Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow computer


  • This topic is locked This topic is locked

#1
John Aukerman

John Aukerman

    Member

  • Member
  • PipPipPip
  • 204 posts

I am attempting to post my FRST and Addition logs. Keep getting message:

 

403 Forbidden

A potentially unsafe operation has been detected in your request to this site.


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Can you try posting them once more, if you're using preview don't, just post the logs directly.

Joe
  • 0

#3
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by John (administrator) on MAPLEGROVE (26-08-2016 11:44:10)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Digital Care Solutions) C:\Program Files\BDServices\BitDefenderCOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2015-04-21] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-12-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\MountPoints2: H - H:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-07-02] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2016-04-29]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-08-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F72C64A-20C5-4AEF-B8F3-C328D039AE59}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKU\S-1-5-21-2994528611-1495046117-1799070532-1002 -> {9E0A3C5F-B569-4906-A0E7-57F18B98012D} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0A0EyB0B0AtC0DyBtDtAzyyEyByBzztCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0FtAtAtByByE0DtGtAyDyBtDtGzzyEtA0FtGtCtA0AzytGtAtBtD0FyC0A0FyE0DtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0CtCyCyBtBtG0D0D0EzztGyEyEtByBtGzy0CyB0CtG0A0Bzzzz0ByE0C0CyDzztCyB2Q%26cr%3D868409052%26a%3Dwny_dnldstr_15_12%26os%3DWindows 7 Professional&p={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-07-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-12] (Intel Security)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-07-02] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-12] (Intel Security)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\myzd5fce.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://mail.google.com/mail/u/0/#inbox
hxxps://www.aplos.com/aws/login
hxxps://www.pnc.com/en/personal-banking.html
hxxp://radio.securenetsystems.net/v5/WHBU
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-07-05]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-07-05]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.aplos.com/aws/login"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Avast Online Security) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-26]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-26]
CHR HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-07-02] (AVAST Software)
R2 BitDefenderCOM; C:\Program Files\BDServices\BitDefenderCom.exe [1012736 2016-06-24] (Digital Care Solutions) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel® Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-09] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2015-04-21] (Realtek Semiconductor)
R3 scan; C:\Program Files\BDServices\scan.dll [602456 2016-06-14] (Bitdefender)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [920616 2016-08-17] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-17] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-17] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-07-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-07-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108304 2016-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-07-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [473592 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [162904 2016-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3423720 2014-09-02] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2016-06-14] (BitDefender S.R.L.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 11:44 - 2016-08-26 11:45 - 00022213 _____ C:\Users\John\Desktop\FRST.txt
2016-08-26 11:43 - 2016-08-26 11:44 - 00000000 ____D C:\FRST
2016-08-26 11:31 - 2016-08-26 11:33 - 02396160 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-08-26 11:15 - 2016-08-26 11:15 - 00003124 _____ C:\Windows\System32\Tasks\SparkTrust Registration3
2016-08-26 11:15 - 2016-08-26 11:15 - 00000462 _____ C:\Windows\Tasks\SparkTrust Registration3.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00004078 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540
2016-08-26 11:14 - 2016-08-26 11:14 - 00003228 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3
2016-08-26 11:14 - 2016-08-26 11:14 - 00002896 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2016-08-26 11:14 - 2016-08-26 11:14 - 00002694 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup
2016-08-26 11:14 - 2016-08-26 11:14 - 00001365 _____ C:\Users\John\Desktop\SparkTrust PC Cleaner Plus.lnk
2016-08-26 11:14 - 2016-08-26 11:14 - 00000643 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000596 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000420 _____ C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000420 _____ C:\Windows\Tasks\SparkTrust Update Version3.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000000 ____D C:\Users\John\AppData\Roaming\SparkTrust
2016-08-26 11:14 - 2016-08-26 11:14 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2016-08-26 11:13 - 2016-08-26 11:14 - 00000000 ____D C:\ProgramData\SparkTrust
2016-08-26 11:13 - 2016-08-26 11:14 - 00000000 ____D C:\Program Files\BDServices
2016-08-26 11:13 - 2016-08-26 11:13 - 00000000 ____D C:\Program Files (x86)\SparkTrust
2016-08-26 11:09 - 2016-08-26 11:12 - 11090096 _____ (SparkTrust) C:\Users\John\Downloads\SparkTrust PC Cleaner Plus Setup_8524D454-1FE5-40C2-8F9D-9AF0A5D64FD1_.exe
2016-08-26 11:03 - 2016-08-26 11:03 - 00001668 _____ C:\Users\John\Desktop\Google Drive.lnk
2016-08-26 10:59 - 2016-08-26 10:59 - 00002050 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-08-26 10:59 - 2016-08-26 10:59 - 00002048 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-08-26 10:59 - 2016-08-26 10:59 - 00002038 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-08-26 10:59 - 2016-08-26 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-26 10:56 - 2016-08-26 10:56 - 01065376 _____ (Google Inc.) C:\Users\John\Desktop\googledrivesync.exe
2016-08-26 09:55 - 2016-08-26 10:37 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForJohn.job
2016-08-26 09:55 - 2016-08-26 09:55 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2016-08-16 14:03 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 14:03 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-16 13:46 - 2016-08-16 13:46 - 00248286 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70) (2).pdf
2016-08-16 13:44 - 2016-08-16 13:44 - 00248297 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70).pdf
2016-08-16 13:44 - 2016-08-16 13:44 - 00248288 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70) (1).pdf
2016-08-15 17:47 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-15 17:47 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-15 17:47 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-15 17:47 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-15 17:47 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-15 17:47 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-15 17:47 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-15 17:47 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-15 17:47 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-15 17:47 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-15 17:47 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-15 17:47 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-15 17:46 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-15 17:46 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-15 17:46 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-15 17:46 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-15 17:46 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-15 17:46 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-15 17:46 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-15 17:46 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-15 17:46 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-15 17:46 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-15 17:46 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-15 17:46 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-15 17:46 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-15 17:46 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-15 17:46 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-15 17:46 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-15 17:46 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-15 17:46 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-15 17:46 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-15 17:46 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-15 17:46 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-15 17:46 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-15 17:46 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-15 17:46 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-15 17:46 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-15 17:46 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-15 17:46 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-15 17:46 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-15 17:46 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-15 17:46 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-15 17:46 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-15 17:46 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-15 17:46 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-15 17:46 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-15 17:46 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-15 17:46 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-15 17:46 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-15 17:46 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-15 17:46 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-15 17:46 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-15 17:46 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-15 17:46 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-15 17:46 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-15 17:46 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-15 17:46 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-15 17:46 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-15 17:46 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-15 17:46 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-15 17:46 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-15 17:46 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-15 17:46 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-15 17:46 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-15 17:46 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-15 17:46 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-15 17:46 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-15 17:46 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-15 17:45 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-15 10:42 - 2016-08-15 10:42 - 00019354 _____ C:\Users\Karen\Downloads\GWRRA Ladies Retreat 2016.PDF
2016-08-15 10:42 - 2016-08-15 10:42 - 00019354 _____ C:\Users\Karen\Downloads\GWRRA Ladies Retreat 2016 (1).PDF
2016-08-09 11:08 - 2016-08-09 11:08 - 00324047 _____ C:\Users\Karen\Downloads\2016 Reconciliation Picnic Flier -FINAL_6-14.pdf
2016-08-09 10:09 - 2016-08-09 10:09 - 13548771 _____ C:\Users\Karen\Downloads\Kihms3W July 2016 Newsletter.pdf
2016-08-04 14:40 - 2016-08-04 14:40 - 00248192 _____ C:\Users\Karen\Downloads\PAYROLL- 8-5-2016 (69) (1).pdf
2016-08-04 14:38 - 2016-08-04 14:38 - 00248176 _____ C:\Users\Karen\Downloads\PAYROLL- 8-5-2016 (69).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-26 11:36 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-26 11:36 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-26 11:09 - 2015-03-16 09:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-26 11:03 - 2015-06-23 14:21 - 00000000 ___RD C:\Users\John\Google Drive
2016-08-26 10:59 - 2015-03-16 09:45 - 00000000 ____D C:\Users\John\AppData\Local\Google
2016-08-26 10:59 - 2015-03-16 09:45 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-26 10:48 - 2015-03-16 11:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-26 10:46 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-26 10:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-08-26 10:42 - 2014-04-02 04:31 - 00000000 ____D C:\ProgramData\PDFC
2016-08-26 10:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-26 09:39 - 2015-03-06 12:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A31D05A0-4A77-4D7D-9C5B-3B7EB0D692F8}
2016-08-26 09:32 - 2016-04-21 12:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-08-26 09:32 - 2016-04-21 11:57 - 00000000 ____D C:\Program Files\TrueKey
2016-08-19 10:17 - 2016-04-21 12:09 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-08-19 10:13 - 2009-07-14 01:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-18 15:48 - 2015-04-22 11:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36D9C53B-37EF-4B56-AF55-4CCDF8D010ED}
2016-08-18 14:44 - 2015-05-19 12:48 - 00000000 ____D C:\Users\Karen\Desktop\Newsletter Info
2016-08-18 09:50 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Forms
2016-08-18 09:06 - 2015-11-30 09:53 - 00000000 ___RD C:\Users\Karen\Google Drive
2016-08-17 17:00 - 2015-05-19 12:50 - 00018201 _____ C:\Users\Karen\Documents\Scripture & Offertory Rotation.xlsx
2016-08-17 11:34 - 2015-11-19 14:56 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKaren
2016-08-17 11:34 - 2015-11-19 14:56 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKaren.job
2016-08-17 11:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-08-16 16:03 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Avery Templates
2016-08-16 15:48 - 2015-05-19 12:49 - 00011769 _____ C:\Users\Karen\Documents\Birthdays - Annivesaries 2015.xlsx
2016-08-16 15:48 - 2015-05-19 12:49 - 00011493 _____ C:\Users\Karen\Documents\Birthdays - Anniversaries 2015 (2).xlsx
2016-08-16 13:33 - 2009-07-14 00:45 - 00452208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-15 19:09 - 2015-04-14 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-15 19:07 - 2009-07-13 22:34 - 00000580 _____ C:\Windows\win.ini
2016-08-15 19:06 - 2015-03-31 14:25 - 00000000 ____D C:\Windows\system32\MRT
2016-08-15 18:52 - 2015-03-31 14:25 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-09 15:16 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Correspondence
2016-08-05 13:34 - 2016-06-17 10:31 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-08-05 13:21 - 2016-06-17 10:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-05 13:20 - 2014-04-02 04:28 - 00000000 ____D C:\ProgramData\Skype
2016-08-05 10:11 - 2015-03-16 09:48 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 09:55 - 2016-02-25 12:44 - 00292704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-08-02 14:31 - 2015-12-15 15:31 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMAPLEGROVE$
2016-08-02 14:31 - 2015-12-15 15:31 - 00000346 _____ C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job
2016-08-02 10:55 - 2015-05-04 13:43 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-29 12:04 - 2015-03-16 09:45 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 12:04 - 2015-03-16 09:45 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-29 12:04 - 2015-03-16 09:45 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-27 15:25 - 2010-11-20 23:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-02-24 13:45 - 2016-02-24 13:58 - 6103040 _____ () C:\Program Files (x86)\GUTE12B.tmp
2016-08-26 11:14 - 2016-08-26 11:43 - 0000115 _____ () C:\Users\John\AppData\Roaming\LogFile.txt
2015-07-14 13:29 - 2015-07-14 13:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-10 14:35 - 2015-11-10 14:56 - 15102356 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-05-19 14:21 - 2015-05-19 14:22 - 2001298 _____ () C:\ProgramData\hpdam_install_log.txt
2015-04-21 13:41 - 2015-04-21 13:41 - 1034462 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-08-04 13:24 - 2015-08-04 13:25 - 0040378 _____ () C:\ProgramData\HPTrustCircles_Install_Log.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-17 11:02

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by John (26-08-2016 11:46:17)
Running from C:\Users\John\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-06 16:51:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2994528611-1495046117-1799070532-500 - Administrator - Disabled)
Guest (S-1-5-21-2994528611-1495046117-1799070532-501 - Limited - Disabled)
John (S-1-5-21-2994528611-1495046117-1799070532-1002 - Administrator - Enabled) => C:\Users\John
Karen (S-1-5-21-2994528611-1495046117-1799070532-1003 - Limited - Enabled) => C:\Users\Karen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.1.2272 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{85D645CF-0F3B-477A-A9C9-194917F1A75B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.5.151.1 - Intel Security)
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickBooks (x32 Version: 23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2013 (HKLM-x32\...\{38874F22-DDAA-4A43-8F1B-6ED2D0BF063A}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (x32 Version: 1.48.2066.114 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
SparkTrust PC Cleaner Plus (HKLM-x32\...\{35827710-D042-428B-A1E5-E20E12D2FEB9}) (Version: 3.3.15.1 - SparkTrust) <==== ATTENTION
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06290AFA-84EE-4B32-B5C8-C35C128CD928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0CE3B313-2ED6-4A07-B5AF-221CC36C3B85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {10205207-CC5C-4BF0-B155-41DFB8F32A76} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {1B8A4FF8-3FDA-4375-8B2C-9EFE688C8A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {1C4428C0-0CD7-4D67-817C-C624C4525304} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-08-19] (SparkTrust Systems) <==== ATTENTION
Task: {2C1FB549-6E5A-46CC-97A7-0CA629513DDB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {30312CF7-C869-4877-8E09-538D0BDEF748} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {35FABFE7-6271-4B18-9593-1F8E8E293947} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-08-19] (SparkTrust) <==== ATTENTION
Task: {394DF74F-D3B1-44FD-9045-F58E07BB0904} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-07-02] (AVAST Software)
Task: {42C6B70E-0215-44A4-A7F3-FD76E9A69713} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5722665F-91EE-458D-9777-ACF1728DCECB} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {5F199607-9718-48DE-B368-C732DA927181} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-08-19] (SparkTrust) <==== ATTENTION
Task: {5F656B7B-1C0C-49B8-AEA6-E9CFA74D3A9A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {6877BA5B-8AE2-4158-984A-1DFB05A901AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {94F675DC-2675-4DA2-A55E-5EAA45572729} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {97E529F4-0111-44CB-850A-9CB55101CFA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A3984152-5BDF-4825-9EA6-F065A549E99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A58CE342-E758-40F0-AF94-7ABB69ECF4D6} - System32\Tasks\HPCeeScheduleForMAPLEGROVE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B6A98587-34D1-4BFA-9E89-7C74642550E2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {BF9C44CE-54AD-4E69-8E9C-CD3B5D074430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {C0100212-2422-4C75-8B80-E4C886691E78} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C1F4C0A1-1CC6-4557-B881-06B36A2DFAC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CB0F1CA4-EEA6-4859-BEE8-0D044E2D1703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {CFE14E7D-A155-431A-BA5D-C8B5777306F4} - System32\Tasks\SafeZone scheduled Autoupdate 1458736363 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-06-17] (Avast Software)
Task: {D52E03A3-376B-4799-BA51-2AD0753FE75E} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-08-19] (SparkTrust Systems) <==== ATTENTION
Task: {DA4B78D1-8B3E-4F01-8594-98FC40B14F66} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E49515D1-99EC-4241-A1BB-1308E9F4F09D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F171FDEA-36E5-4382-A15E-D14E774BDF50} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe  C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-02 09:05 - 2016-07-02 09:05 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-26 09:33 - 2016-08-26 09:33 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16082601\algo.dll
2016-07-02 09:05 - 2016-07-02 09:05 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2016-05-09 09:28 - 2016-05-09 09:28 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2016-05-09 12:37 - 2016-05-09 12:37 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2016-05-09 12:40 - 2016-05-09 12:40 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2016-05-09 12:38 - 2016-05-09 12:38 - 00578840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2016-05-09 12:39 - 2016-05-09 12:39 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2016-07-02 09:06 - 2016-07-02 09:06 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-08-26 11:00 - 2016-08-26 11:00 - 00098816 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32api.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00110080 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\pywintypes27.dll
2016-08-26 10:59 - 2016-08-26 10:59 - 00364544 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\pythoncom27.dll
2016-08-26 11:00 - 2016-08-26 11:00 - 00320512 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32com.shell.shell.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00776704 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_hashlib.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 01176576 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._core_.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00806400 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._gdi_.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00816128 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._windows_.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 01067008 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._controls_.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00733184 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._misc_.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00682496 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\pysqlite2._sqlite.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_ctypes.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00119808 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32file.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00108544 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32security.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00007168 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\hashobjs_ext.pyd
2016-08-26 10:59 - 2016-08-26 11:00 - 00017920 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\thumbnails_ext.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\usb_ext.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00012800 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\common.time34.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00018432 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32event.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00167936 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32gui.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00046080 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_socket.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 01208320 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_ssl.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00128512 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_elementtree.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00127488 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\pyexpat.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00038912 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32inet.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00036864 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_psutil_windows.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00525208 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\windows._lib_cacheinvalidation.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00011264 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32crypt.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00077312 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._html2.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00027136 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_multiprocessing.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00020480 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\_yappi.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00035840 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32process.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00686080 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\unicodedata.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00078848 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._animate.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00123392 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\wx._wizard.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00024064 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32pipe.pyd
2016-08-26 10:59 - 2016-08-26 10:59 - 00010240 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\select.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00025600 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32pdh.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00017408 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32profile.pyd
2016-08-26 11:00 - 2016-08-26 11:00 - 00022528 ____R () C:\Users\John\AppData\Local\Temp\_MEI59722\win32ts.pyd
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-08-05 10:11 - 2016-08-02 20:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-05 10:11 - 2016-08-02 20:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-06-03 10:27 - 00000826 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Firefox.lnk => C:\Windows\pss\Mozilla Firefox.lnk.Startup
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1847647E-CBB4-4B6C-8EDC-5AEC2846D710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9DDBE74B-CE76-4CCB-89E6-E9D50A1CAD48}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{D3C6FCC8-EBEE-411D-91E0-671C959157C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{47EC0C2A-FA3D-4920-B991-6016848E2F33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A014DBC5-A815-4B09-B5FB-8B0B72274228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CCCCD3A1-2788-466D-8A67-2118E3AB8DB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0179F88D-3142-4E1B-BAD5-E2981C67D41D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{677B6DB7-EF1E-4F67-BD79-6A23D82F0A82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85BF657F-DD24-4DCC-A0B1-4360C31F8DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9459C854-903F-45F3-B3C1-71009FE50AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AACE28F1-0AC5-4D44-811B-58C0F9B84AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8501BFB-A26A-4ACF-9080-C97F8D87CD0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CC4CDE13-4552-44BB-9F98-FEA872BD2AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F20CA863-8841-4D9F-A919-F53FDE7A7CA1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{7C05CF65-0866-4E32-866E-AB9A3736BB7F}] => (Allow) LPort=5357
FirewallRules: [{FB1A1FCF-F683-4BD8-97BC-8B8FC12551BE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{19C766C7-720B-45A2-8FFE-9D1857DBE1EF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF8FB091-47C9-44BE-8C7D-538201EFC90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5103A3E-5847-442E-82BD-020B42AFDA78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F1275F3-EE07-45D8-BDB7-CEA27F6A0480}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

05-08-2016 09:58:15 ASU_MSI_TRAN
05-08-2016 13:19:11 ASU_MSI_TRAN
08-08-2016 16:10:12 Windows Update
15-08-2016 18:47:31 Windows Update
16-08-2016 17:10:07 Windows Update
26-08-2016 09:41:58 Windows Update
26-08-2016 10:53:37 Removed Google Drive

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2016 09:39:02 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (08/19/2016 10:31:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd0

Start Time: 01d1fa243b30c199

Termination Time: 105

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8b13262c-6619-11e6-a6c4-9cb654f71540

Error: (08/19/2016 10:31:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0xfa8
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (08/19/2016 10:27:12 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (08/19/2016 10:18:30 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (08/16/2016 01:37:36 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/05/2016 01:14:04 PM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (08/05/2016 09:59:15 AM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Product: Skype™ 7.26 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/04/2016 09:21:29 AM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Product: Skype™ 7.26 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/03/2016 09:51:43 AM) (Source: MsiInstaller) (EventID: 11719) (User: )
Description: Product: Skype™ 7.26 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.


System errors:
=============
Error: (08/26/2016 10:42:06 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.

Error: (08/26/2016 10:40:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/26/2016 10:40:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP File Sanitizer service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/26/2016 10:40:13 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:39:14 AM on ‎8/‎26/‎2016 was unexpected.

Error: (08/26/2016 10:37:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/26/2016 10:37:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP File Sanitizer service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/26/2016 10:37:23 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:35:56 AM on ‎8/‎26/‎2016 was unexpected.

Error: (08/26/2016 09:34:17 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.

Error: (08/26/2016 09:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (08/26/2016 09:32:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP File Sanitizer service failed to start due to the following error:
%%2 = The system cannot find the file specified.


CodeIntegrity:
===================================
  Date: 2016-08-26 10:40:05.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:40:04.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-18 09:05:22.958
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-18 09:05:22.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 77%
Total physical RAM: 5573.83 MB
Available physical RAM: 1240.02 MB
Total Virtual: 11145.85 MB
Available Virtual: 7279.47 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:919.25 GB) (Free:783.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:6.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE9D643C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello John Aukerman,

I'm off to work now, follow the instructions below and I'll look at later. How did you get that to post without 403 error ? just curious.

Next

Uninstall this program,
SparkTrust PC Cleaner Plus

Next

Please download
AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log
  • Malwarebytes log


  • 0

#5
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

# AdwCleaner v6.010 - Logfile created 30/08/2016 at 08:22:45
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-30.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : John - MAPLEGROVE
# Running from : C:\Users\John\Desktop\adwcleaner_6.010.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\Users\John\AppData\Roaming\SparkTrust
Folder Found:  C:\ProgramData\SparkTrust
Folder Found:  C:\ProgramData\Application Data\SparkTrust


***** [ Files ] *****

File Found:  C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
File Found:  C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found:  HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\PRODUCTSETUP
Key Found:  HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\SparkTrust\SparkTrust PC Cleaner Plus
Key Found:  HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\SparkTrust\UNS\SparkTrust PC Cleaner Plus
Key Found:  HKCU\Software\PRODUCTSETUP
Key Found:  HKCU\Software\SparkTrust\SparkTrust PC Cleaner Plus
Key Found:  HKCU\Software\SparkTrust\UNS\SparkTrust PC Cleaner Plus
Key Found:  HKLM\SOFTWARE\SparkTrust\SparkTrust PC Cleaner Plus
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Key Found:  HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9E0A3C5F-B569-4906-A0E7-57F18B98012D}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9E0A3C5F-B569-4906-A0E7-57F18B98012D}


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Karen\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [1670 Bytes] - [24/02/2016 13:56:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [1704 Bytes] - [24/02/2016 13:58:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [2840 Bytes] - [30/08/2016 08:22:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2913 Bytes] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Professional x64
Ran by John (Administrator) on Tue 08/30/2016 at  8:33:14.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 17

Successfully deleted: C:\Program Files (x86)\GUTE12B.tmp (File)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00GUBI1A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17W3M86O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ276NBK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VINBTE8K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00GUBI1A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\17W3M86O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ276NBK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VINBTE8K (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/30/2016 at  8:38:19.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/30/2016
Scan Time: 8:42 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.30.08
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 391493
Time Elapsed: 24 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-2994528611-1495046117-1799070532-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9E0A3C5F-B569-4906-A0E7-57F18B98012D}, Quarantined, [d26ed879118951e59dbe586cc0432ad6],

Registry Values: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-2994528611-1495046117-1799070532-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9E0A3C5F-B569-4906-A0E7-57F18B98012D}|URL, http://us.yhs4.searc...antinedDWindows7 Professional&p={searchTerms}, [d26ed879118951e59dbe586cc0432ad6], %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-2994528611-1495046117-1799070532-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9E0A3C5F-B569-4906-A0E7-57F18B98012D}|TopResultURLFallback, http://us.yhs4.searc...antinedDWindows7 Professional&p={searchTerms}, [112f1d34a3f7f73f590218ac35ce42be], %5

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

If you have not done so re-run adwCleaner and run the clean option.
  • 0

#7
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Note:
You have 2 Anti Virus programs running:
  • AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
  • AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    The real-time protection of two antivirus programs may conflict with each other and cause the following:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.[* ]Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
  • Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.

    Please uninstall one of them.

    Next
    Download the enclosed => Attached File  fixlist.txt   4.99KB   39 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.
    The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

  • 0

#8
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

Uninstalled Avast.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by John (31-08-2016 17:33:54) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2994528611-1495046117-1799070532-1002 -> {9E0A3C5F-B569-4906-A0E7-57F18B98012D} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_dnldstr_15_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzu0A0EyB0B0AtC0DyBtDtAzyyEyByBzztCtN0D0Tzu0StCtCyBtDtN1L2XzutAtFzztFtAtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyE0FtAtAtByByE0DtGtAyDyBtDtGzzyEtA0FtGtCtA0AzytGtAtBtD0FyC0A0FyE0DtBtB0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBtB0C0CtCyCyBtBtG0D0D0EzztGyEyEtByBtGzy0CyB0CtG0A0Bzzzz0ByE0C0CyDzztCyB2Q%26cr%3D868409052%26a%3Dwny_dnldstr_15_12%26os%3DWindows 7 Professional&p={searchTerms}
BHO: No Name -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> No File
S2 HPFSService; "C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe" [X]
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
2016-08-26 11:15 - 2016-08-26 11:15 - 00003124 _____ C:\Windows\System32\Tasks\SparkTrust Registration3
2016-08-26 11:15 - 2016-08-26 11:15 - 00000462 _____ C:\Windows\Tasks\SparkTrust Registration3.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00004078 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540
2016-08-26 11:14 - 2016-08-26 11:14 - 00003228 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3
2016-08-26 11:14 - 2016-08-26 11:14 - 00002896 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce
2016-08-26 11:14 - 2016-08-26 11:14 - 00002694 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup
2016-08-26 11:14 - 2016-08-26 11:14 - 00001365 _____ C:\Users\John\Desktop\SparkTrust PC Cleaner Plus.lnk
2016-08-26 11:14 - 2016-08-26 11:14 - 00000643 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000596 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000420 _____ C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000420 _____ C:\Windows\Tasks\SparkTrust Update Version3.job
2016-08-26 11:14 - 2016-08-26 11:14 - 00000000 ____D C:\Users\John\AppData\Roaming\SparkTrust
2016-08-26 11:14 - 2016-08-26 11:14 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2016-08-26 11:13 - 2016-08-26 11:14 - 00000000 ____D C:\ProgramData\SparkTrust
2016-08-26 11:13 - 2016-08-26 11:14 - 00000000 ____D C:\Program Files\BDServices
2016-08-26 11:13 - 2016-08-26 11:13 - 00000000 ____D C:\Program Files (x86)\SparkTrust
2016-08-26 11:09 - 2016-08-26 11:12 - 11090096 _____ (SparkTrust) C:\Users\John\Downloads\SparkTrust PC Cleaner Plus Setup_8524D454-1FE5-40C2-8F9D-9AF0A5D64FD1_.exe
Task: {1C4428C0-0CD7-4D67-817C-C624C4525304} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-08-19] (SparkTrust Systems) <==== ATTENTION
Task: {30312CF7-C869-4877-8E09-538D0BDEF748} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {35FABFE7-6271-4B18-9593-1F8E8E293947} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-08-19] (SparkTrust) <==== ATTENTION
ask: {5F199607-9718-48DE-B368-C732DA927181} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-08-19] (SparkTrust) <==== ATTENTION
Task: {D52E03A3-376B-4799-BA51-2AD0753FE75E} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2016-08-19] (SparkTrust Systems) <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe  C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => rundll32.exe  C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
C:\Windows\Tasks\SparkTrust Registration3.job
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9E0A3C5F-B569-4906-A0E7-57F18B98012D} => key not found.
HKCR\CLSID\{9E0A3C5F-B569-4906-A0E7-57F18B98012D} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} => key not found.
HPFSService => service not found.
InstallerService => service not found.
"C:\Windows\System32\Tasks\SparkTrust Registration3" => not found.
"C:\Windows\Tasks\SparkTrust Registration3.job" => not found.
"C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540" => not found.
"C:\Windows\System32\Tasks\SparkTrust Update Version3" => not found.
"C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce" => not found.
"C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup" => not found.
"C:\Users\John\Desktop\SparkTrust PC Cleaner Plus.lnk" => not found.
"C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job" => not found.
"C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job" => not found.
"C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job" => not found.
"C:\Windows\Tasks\SparkTrust Update Version3.job" => not found.
"C:\Users\John\AppData\Roaming\SparkTrust" => not found.
"C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust" => not found.
"C:\ProgramData\SparkTrust" => not found.
"C:\Program Files\BDServices" => not found.
"C:\Program Files (x86)\SparkTrust" => not found.
"C:\Users\John\Downloads\SparkTrust PC Cleaner Plus Setup_8524D454-1FE5-40C2-8F9D-9AF0A5D64FD1_.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C4428C0-0CD7-4D67-817C-C624C4525304} => key not found.
C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3_triggeronce => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30312CF7-C869-4877-8E09-538D0BDEF748} => key not found.
C:\Windows\System32\Tasks\SparkTrust Registration3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Registration3 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35FABFE7-6271-4B18-9593-1F8E8E293947} => key not found.
C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust PC Cleaner Plus Startup => key not found.
ask: {5F199607-9718-48DE-B368-C732DA927181} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2016-08-19] (SparkTrust) <==== ATTENTION => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D52E03A3-376B-4799-BA51-2AD0753FE75E} => key not found.
C:\Windows\System32\Tasks\SparkTrust Update Version3 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SparkTrust Update Version3 => key not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => not found.
C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_C3D4614F-6B9F-11E6-9F60-9CB654F71540.job => not found.
C:\Windows\Tasks\SparkTrust Registration3.job => not found.
C:\Windows\Tasks\SparkTrust Update Version3.job => not found.
C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => not found.
"C:\Windows\Tasks\SparkTrust Registration3.job" => not found.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {540DE5CD-7ED7-4394-980E-63A0D9A5D9D4}.
Unable to cancel {24A8EB74-A38A-4F96-9AA5-53AB90518A62}.
Unable to cancel {88C29C6C-DC92-45DE-BD9C-5E4DC66FC10C}.
Unable to cancel {7C368BDF-96B5-4494-8C4E-642558C28B6F}.
Unable to cancel {EBFFCEC8-5767-46FF-8A30-EA550A576C70}.
Unable to cancel {E1C9C01D-9CF3-49D7-8B86-96D84F5DAAB7}.
Unable to cancel {0DD17F69-F35C-423C-A27E-FBAE13E5281E}.
Unable to cancel {A49BFDC9-97D7-4EDF-BF8D-E0DD62A11E22}.
Unable to cancel {94FCF224-825B-4ACC-A6E8-9A98E34A4E82}.
Unable to cancel {04AD8F4B-277E-4329-8FEA-F7EEEF8A4289}.
Unable to cancel {2B7BA591-C750-4CC6-AF71-9CE3C222F589}.
Unable to cancel {C8DCF7C5-6FDE-4A4B-A7A2-8351592D4927}.
Unable to cancel {E355FEE8-D02D-45E0-98CB-405FD76EBFB9}.
Unable to cancel {A88D8F61-C7D1-4BB8-9072-8F9E426C135E}.
Unable to cancel {69CDD4A6-8781-438F-BF86-29C993AE5D7A}.
Unable to cancel {694D992D-2104-4F7D-B0BE-DA86F57D137E}.
Unable to cancel {3471D996-EAC0-4DA0-A26A-8E26A1F9641E}.
Unable to cancel {E592EF3A-4D58-4F17-AD9A-3B31A0FDABAB}.
Unable to cancel {37CD7B61-937E-4AB9-AD87-D2449B1E3E8F}.
Unable to cancel {3529A24D-1208-40BF-A206-3C9BE952BF5F}.
Unable to cancel {01B06563-22AE-42E3-B8F6-586DC0E6DD1A}.
Unable to cancel {4074A2D4-06E2-426D-AF18-161BB6A2196C}.
Unable to cancel {4B2A046F-646D-46A7-8CC4-74BD6F1C01B1}.
Unable to cancel {21DBD9CE-4187-46BB-921E-905C1FA18FCC}.
Unable to cancel {2D2423B7-5F2B-4FA3-BE70-7805677822E2}.
Unable to cancel {7B15BE08-4EF4-437A-B6DF-05A09BB9CF90}.
Unable to cancel {44CA34EB-8424-42ED-B144-081FB26530A7}.
Unable to cancel {5ED21F9B-2E05-4F3B-AA13-A39DE0B213DD}.
Unable to cancel {13EE91B4-A23A-460E-A442-A6A0D5771FA7}.
Unable to cancel {476EB965-7D5D-49E0-AC69-3B08B8EE56D7}.
Unable to cancel {20F7937C-046D-43E0-97A2-D7DB34253758}.
Unable to cancel {F02F1B99-F7DD-4A4C-9AE1-506D8B3DD856}.
Unable to cancel {80507501-61DF-44EB-9256-6A1720617272}.
Unable to cancel {4F0392D2-8573-4139-84D2-85D76931BB43}.
Unable to cancel {1298BCAF-35A7-4520-81CF-59B85E3F3A3A}.
Unable to cancel {73F801FA-F6FE-452D-BCAC-6EA1D5C360D3}.
Unable to cancel {4170FD9A-FE55-4685-BCCA-23D5AA3FA9C4}.
Unable to cancel {0024D844-9CC3-44BA-8932-61B673C30083}.
Unable to cancel {339DB845-14DA-4202-A99B-2A5D31329E79}.
Unable to cancel {CA5B921F-869C-454F-99B6-FC748F0533CC}.
Unable to cancel {0172B9C7-1D76-4A26-9C4F-3CC344B4D1F8}.
Unable to cancel {E857FF62-4470-40F1-B17E-B06FA36762C9}.
Unable to cancel {123F64B3-B586-410C-BBFA-6EE0CB61D9D8}.
Unable to cancel {8E02C64C-B82A-4EEA-9FBF-07D3ACC6558A}.
Unable to cancel {C7615574-96CB-4B67-93BB-2C57C3FC88BD}.
Unable to cancel {01759EB7-DCFB-49C4-AF38-1E60B10420DE}.
Unable to cancel {06F05F85-EB25-43B3-9BD0-B5D862520515}.
Unable to cancel {90103865-87B6-4515-A1C4-CDB6BCB639D7}.
Unable to cancel {454D239E-991A-4241-8BDB-7ECF02350EEB}.
Unable to cancel {5D0796B8-7617-4626-ADB8-F4E29EE308F8}.
Unable to cancel {A4D5C147-6ABD-402B-883F-3625D7561564}.
Unable to cancel {3128F348-6DDF-4862-A2D2-42E64D43FB79}.
Unable to cancel {756F2D02-8699-4AAB-AD97-F87E176360E4}.
Unable to cancel {702BC06D-7052-4B0D-A4D5-01A6EAF3EB8D}.
Unable to cancel {08CC4A6C-638F-4652-89F1-DED28DC76A25}.
Unable to cancel {A9BA9D54-0E11-4344-9AE3-2E5109E1D942}.
Unable to cancel {ED2797FA-5651-41F0-9E30-EC1BC73D0D6B}.
Unable to cancel {3E4D0B32-10F9-495C-8551-12A5491F214D}.
Unable to cancel {D92F4DBA-F399-45CA-ADAE-1E99B2B2584C}.
Unable to cancel {72811A50-E510-49FA-AF83-227AEBC7F70E}.
Unable to cancel {EA7409E0-FD5E-40BC-BB7A-6692B0C13889}.
Unable to cancel {904A5915-37CC-4812-9A1C-AFC81C44ED9A}.
Unable to cancel {F246DE22-210B-4C96-A2CE-E721527494EA}.
Unable to cancel {181B3EAD-37E6-4C15-9F75-B0B96D2E7F6E}.
Unable to cancel {F3B2B231-AEBC-4629-8CCA-BFC27C9C4B71}.
Unable to cancel {09E84710-BEB9-49E5-8819-CC6856B4D9B9}.
Unable to cancel {D84747D1-B1FD-45BC-A142-B6754725F4D9}.
Unable to cancel {08CBCE95-9891-4676-8952-4C0DF8D05616}.
Unable to cancel {F37C7934-E572-4066-BADE-3953CA0865CD}.
Unable to cancel {838C43AD-A519-46F7-8A69-696D4ACA291A}.
Unable to cancel {82622EC8-DC9A-41CB-934F-908A9A5DC28C}.
Unable to cancel {E911B5A9-2281-442B-8778-4E06739CD0A9}.
Unable to cancel {C642F2C8-58F7-486D-B26B-F5261283D929}.
Unable to cancel {8B04E556-5FA0-45BF-A6F3-BA35200A85CB}.
Unable to cancel {E1528F95-8016-406F-A04D-2F4818936EFD}.
Unable to cancel {B760FACC-E61A-4A51-A4D2-5BE5B9E3129F}.
Unable to cancel {0E70ABCB-3912-497D-B2AF-5CBC38583993}.
Unable to cancel {CC3E5F82-F109-402B-9499-77D6EC111485}.
Unable to cancel {72740C63-FEB3-45D2-A707-F8685BC54CF7}.
Unable to cancel {A8367981-B48A-4A7C-ADDD-84D3CE9A217F}.
Unable to cancel {042FE2F0-75F6-4640-A8D1-9A6863E64A4C}.
Unable to cancel {1CC1F672-4D3F-48C2-ADE1-19EDD3480527}.
Unable to cancel {49976CB6-999F-4837-B63B-426D6A565CED}.
Unable to cancel {903AB357-32FE-4828-8D8E-2782B9C8616C}.
Unable to cancel {14868CC3-C0FB-48E7-8F31-D96DA8689775}.
Unable to cancel {C6F1C4E6-9756-4D5B-8978-5E6FADE0B006}.
Unable to cancel {607D25E6-DE56-416C-9303-89C4DB82A1A2}.
Unable to cancel {FD6B3369-8BB1-428A-BC81-73088A6CF5A3}.
Unable to cancel {E821996F-7102-4106-B142-114489C9F658}.
Unable to cancel {77461A1E-C5D3-4B18-9390-95C2F10E8CB4}.
Unable to cancel {0396579A-938A-4725-ABEE-1ECFF5BA51A1}.
Unable to cancel {51BC6DCD-5F28-4F42-B5D0-D94F3AE9FC4A}.
Unable to cancel {33051FDC-F04A-4540-89A1-ACCDC4703C10}.
Unable to cancel {7B0C4293-4B18-4F7B-9AE6-BF82D6B1B971}.
Unable to cancel {EF209C50-5D70-41FF-A920-F71345C791DA}.
Unable to cancel {B1A688D2-7534-4076-85C4-3A5A7944D735}.
Unable to cancel {7D4EBBE7-3A27-453D-8781-C7DDC292643F}.
Unable to cancel {CABD29C9-F5D5-4F67-9C99-8D6168CC731B}.
Unable to cancel {E7B3A48A-C847-4F89-A9C1-1FF82DB16393}.
Unable to cancel {C292E71C-2CC1-4F54-A61E-B2377BD58042}.
Unable to cancel {193D886E-FEF0-4A9A-8B14-2F3F0E209FF9}.
Unable to cancel {02627ED1-4D29-4899-B9DF-DC1D3F20F8A6}.
Unable to cancel {FAFEDFB1-AE87-4F48-9D0E-97B25A9661A1}.
Unable to cancel {3BCBC47C-A1C2-4792-939D-AB7E025EBFA4}.
Unable to cancel {B77FA6D9-B834-49F8-9CF6-9596CD817027}.
Unable to cancel {6E8E1E52-C8EC-4C4B-AE72-1627340B2AE2}.
Unable to cancel {A2A8DE58-1375-4043-9D95-F4E744BAD0E0}.
0 out of 107 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1051928 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 5262 B
Edge => 0 B
Chrome => 0 B
Firefox => 155288508 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 66088 B
LocalService => 0 B
NetworkService => 28028484 B
John => 181411398 B
Karen => 1591913226 B

RecycleBin => 3966002483 B
EmptyTemp: => 5.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:38:49 ====


  • 0

#9
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

  • 0

#10
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by John (administrator) on MAPLEGROVE (02-09-2016 11:00:13)
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.SmartMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2015-04-21] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-07-18] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-12-10] (Intuit Inc. All rights reserved.)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\MountPoints2: H - H:\SETUP.EXE
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-05-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-05-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-05-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\firefox - Shortcut.lnk [2016-04-29]
ShortcutTarget: firefox - Shortcut.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-09-02]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1F72C64A-20C5-4AEF-B8F3-C328D039AE59}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/en-us/?ocid=U221DHP&pc=U221
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM14/19
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-08-26] (Intel Security)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\myzd5fce.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://mail.google.com/mail/u/0/#inbox
hxxps://www.aplos.com/aws/login
hxxps://www.pnc.com/en/personal-banking.html
hxxp://radio.securenetsystems.net/v5/WHBU
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxps://www.aplos.com/aws/login"
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-24]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-13]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-24]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-07-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-26]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-28]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0154621472828126mcinstcleanup; C:\Windows\TEMP\015462~1.EXE [922152 2016-03-02] (McAfee, Inc.)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-30] (Advanced Micro Devices, Inc.) [File not signed]
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3036312 2016-07-28] (Intel® Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265936 2014-08-18] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-07-18] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-05-09] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2015-04-21] (Realtek Semiconductor)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [922152 2016-08-25] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-08-25] (McAfee, Inc.)
S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-08-25] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3817168 2014-08-18] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-27] (CyberLink)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3423720 2014-09-02] (Intel Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 11:00 - 2016-09-02 11:01 - 00017600 _____ C:\Users\John\Desktop\FRST.txt
2016-08-31 17:29 - 2016-08-31 17:38 - 00017791 _____ C:\Users\John\Desktop\Fixlog.txt
2016-08-31 17:29 - 2016-08-31 17:29 - 00000000 ____D C:\Users\John\Desktop\FRST-OlderVersion
2016-08-30 09:16 - 2016-08-30 09:16 - 00002870 _____ C:\Users\John\Desktop\mbam.txt
2016-08-30 08:41 - 2016-08-30 08:41 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-30 08:38 - 2016-08-30 08:38 - 00003244 _____ C:\Users\John\Desktop\JRT.txt
2016-08-30 08:30 - 2016-08-30 08:31 - 01610560 _____ (Malwarebytes) C:\Users\John\Desktop\JRT.exe
2016-08-30 08:23 - 2016-08-30 09:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-30 08:17 - 2016-08-30 08:17 - 03826240 _____ C:\Users\John\Desktop\adwcleaner_6.010.exe
2016-08-26 11:43 - 2016-09-02 11:00 - 00000000 ____D C:\FRST
2016-08-26 11:31 - 2016-08-31 17:29 - 02397696 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2016-08-26 11:03 - 2016-08-26 11:03 - 00001668 _____ C:\Users\John\Desktop\Google Drive.lnk
2016-08-26 10:59 - 2016-08-26 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-26 09:55 - 2016-08-26 10:37 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForJohn.job
2016-08-26 09:55 - 2016-08-26 09:55 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2016-08-16 14:03 - 2016-07-08 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-08-16 14:03 - 2016-07-08 11:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-08-16 13:46 - 2016-08-16 13:46 - 00248286 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70) (2).pdf
2016-08-16 13:44 - 2016-08-16 13:44 - 00248297 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70).pdf
2016-08-16 13:44 - 2016-08-16 13:44 - 00248288 _____ C:\Users\Karen\Downloads\PAYROLL- 8-19-2016 (70) (1).pdf
2016-08-15 17:47 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-15 17:47 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-15 17:47 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-15 17:47 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-15 17:47 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-15 17:47 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-15 17:47 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-15 17:47 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-15 17:47 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-15 17:47 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-15 17:47 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-15 17:47 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-15 17:47 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-15 17:47 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-15 17:46 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-15 17:46 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-15 17:46 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-15 17:46 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-15 17:46 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-15 17:46 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-15 17:46 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-15 17:46 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-15 17:46 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-15 17:46 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-15 17:46 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-15 17:46 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-15 17:46 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-15 17:46 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-15 17:46 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-15 17:46 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-15 17:46 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-15 17:46 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-15 17:46 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-15 17:46 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-15 17:46 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-15 17:46 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-15 17:46 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-15 17:46 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-15 17:46 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-15 17:46 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-15 17:46 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-15 17:46 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-15 17:46 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-15 17:46 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-15 17:46 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-15 17:46 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-15 17:46 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-15 17:46 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-15 17:46 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-15 17:46 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-15 17:46 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-15 17:46 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-15 17:46 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-15 17:46 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-15 17:46 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-15 17:46 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-15 17:46 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-15 17:46 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-15 17:46 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-15 17:46 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-15 17:46 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-15 17:46 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-15 17:46 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-15 17:46 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-15 17:46 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-15 17:46 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-15 17:46 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-15 17:46 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-15 17:46 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-15 17:46 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-15 17:46 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-15 17:46 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-15 17:46 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-15 17:45 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-15 10:42 - 2016-08-15 10:42 - 00019354 _____ C:\Users\Karen\Downloads\GWRRA Ladies Retreat 2016.PDF
2016-08-15 10:42 - 2016-08-15 10:42 - 00019354 _____ C:\Users\Karen\Downloads\GWRRA Ladies Retreat 2016 (1).PDF
2016-08-09 11:08 - 2016-08-09 11:08 - 00324047 _____ C:\Users\Karen\Downloads\2016 Reconciliation Picnic Flier -FINAL_6-14.pdf
2016-08-09 10:09 - 2016-08-09 10:09 - 13548771 _____ C:\Users\Karen\Downloads\Kihms3W July 2016 Newsletter.pdf
2016-08-04 14:40 - 2016-08-04 14:40 - 00248192 _____ C:\Users\Karen\Downloads\PAYROLL- 8-5-2016 (69) (1).pdf
2016-08-04 14:38 - 2016-08-04 14:38 - 00248176 _____ C:\Users\Karen\Downloads\PAYROLL- 8-5-2016 (69).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-02 10:59 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-02 10:59 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-09-02 10:57 - 2015-03-06 12:52 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A31D05A0-4A77-4D7D-9C5B-3B7EB0D692F8}
2016-09-02 10:56 - 2015-06-23 14:21 - 00000000 ___RD C:\Users\John\Google Drive
2016-09-02 10:55 - 2016-04-21 12:07 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-02 10:55 - 2016-04-21 11:57 - 00000000 ____D C:\Program Files\TrueKey
2016-09-02 10:55 - 2014-04-02 04:31 - 00000000 ____D C:\ProgramData\PDFC
2016-09-02 10:53 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-31 19:09 - 2015-03-16 09:45 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-31 18:48 - 2015-03-16 11:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-31 17:49 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:49 - 2009-07-14 00:45 - 00023408 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-31 17:45 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Bulletin Sample
2016-08-31 17:36 - 2016-02-15 13:45 - 00000000 ____D C:\Users\Karen\AppData\LocalLow\Temp
2016-08-31 17:35 - 2015-04-21 14:33 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2016-08-31 17:25 - 2016-02-24 14:41 - 00000000 ____D C:\ProgramData\AVAST Software
2016-08-31 17:22 - 2016-04-21 12:09 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-08-30 09:15 - 2016-02-24 23:38 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-30 09:09 - 2016-02-24 22:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-30 09:09 - 2015-03-16 09:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-30 08:41 - 2016-02-24 23:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-30 08:24 - 2016-02-24 13:56 - 00000000 ____D C:\AdwCleaner
2016-08-30 08:19 - 2016-06-17 10:31 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype
2016-08-29 17:55 - 2016-06-17 10:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-29 17:55 - 2014-04-02 04:28 - 00000000 ____D C:\ProgramData\Skype
2016-08-26 11:59 - 2015-04-14 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-26 10:59 - 2015-03-16 09:45 - 00000000 ____D C:\Users\John\AppData\Local\Google
2016-08-26 10:59 - 2015-03-16 09:45 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-19 10:13 - 2009-07-14 01:08 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-08-18 15:48 - 2015-04-22 11:03 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36D9C53B-37EF-4B56-AF55-4CCDF8D010ED}
2016-08-18 14:44 - 2015-05-19 12:48 - 00000000 ____D C:\Users\Karen\Desktop\Newsletter Info
2016-08-18 09:50 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Forms
2016-08-18 09:06 - 2015-11-30 09:53 - 00000000 ___RD C:\Users\Karen\Google Drive
2016-08-17 17:00 - 2015-05-19 12:50 - 00018201 _____ C:\Users\Karen\Documents\Scripture & Offertory Rotation.xlsx
2016-08-17 11:34 - 2015-11-19 14:56 - 00003182 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKaren
2016-08-17 11:34 - 2015-11-19 14:56 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForKaren.job
2016-08-17 11:09 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-08-16 16:03 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Avery Templates
2016-08-16 15:48 - 2015-05-19 12:49 - 00011769 _____ C:\Users\Karen\Documents\Birthdays - Annivesaries 2015.xlsx
2016-08-16 15:48 - 2015-05-19 12:49 - 00011493 _____ C:\Users\Karen\Documents\Birthdays - Anniversaries 2015 (2).xlsx
2016-08-16 13:33 - 2009-07-14 00:45 - 00452208 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-15 19:07 - 2009-07-13 22:34 - 00000580 _____ C:\Windows\win.ini
2016-08-15 19:06 - 2015-03-31 14:25 - 00000000 ____D C:\Windows\system32\MRT
2016-08-15 18:52 - 2015-03-31 14:25 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-09 15:16 - 2015-05-19 12:47 - 00000000 ____D C:\Users\Karen\Documents\Correspondence
2016-08-05 10:11 - 2015-03-16 09:48 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-08-26 11:14 - 2016-08-29 09:52 - 0000115 _____ () C:\Users\John\AppData\Roaming\LogFile.txt
2015-07-14 13:29 - 2015-07-14 13:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-11-10 14:35 - 2015-11-10 14:56 - 15102356 _____ () C:\ProgramData\hpcsmmsilogs.log
2015-05-19 14:21 - 2015-05-19 14:22 - 2001298 _____ () C:\ProgramData\hpdam_install_log.txt
2015-04-21 13:41 - 2015-04-21 13:41 - 1034462 _____ () C:\ProgramData\HPFileSanitizer_Install_Log.txt
2015-08-04 13:24 - 2015-08-04 13:25 - 0040378 _____ () C:\ProgramData\HPTrustCircles_Install_Log.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-29 10:36

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by John (02-09-2016 11:02:05)
Running from C:\Users\John\Desktop
Windows 7 Professional Service Pack 1 (X64) (2015-03-06 16:51:08)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2994528611-1495046117-1799070532-500 - Administrator - Disabled)
Guest (S-1-5-21-2994528611-1495046117-1799070532-501 - Limited - Disabled)
John (S-1-5-21-2994528611-1495046117-1799070532-1002 - Administrator - Enabled) => C:\Users\John
Karen (S-1-5-21-2994528611-1495046117-1799070532-1003 - Limited - Enabled) => C:\Users\Karen

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{BA88C518-1C29-6931-1190-D9153F49461B}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DJ2540FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Deskjet 2540 series Basic Device Software (HKLM\...\{6A79CD11-0C1C-4E24-A8C6-46A02F680346}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Documentation (HKLM-x32\...\{85D645CF-0F3B-477A-A9C9-194917F1A75B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{49524B48-4FE9-4A62-A9FD-1F2258DF5489}) (Version: 3.4.12.0 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{7561C06A-7797-4462-A7C3-86F45AE901CF}) (Version: 8.7.4 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.3.34.7 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.6.129.1 - Intel Security)
Intel® PROSet/Wireless Software (HKLM-x32\...\{51015b63-d62c-4ca9-af93-9c3c601cef0b}) (Version: 17.12.0 - Intel Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM-x32\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.50 - PDF Complete, Inc)
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{DF34643B-A745-430C-B27B-A48F853C81E4}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickBooks (x32 Version: 23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Nonprofit Edition 2013 (HKLM-x32\...\{38874F22-DDAA-4A43-8F1B-6ED2D0BF063A}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.74.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0012-0000-0000-0000000FF1CE}_Office15.STANDARD_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
WinUtilities Free Edition 11.33 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.33 - YL Computing, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06290AFA-84EE-4B32-B5C8-C35C128CD928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0CE3B313-2ED6-4A07-B5AF-221CC36C3B85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {10205207-CC5C-4BF0-B155-41DFB8F32A76} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {1B8A4FF8-3FDA-4375-8B2C-9EFE688C8A7C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {2C1FB549-6E5A-46CC-97A7-0CA629513DDB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
Task: {42C6B70E-0215-44A4-A7F3-FD76E9A69713} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {5722665F-91EE-458D-9777-ACF1728DCECB} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {5F656B7B-1C0C-49B8-AEA6-E9CFA74D3A9A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {6877BA5B-8AE2-4158-984A-1DFB05A901AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {94F675DC-2675-4DA2-A55E-5EAA45572729} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {97E529F4-0111-44CB-850A-9CB55101CFA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {A3984152-5BDF-4825-9EA6-F065A549E99D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A58CE342-E758-40F0-AF94-7ABB69ECF4D6} - System32\Tasks\HPCeeScheduleForMAPLEGROVE$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {B6A98587-34D1-4BFA-9E89-7C74642550E2} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {BF9C44CE-54AD-4E69-8E9C-CD3B5D074430} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {C0100212-2422-4C75-8B80-E4C886691E78} - System32\Tasks\HPCeeScheduleForKaren => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C1F4C0A1-1CC6-4557-B881-06B36A2DFAC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CB0F1CA4-EEA6-4859-BEE8-0D044E2D1703} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {DA4B78D1-8B3E-4F01-8594-98FC40B14F66} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {E49515D1-99EC-4241-A1BB-1308E9F4F09D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F171FDEA-36E5-4382-A15E-D14E774BDF50} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKaren.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMAPLEGROVE$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-30 22:47 - 2013-08-30 22:47 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-06-14 13:38 - 2016-06-14 13:38 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-08-30 22:47 - 2013-08-30 22:47 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-09-02 10:55 - 2016-09-02 10:55 - 00098816 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32api.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00110080 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\pywintypes27.dll
2016-09-02 10:55 - 2016-09-02 10:55 - 00364544 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\pythoncom27.dll
2016-09-02 10:55 - 2016-09-02 10:55 - 00320512 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32com.shell.shell.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00776704 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_hashlib.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 01176576 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._core_.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00806400 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._gdi_.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00816128 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._windows_.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 01067008 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._controls_.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00733184 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._misc_.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00682496 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\pysqlite2._sqlite.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_ctypes.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00119808 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32file.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00108544 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32security.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00007168 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\hashobjs_ext.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00017920 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\thumbnails_ext.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00088064 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\usb_ext.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00012800 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\common.time34.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00018432 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32event.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00167936 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32gui.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00046080 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_socket.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 01208320 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_ssl.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00128512 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_elementtree.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00127488 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\pyexpat.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00038912 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32inet.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00036864 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_psutil_windows.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00525208 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\windows._lib_cacheinvalidation.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00011264 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32crypt.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00077312 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._html2.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00027136 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_multiprocessing.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00020480 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\_yappi.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00035840 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32process.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00686080 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\unicodedata.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00078848 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._animate.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00123392 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\wx._wizard.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00024064 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32pipe.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00010240 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\select.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00025600 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32pdh.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00017408 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32profile.pyd
2016-09-02 10:55 - 2016-09-02 10:55 - 00022528 ____R () C:\Users\John\AppData\Local\Temp\_MEI42322\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-08-31 17:34 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mozilla Firefox.lnk => C:\Windows\pss\Mozilla Firefox.lnk.Startup
MSCONFIG\startupreg: CLMLServer_For_P2G8 => "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
MSCONFIG\startupreg: CLVirtualDrive => "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
MSCONFIG\startupreg: CryptoMill Refresh => C:\Program Files\Hewlett-Packard\HP Trust Circles\ceflauncher -m refresh
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: HP File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\Coreshredder.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1847647E-CBB4-4B6C-8EDC-5AEC2846D710}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9DDBE74B-CE76-4CCB-89E6-E9D50A1CAD48}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{D3C6FCC8-EBEE-411D-91E0-671C959157C1}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{47EC0C2A-FA3D-4920-B991-6016848E2F33}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{A014DBC5-A815-4B09-B5FB-8B0B72274228}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CCCCD3A1-2788-466D-8A67-2118E3AB8DB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0179F88D-3142-4E1B-BAD5-E2981C67D41D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{677B6DB7-EF1E-4F67-BD79-6A23D82F0A82}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{85BF657F-DD24-4DCC-A0B1-4360C31F8DDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9459C854-903F-45F3-B3C1-71009FE50AB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AACE28F1-0AC5-4D44-811B-58C0F9B84AE2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{F8501BFB-A26A-4ACF-9080-C97F8D87CD0D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CC4CDE13-4552-44BB-9F98-FEA872BD2AEA}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{F20CA863-8841-4D9F-A919-F53FDE7A7CA1}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{7C05CF65-0866-4E32-866E-AB9A3736BB7F}] => (Allow) LPort=5357
FirewallRules: [{FB1A1FCF-F683-4BD8-97BC-8B8FC12551BE}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{19C766C7-720B-45A2-8FFE-9D1857DBE1EF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EF8FB091-47C9-44BE-8C7D-538201EFC90D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D5103A3E-5847-442E-82BD-020B42AFDA78}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F1275F3-EE07-45D8-BDB7-CEA27F6A0480}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-08-2016 18:47:31 Windows Update
16-08-2016 17:10:07 Windows Update
26-08-2016 09:41:58 Windows Update
26-08-2016 10:53:37 Removed Google Drive
26-08-2016 11:53:15 Windows Update
29-08-2016 17:53:05 ASU_MSI_TRAN
30-08-2016 08:33:20 JRT Pre-Junkware Removal
31-08-2016 17:29:58 Restore Point Created by FRST
31-08-2016 17:33:55 Restore Point Created by FRST
31-08-2016 17:38:32 Windows Update

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2016 05:38:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Service Installer TrueKey since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/31/2016 05:38:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service HP File Sanitizer since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/31/2016 05:33:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Service Installer TrueKey since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/31/2016 05:33:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service HP File Sanitizer since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (08/31/2016 05:33:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 31.8.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15f4

Start Time: 01d203ceceb36211

Termination Time: 31

Application Path: C:\Users\John\Desktop\FRST64.exe

Report Id: 94e93252-6fc2-11e6-9416-9cb654f71540

Error: (08/31/2016 05:29:57 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {9419c0ab-b1a9-4451-aa16-0eab7e562a30}

Error: (08/31/2016 05:21:59 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "C:\Program Files\Intel Security\True Key\Application\truekey.exe".Error in manifest or policy file "C:\Program Files\Intel Security\True Key\Application\truekey.exe" on line 0.
Invalid Xml syntax.

Error: (08/26/2016 09:39:02 AM) (Source: HP Active Health) (EventID: 91) (User: )
Description: Unhandled Exception. Application will terminate immediately.
System.ArgumentNullException: Value cannot be null.
   at System.Threading.Monitor.Enter(Object obj)
   at HP.ActiveHealth.Commons.Security.HashStore.Validate(String filePath)
   at HP.ActiveHealth.Core.Program..ctor(String[] args, Boolean mustCheckSignature, Boolean validateIni)
   at HP.ActiveHealth.Core.ActiveHealthMain.Main(String[] args)

Error: (08/19/2016 10:31:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 47.0.0.5999 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bd0

Start Time: 01d1fa243b30c199

Termination Time: 105

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 8b13262c-6619-11e6-a6c4-9cb654f71540

Error: (08/19/2016 10:31:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 47.0.0.5999, time stamp: 0x5753660e
Faulting module name: mozglue.dll, version: 47.0.0.5999, time stamp: 0x57535438
Exception code: 0x80000003
Fault offset: 0x0000f3ad
Faulting process id: 0xfa8
Faulting application start time: 0x01d1fa24571e0d4f
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: 8e4e38ae-6619-11e6-a6c4-9cb654f71540


System errors:
=============
Error: (09/02/2016 10:56:22 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (09/02/2016 10:55:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.

Error: (08/31/2016 05:41:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Biometric and Context Agent Service service hung on starting.

Error: (08/31/2016 05:39:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/31/2016 05:39:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/31/2016 05:39:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/31/2016 05:39:02 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024001e: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.227.1236.0).

Error: (08/31/2016 05:39:02 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.227.1007.0

    Update Source: Microsoft Update Server

    Update Stage: Install

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 1.1.13000.0

    Error code: 0x8024001e

    Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (08/31/2016 05:39:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (08/31/2016 05:35:54 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Modules Installer service, but this action failed with the following error:
An instance of the service is already running.


CodeIntegrity:
===================================
  Date: 2016-08-29 09:49:30.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 09:49:30.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:40:05.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:40:04.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 10:37:13.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.942
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-26 09:31:59.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 10:13:38.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD A4-5000 APU with Radeon™ HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 5573.83 MB
Available physical RAM: 2656.73 MB
Total Virtual: 11145.85 MB
Available Virtual: 8179.5 MB

==================== Drives ================================

Drive c: (Windows ) (Fixed) (Total:919.25 GB) (Free:783.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.16 GB) (Free:1.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
Drive g: (USB20FD) (Removable) (Total:7.52 GB) (Free:6.1 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: DE9D643C)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=100 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Do you use this program ? It's listed in your uninstall programs list.
Intel Security True Key
The True Key™ app remembers your passwords and instantly logs you into your websites and apps.

A few items to fix

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\MountPoints2: H - H:\SETUP.EXE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
U0 aswVmm; no ImagePath
Task: {94F675DC-2675-4DA2-A55E-5EAA45572729} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {2C1FB549-6E5A-46CC-97A7-0CA629513DDB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
2016-08-31 17:25 - 2016-02-24 14:41 - 00000000 ____D C:\ProgramData\AVAST Software
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your Desktop (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.
  • 0

#12
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

I guess that I don't use Intel Security True Key, because I don't know anything about it.

 

Firefox => 93012970 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 39862 B
John => 45005919 B
Karen => 0 B

RecycleBin => 2486820 B
EmptyTemp: => 166.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:21:43 ====


  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Post that fix log again I'm missing most of it.

I might consider uninstalling Intel Security True Key. It's running files all over the place.
  • 0

#14
John Aukerman

John Aukerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 204 posts

Uninstalled Intel Security True Key.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by John (02-09-2016 14:43:49) Run:4
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John & Karen)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\...\MountPoints2: H - H:\SETUP.EXE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
U0 aswVmm; no ImagePath
Task: {94F675DC-2675-4DA2-A55E-5EAA45572729} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {2C1FB549-6E5A-46CC-97A7-0CA629513DDB} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-03] (AVAST Software)
C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
2016-08-31 17:25 - 2016-02-24 14:41 - 00000000 ____D C:\ProgramData\AVAST Software
Emptytemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2994528611-1495046117-1799070532-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
aswVmm => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F675DC-2675-4DA2-A55E-5EAA45572729} => key not found.
C:\Windows\System32\Tasks\McAfee Remediation (Prepare) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee Remediation (Prepare) => key not found.
"C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C1FB549-6E5A-46CC-97A7-0CA629513DDB} => key not found.
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software\Avast settings backup => key not found.
"C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe" => not found.
"C:\ProgramData\AVAST Software" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3421838 B
Java, Flash, Steam htmlcache => 1135 B
Windows/system/drivers => 85024 B
Edge => 0 B
Chrome => 0 B
Firefox => 98935637 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3374 B
John => 40790142 B
Karen => 0 B

RecycleBin => 985 B
EmptyTemp: => 144.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 14:44:35 ====


  • 0

#15
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Your computer should be running better and is malware free.

How is the computer ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP