulf
2016-06-27 09:40 - 2011-08-24 03:13 - 00000000 ____D C:\Program Files\mcafee
2016-06-27 09:40 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-06-27 09:39 - 2011-08-24 03:13 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-06-27 09:31 - 2011-09-21 11:02 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA.job
2016-06-27 08:31 - 2009-07-14 01:13 - 00782470 _____ C:\windows\system32\PerfStringBackup.INI
2016-06-27 08:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
2016-06-27 08:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-06-26 14:45 - 2011-09-21 11:02 - 00000860 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core.job
2016-06-26 11:14 - 2013-03-21 21:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-26 11:14 - 2013-03-21 21:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-25 19:34 - 2013-03-21 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-25 18:04 - 2011-09-11 14:04 - 00000000 ____D C:\Program Files\Microsoft Office
2016-06-25 18:04 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-25 18:03 - 2015-06-30 11:20 - 00000000 ____D C:\Users\Luke\AppData\Roaming\SoftGrid Client
2016-06-25 17:35 - 2014-10-10 10:55 - 00000000 ____D C:\Users\QBDataServiceUser24
2016-06-25 17:34 - 2015-06-22 17:19 - 00000000 ____D C:\Users\Luke
2016-06-25 17:33 - 2011-10-08 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Desktop
2016-06-25 17:31 - 2015-04-04 20:56 - 00000000 ___SD C:\windows\system32\GWX
2016-06-25 17:31 - 2011-11-18 10:28 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC
2016-06-25 17:31 - 2011-11-18 10:27 - 00000000 ____D C:\Users\Richard P. Luke
2016-06-25 17:31 - 2011-09-02 10:07 - 00000000 ____D C:\Users\rpluke
2016-06-25 17:30 - 2015-09-08 17:36 - 00000000 ____D C:\Users\Luke\Documents\HpReg_Backup
2016-06-25 17:30 - 2014-11-07 21:33 - 00000000 ____D C:\Users\Luke\Downloads\HP Downloads
2016-06-25 17:30 - 2014-10-20 11:26 - 00000000 ____D C:\quickbooks files
2016-06-25 17:30 - 2012-07-19 13:21 - 00000000 ____D C:\Users\Luke\Desktop\Dad's USB Drive
2016-06-25 17:29 - 2011-10-08 10:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-25 17:29 - 2011-09-09 09:08 - 00000000 ____D C:\FIND_EULA_PATH
2016-06-25 17:29 - 2011-08-24 02:38 - 00000000 ____D C:\Program Files\DellTPad
2016-06-25 17:29 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-06-25 17:16 - 2015-06-28 21:07 - 00000000 ____D C:\Users\Luke\AppData\Local\Google
2016-06-25 15:57 - 2015-06-29 12:20 - 00000000 ____D C:\Users\Luke\AppData\LocalLow\Temp
2016-06-25 15:50 - 2014-10-22 19:01 - 00000000 ____D C:\Users\rpluke\AppData\LocalLow\Temp
2016-06-21 16:29 - 2015-06-22 17:22 - 00283976 _____ C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:28 - 2009-07-14 00:45 - 00872760 _____ C:\windows\system32\FNTCACHE.DAT
2016-06-21 16:21 - 2011-11-21 08:15 - 00283976 _____ C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-21 16:07 - 2011-11-18 10:23 - 00000000 ____D C:\ProgramData\Carbonite
2016-06-21 15:57 - 2011-08-24 03:06 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-06-21 15:37 - 2011-08-24 03:01 - 00000000 ____D C:\ProgramData\Sonic
2016-06-21 15:36 - 2015-06-22 18:31 - 00000000 ____D C:\Users\Luke\AppData\Local\Intuit
2016-06-21 15:32 - 2015-06-21 15:38 - 00000000 ____D C:\windows\pss
2016-06-19 15:03 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-06-18 13:20 - 2011-11-21 08:15 - 00000000 ____D C:\Users\Richard P. Luke.rpluke-PC\AppData\Local\Google
2016-06-18 11:01 - 2014-12-11 04:35 - 00000000 ____D C:\windows\system32\appraiser
2016-06-17 20:39 - 2013-08-15 03:02 - 00000000 ____D C:\windows\system32\MRT
2016-06-17 20:20 - 2011-09-06 09:21 - 142482544 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-06-16 16:50 - 2013-12-18 11:08 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 16:50 - 2013-12-18 11:08 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-06-16 16:50 - 2011-08-24 02:31 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-15 16:40 - 2010-11-20 23:27 - 00484008 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2016-06-14 19:31 - 2013-12-16 18:29 - 00889344 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.bcf
2016-06-14 19:31 - 2013-12-16 18:29 - 00330643 _____ C:\Users\Luke\Documents\Christmas Card List 2013.mlb
2016-06-14 19:31 - 2013-12-16 18:29 - 00002396 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.fsif
2016-06-14 19:31 - 2013-12-16 18:29 - 00001748 _____ C:\Users\Luke\Documents\Christmas Card List 2013mlb.msif
2016-06-14 07:46 - 2009-07-14 01:08 - 00032616 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-06-02 12:41 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing

==================== Files in the root of some directories =======

2013-07-26 14:18 - 2013-07-26 14:18 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\rpluke\jagex_runescape_preferences.dat
C:\Users\rpluke\jagex_runescape_preferences2.dat

Some files in TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\HPPSdr.exe
C:\Users\rpluke\AppData\Local\Temp\Abspdf.exe
C:\Users\rpluke\AppData\Local\Temp\acfpdfu.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfui.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\rpluke\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\rpluke\AppData\Local\Temp\cdintf.dll
C:\Users\rpluke\AppData\Local\Temp\dplinst.exe
C:\Users\rpluke\AppData\Local\Temp\GUR45B7.exe
C:\Users\rpluke\AppData\Local\Temp\GURC68D.exe
C:\Users\rpluke\AppData\Local\Temp\install_reader11_en_gtbp_chrd_aih.exe
C:\Users\rpluke\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\rpluke\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\rpluke\AppData\Local\Temp\PDFPRT400.exe
C:\Users\rpluke\AppData\Local\Temp\setup.exe
C:\Users\rpluke\AppData\Local\Temp\utz_bhus.dll
C:\Users\rpluke\AppData\Local\Temp\xmllite.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-06-19 14:54

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by Luke (2016-06-27 10:11:37)
Running from C:\Users\Luke\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-09-02 14:07:24)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2233979149-4233434921-1847507767-500 - Administrator - Disabled)
Guest (S-1-5-21-2233979149-4233434921-1847507767-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2233979149-4233434921-1847507767-1002 - Limited - Enabled)
Luke (S-1-5-21-2233979149-4233434921-1847507767-1006 - Administrator - Enabled) => C:\Users\Luke
QBDataServiceUser24 (S-1-5-21-2233979149-4233434921-1847507767-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser24
Richard P. Luke (S-1-5-21-2233979149-4233434921-1847507767-1004 - Limited - Enabled) => C:\Users\Richard P. Luke.rpluke-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Active@ UNDELETE (HKLM-x32\...\Active@ UNDELETE) (Version: - )
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Citrix Online Launcher (HKLM-x32\...\{F82C81F9-ADB5-42BD-AFE9-DD5DFDD215E3}) (Version: 1.0.135 - Citrix)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
Cozi (HKLM-x32\...\{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}) (Version: 1.0.6505.38692 - Cozi Group, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.2.2.0 - Dell Inc.) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{89263C19-557E-4D23-AAD7-113F6175DFC1}) (Version: 1.5.402.0 - Fingertapps)
Dell Perks Webslice IE8 (HKLM-x32\...\{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}) (Version: 8.0 - Nextjump Inc)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.81 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.3.60494 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell Update (HKLM-x32\...\{3F862535-33F3-4F3F-864E-6D4F6FD3258D}) (Version: 1.5.2000.0 - Dell Inc.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DJ3525FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
Google Desktop (HKLM-x32\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 3500-4500 Series (HKLM\...\Lexmark 3500-4500 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyLabel Designer Deluxe (HKLM-x32\...\{9D9C6FD3-1B43-43D7-AA90-94E643A312BD}) (Version: 8.0.0.0 - Avanquest USA, LLC)
MySoftware Fonts (HKLM-x32\...\{6C6F0968-2B86-42B4-AF34-46A5F06E8FA4}) (Version: - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickBooks (x32 Version: 19.0.4013.705 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 24.0.4008.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4013.705 - Intuit Inc.)
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
TrustedID (HKLM-x32\...\{C16A92EF-017B-4839-9C75-FBADB5A1FA27}) (Version: 5.0 - TrustedID)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11C4BCB3-8A1C-4368-B46C-52905D4403C2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {26E617DA-163A-4F66-9ED3-D18DD288DDF8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {2CDE5F3D-7D9E-47F0-A672-29A6C490909A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-04-10] (Dell Inc.)
Task: {444C5634-3F5A-4396-B7F1-82B27BEA3BF0} - System32\Tasks\HP AR Program Upload - dd2e32d36bfe40a8b0cf07d42bd4d6bda15b567946f544b9949c33df5709b460 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {674F62FD-D05C-48F3-9426-1A1903AE89D2} - System32\Tasks\HP AR Program Upload - 6d2525a27ac8449180447fcae82a2d22da66b744b29f49dd8f7d8fa00bd0b9fd => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {7ECA217F-5EE4-4560-B3AF-526CFF0F0A60} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {96C07585-2EAF-4114-9CAC-877B5F0850E2} - System32\Tasks\HP AR Program Upload - 76c7104eb58a416aa85a7ca45c9fb712aef1dcc13fdb43eaa35083e39f220e7b => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {AE7CFAA2-DBE3-4DBF-A406-0785460148B8} - System32\Tasks\HP AR Program Upload - e0d9687ddc9f4a35a00d0350b09537311c9d80ef6c914328950fdeb93110cd84 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {D941DBEE-4100-4D21-97AC-1C223C3A411D} - System32\Tasks\HP AR Program Upload - 1eb4c2c179694a67862cbc719146cc70331380debe5d469aa3a893b8cd2f0634 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {DF0BD2CB-9181-4963-9944-BC77E569EC70} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {E58A50C8-9C7C-4ADF-BC37-7EE3E50A46F6} - System32\Tasks\HP AR Program Upload - 70005777ff9e4cb883863b5be266bc003b494f40cae8441999dec37560dc9b31 => C:\Program Files\HP\HP Deskjet 3520 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {FAE2DFEB-6B9B-4BBF-AADB-65428518989D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000Core.job => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2233979149-4233434921-1847507767-1000UA.job => C:\Users\rpluke\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Checks & More for QuickBooks.lnk -> hxxp://www.intuitmarket.com/Desktop08 (No File)

==================== Loaded Modules (Whitelisted) ==============

2010-12-17 14:53 - 2010-12-17 14:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-09-15 10:36 - 2007-02-22 03:15 - 00045056 _____ () C:\windows\System32\LXF3PMON.DLL
2011-09-15 10:36 - 2006-11-07 11:02 - 00036864 _____ () C:\windows\System32\LXF3OEM.DLL
2011-09-15 10:36 - 2007-02-22 03:15 - 00003584 _____ () C:\windows\System32\LXF3PMRC.DLL
2012-03-18 14:05 - 2007-03-15 23:11 - 00138240 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdidrpp.dll
2007-02-07 03:31 - 2007-02-07 03:31 - 01389568 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxdiptpc.dll
2007-03-15 23:12 - 2007-03-15 23:12 - 00180224 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxdidrui.dll
2011-08-24 04:46 - 2011-04-10 14:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-18 14:03 - 2009-04-27 13:30 - 00434856 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
2012-03-18 14:03 - 2009-04-27 13:30 - 00025256 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-05-30 10:30 - 2011-05-30 10:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2012-03-18 14:03 - 2007-03-23 15:41 - 00278528 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiscw.dll
2012-03-18 14:03 - 2007-03-05 10:45 - 00589824 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdidatr.dll
2012-03-18 14:03 - 2006-12-28 11:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdicats.dll
2012-03-18 14:03 - 2007-05-02 05:11 - 00040960 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
2012-03-18 14:03 - 2007-05-02 05:11 - 00028672 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
2012-03-18 14:03 - 2007-05-02 05:10 - 00057344 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
2012-03-18 14:03 - 2007-04-30 08:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
2012-03-18 14:03 - 2007-04-30 08:19 - 00020480 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
2012-03-18 14:03 - 2007-04-30 08:20 - 00011776 _____ () C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2014-06-26 06:42 - 2014-06-26 06:42 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2014-12-10 07:29 - 2014-12-10 07:29 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2014-12-10 07:30 - 2014-12-10 07:30 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2016-05-12 09:36 - 2016-05-12 09:36 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2011-08-24 02:30 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2233979149-4233434921-1847507767-1006\Control Panel\Desktop\\Wallpaper -> C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{079215A6-BF79-4459-8886-5EBC2B5DB96E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF5B6C4F-EAEE-4450-9E6B-34A3A7AD617D}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{3964FFF7-1505-4795-9C22-2FDA598B9456}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{EE784847-1C86-4196-BD48-66BA38354734}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{7A796783-E2A7-44F3-9227-D4FD620E10C6}] => (Allow) LPort=2869
FirewallRules: [{FE1805EB-EC81-4973-95D3-692D36E2E53D}] => (Allow) LPort=1900
FirewallRules: [{808C7C1B-DA7D-4046-8B02-6C47E121F8C6}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{063E5A9D-4C1C-42E6-A363-338EDC3E3291}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{2FC72722-6563-4D15-9932-CB7BD0AB6F69}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [{95AF1FD2-3071-446F-B5E2-689A1769A4FC}] => (Allow) C:\Windows\SysWOW64\lxdicoms.exe
FirewallRules: [TCP Query User{F37DE1F0-5B7C-42FF-949D-A1650B68A7E3}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe
FirewallRules: [UDP Query User{CFEFEC3F-C83C-4B36-8888-C406532ABAE0}C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\lxdimon.exe
FirewallRules: [TCP Query User{9A67A706-9EC6-4609-8F86-3C757010A078}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe] => (Allow) C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe
FirewallRules: [UDP Query User{468659C3-FD6B-4A15-9547-AC39C78EEE05}C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe] => (Allow) C:\program files (x86)\lexmark 3500-4500 series\lxdiamon.exe
FirewallRules: [{F6DC4C70-C457-474A-91E3-327A0FD6738C}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\TroubleShooter.exe
FirewallRules: [{A5322586-2D4E-44B5-A436-E2577A83AAAC}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\TroubleShooter.exe
FirewallRules: [{A7E9D9FE-EE7E-4C93-BB3F-8B95F092ECD7}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\ToolbarUpdate.exe
FirewallRules: [{8B80A696-81CC-452A-822A-3AA1E1C6B273}] => (Allow) C:\Program Files (x86)\Dogpile Bundle Toolbar\ToolbarUpdate.exe
FirewallRules: [{7899ABE3-E347-42F9-A9E2-7D27FF4C8C51}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{2BC0CBEC-F6DC-4316-9C02-D992B9B43532}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{C9413B91-66FE-4355-A565-7F2458DF79D0}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{7DE07FEF-D64C-4BF9-9E01-5AC694E9A7B8}] => (Allow) C:\Program Files (x86)\Lexmark Fax Solutions\FaxCtr.exe
FirewallRules: [{3393369D-64BA-4D99-9305-F69FCEA7A8A1}] => (Allow) C:\Windows\System32\lxdicoms.exe
FirewallRules: [{B32873C6-2F12-4403-BC4F-235D69E57A8C}] => (Allow) C:\Windows\System32\lxdicoms.exe
FirewallRules: [{4E4ADBF0-8EF1-4390-910B-627C0F5F03F0}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
FirewallRules: [{8C0F74C2-A5D9-4303-8281-3988F60EB191}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
FirewallRules: [{2DC415E6-9BDE-48D2-BC2C-CB8A3725B6CD}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{ECF96635-2407-41CA-B95F-9B6A98E269B1}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\App4R.exe
FirewallRules: [{CC22EBB9-8566-432A-9513-33DA4C8404C7}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
FirewallRules: [{8ACB1EFE-B7A8-4CA5-BDC9-D60A9BB43B26}] => (Allow) C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
FirewallRules: [{0AE9C3A0-30BB-42F0-9910-C566BAF44146}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{ED301484-C6DB-49FA-AE29-BF0F0502CD2D}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdipswx.exe
FirewallRules: [{9BEE3BFC-FAD4-464B-9A3F-62D777F25827}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxditime.exe
FirewallRules: [{3FF5C28E-AF83-404F-9883-B377B63D8ECF}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxditime.exe
FirewallRules: [TCP Query User{12DE12EB-AC98-4F32-B093-B2874E82F10B}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [UDP Query User{7FDC8DF9-FB38-4A14-B8DD-4EF44C4A2A1D}C:\program files (x86)\lexmark 3500-4500 series\app4r.exe] => (Block) C:\program files (x86)\lexmark 3500-4500 series\app4r.exe
FirewallRules: [{09002221-659D-4010-847A-66A9FFDE31F5}] => (Allow) C:\Users\rpluke\AppData\Local\Temp\7zS3B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{E9E1D0E8-8D0E-40E0-921B-3AF31D65498B}] => (Allow) C:\Users\rpluke\AppData\Local\Temp\7zS3B4B\HPDiagnosticCoreUI.exe
FirewallRules: [{0B585A8D-71B6-475C-AF20-0C009F2AB9B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{2DDF5073-E980-4BC9-9723-31A59DF65904}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{606A2E2D-B46F-407A-8C02-15FB53393830}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DCC4C21C-C5AC-4D1A-BBC9-493C759841B5}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{A6097FE0-F416-4A39-BDAE-5A7357007BD3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D575371B-1787-431A-96D4-556838FB5AFB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E0EBF8E7-2245-4FB1-9FE8-728D35E66386}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{D4CEF7DC-38AF-450C-84CC-8D33E3F17FBE}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0DC1\HPDiagnosticCoreUI.exe
FirewallRules: [{D5729D92-8CBC-4F89-8C2E-4F9203FF844E}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0DC1\HPDiagnosticCoreUI.exe
FirewallRules: [{06401AFB-6083-47FB-BE89-3B1C591E55BD}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0E5E\HPDiagnosticCoreUI.exe
FirewallRules: [{D831BA0C-5BB8-4EDC-8DC5-C6FBF07100F3}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS0E5E\HPDiagnosticCoreUI.exe
FirewallRules: [{335171AA-0E6C-4B20-83C8-A1649F8DC453}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS453C\HPDiagnosticCoreUI.exe
FirewallRules: [{B4BB8DFD-D915-481B-B621-287D903063E8}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS453C\HPDiagnosticCoreUI.exe
FirewallRules: [{86FFFB19-12A8-496C-9B8D-4F05330994AF}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5D7D\HPDiagnosticCoreUI.exe
FirewallRules: [{6988605F-CC62-40C4-9F69-F4AB8FEBA928}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5D7D\HPDiagnosticCoreUI.exe
FirewallRules: [{70E434C9-E424-4941-9672-4F09C16D0FCD}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5DF9\HPDiagnosticCoreUI.exe
FirewallRules: [{2267C23E-E837-4C15-9FA0-D86BC748258F}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS5DF9\HPDiagnosticCoreUI.exe
FirewallRules: [{147D715F-5D23-400C-B6C3-9385CB53A5A3}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS62DB\HPDiagnosticCoreUI.exe
FirewallRules: [{E6F25767-36A2-4D20-BC4B-E5D443A26A82}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS62DB\HPDiagnosticCoreUI.exe
FirewallRules: [{F4A72FA3-5AA9-4101-B8A7-84FF699BFC95}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS7D97\HPDiagnosticCoreUI.exe
FirewallRules: [{F625FE3E-A002-4B91-8EC7-A6BBEBB0ACA8}] => (Allow) C:\Users\Luke\AppData\Local\Temp\7zS7D97\HPDiagnosticCoreUI.exe
FirewallRules: [{70937669-BFCB-454D-9CB1-66DBF5B5A815}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B7E591D6-46E9-42C5-8A33-7C07FDD14CED}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

17-06-2016 20:08:22 Windows Update
18-06-2016 11:12:40 Windows Update
20-06-2016 12:06:20 JRT Pre-Junkware Removal
21-06-2016 15:25:05 Windows Update
21-06-2016 15:56:12 Removed Skype Toolbars
21-06-2016 15:57:06 Removed Skype Toolbars
21-06-2016 15:57:41 Removed SlimCleaner Plus
21-06-2016 15:58:38 Removed Java 7 Update 21
21-06-2016 16:05:30 Removed Java™ 6 Update 24 (64-bit)
24-06-2016 08:06:49 Windows Update
24-06-2016 08:16:55 Windows Update
25-06-2016 17:09:15 Restore Operation
25-06-2016 17:41:16 Removed Microsoft Office Enterprise 2007
25-06-2016 17:52:00 Windows Update
25-06-2016 18:03:27 Removed Microsoft Office Click-to-Run 2010
25-06-2016 19:31:29 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/27/2016 09:43:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/26/2016 03:00:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2120

Start Time: 01d1cfdc9f002cc8

Termination Time: 140

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/26/2016 02:57:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18347 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a90

Start Time: 01d1cfbebee33941

Termination Time: 199

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/26/2016 11:52:25 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/26/2016 11:17:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2016 07:31:33 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {9b61188a-85b7-499c-853d-af18ef833c12}

Error: (06/25/2016 06:08:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/25/2016 06:03:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {b0c915ed-a495-4220-aa3c-1f424caece4d}

Error: (06/25/2016 05:52:01 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2233979149-4233434921-1847507767-1000.bak). hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {831031b4-73d0-4bc5-8692-7a5045c72d70}

Error: (06/25/2016 05:49:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program setup.exe version 12.0.6606.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11cc

Start Time: 01d1cf2a3513f430

Termination Time: 0

Application Path: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe

Report Id:

System errors:
=============
Error: (06/27/2016 09:48:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Intel® Management and Security Application User Notification Service service depends on the Intel® Management and Security Application Local Management Service service which failed to start because of the following error:
%%193

Error: (06/27/2016 09:48:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:46:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Management and Security Application Local Management Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:45:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:45:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:45:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:45:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:45:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:44:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error:
%%193

Error: (06/27/2016 09:44:29 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 193RegSrvc-Service{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 71%
Total physical RAM: 2979.17 MB
Available physical RAM: 839.05 MB
Total Virtual: 5956.53 MB
Available Virtual: 3319.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:206.24 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 71895B4D)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#12
RKinner

Posted 27 June 2016 - 09:00 AM

Malware Expert

Expert
24,625 posts

Try this one:

https://support.micr...n-us/kb/2545227

That's where it is today.

Rerun AdwCleaner again as before.

#13
monkeyboyblues

Posted 27 June 2016 - 10:04 AM

Member

Topic Starter
Member
146 posts

still no download link for FIX IT

# AdwCleaner v5.200 - Logfile created 27/06/2016 at 12:01:28
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-26.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Luke - RPLUKE-PC
# Running from : C:\Users\Luke\Downloads\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4906 bytes] - [20/06/2016 11:54:11]
C:\AdwCleaner\AdwCleaner[S1].txt - [4545 bytes] - [20/06/2016 11:49:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [788 bytes] - [27/06/2016 12:01:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [860 bytes] ##########