Not sure of the exact procedure but I am hoping someone would assist me please. Thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by rpelletier (administrator) on MTRASK (17-07-2018 07:44:46)
Running from C:\Users\rpelletier\Desktop
Loaded Profiles: rpelletier (Available Profiles: eclark & bdelong & KRoney & rpelletier & rpadmin & ghanson & guest & jblanchard & Administrator & Elizabeth.Shumaker)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(strawberryperl.com) C:\Program Files\FusionInventory-Agent\perl\bin\perl.exe
(OCS Inventory NG) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\reg.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\SccmRdpsystem.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\SccmRdpUser.exe
(Microsoft Corporation) C:\Windows\System32\wksprt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
() \\emsrv-printman2.emcc.edu\PCClient\win\pc-client.exe
(Fortinet Inc.) C:\Users\rpelletier\AppData\Local\Temp\FortiClientSetup_6.0.0_x64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332328 2015-06-03] (Microsoft Corporation)
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\xinputfooter.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\plawim.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\hotspotdetect.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\exampleappx.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\xinputfooter.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\mdmsgdroid.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\WINDOWS\343414F0.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\betestjust.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\withwsm.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\4B4EF7ED.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\exampleappx.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\brackwrap.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\tagftp.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\pluginstrace.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\System32\ipxripaction.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\SysWOW64\charttag.exe <==== ATTENTION
HKLM Group Policy restriction on software: C:\Windows\343414F0.exe <==== ATTENTION
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\...\Policies\system: [SetVisualStyle] %windir%\resources\Themes\Luna\Luna.msstyles
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\...\Policies\Explorer: [NoDFSTab] 1
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 10.40.1.19 10.40.1.8
Tcpip\..\Interfaces\{7468B777-AE58-4754-82A7-D1C7280BC251}: [DhcpNameServer] 10.40.1.19 10.40.1.8
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.emcc.edu
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_162\bin\ssv.dll [2018-04-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-11] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2017-09-12] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\ssv.dll [2018-04-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office16\URLREDIR.DLL [2015-07-31] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\jp2ssv.dll [2018-04-11] (Oracle Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation)
FireFox:
========
FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2018-07-12] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-11] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-07-28] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.162.2 -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\dtplugin\npDeployJava1.dll [2018-04-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.162.2 -> C:\Program Files (x86)\Java\jre1.8.0_162\bin\plugin2\npjp2.dll [2018-04-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-09-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [2180480 2018-04-30] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [699808 2017-07-13] (Microsoft Corporation)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1648840 2016-08-05] (Foxit Software Inc.)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50360 2016-09-18] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-06-03] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-06-03] (Microsoft Corporation)
R2 OCS Inventory Service; C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe [786432 2017-01-12] (OCS Inventory NG) [File not signed]
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [322432 2018-02-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 204065EE; %SystemRoot%\204065EE.exe [X]
R2 FusionInventory-Agent; "C:\Program Files\FusionInventory-Agent\perl\bin\perl.exe" -I"C:\Program Files\FusionInventory-Agent\perl\agent" -I"C:\Program Files\FusionInventory-Agent\perl\lib" -I"C:\Program Files\FusionInventory-Agent\perl\site\lib" -I"C:\Program Files\FusionInventory-Agent\perl\vendor\lib" "C:\Program Files\FusionInventory-Agent\perl\bin\fusioninventory-win32-service"
S2 lanesiwamreg; "C:\Windows\SysWOW64\lanesiwamreg.exe" [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2015-02-25] (Microsoft Corporation)
R1 MpKsledc700d0; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9520BC5-29A6-4EFE-AF97-01C70C73DBE4}\MpKsledc700d0.sys [58120 2018-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2015-02-25] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2015-04-14] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R4 eppdisk; system32\drivers\eppdisk.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 07:48 - 2018-07-17 07:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FortiClient
2018-07-17 07:48 - 2018-05-30 16:34 - 000016928 _____ (Fortinet Inc.) C:\Windows\system32\Drivers\ftvnic.sys
2018-07-17 07:47 - 2018-07-17 07:47 - 000000000 ____D C:\Program Files\Common Files\Fortinet
2018-07-17 07:45 - 2018-07-17 07:45 - 000000000 ____D C:\Program Files\Fortinet
2018-07-17 07:44 - 2018-07-17 07:48 - 000013979 _____ C:\Users\rpelletier\Desktop\FRST.txt
2018-07-17 07:43 - 2018-07-17 07:43 - 000000000 ____D C:\Users\rpelletier\Desktop\FRST-OlderVersion
2018-07-17 07:42 - 2018-07-17 07:44 - 000000000 ____D C:\FRST
2018-07-17 07:41 - 2018-07-17 07:43 - 002412544 _____ (Farbar) C:\Users\rpelletier\Desktop\FRST64.exe
2018-07-15 13:57 - 2018-07-15 13:57 - 000003222 _____ C:\Windows\System32\Tasks\RCT_Sch_Shutdown
2018-07-13 07:04 - 2018-07-13 07:04 - 000003392 _____ C:\Windows\System32\Tasks\RecastShutdown1
2018-07-12 13:05 - 2018-07-12 13:05 - 000000093 _____ C:\Windows\wininit.ini
2018-07-12 13:03 - 2018-07-12 13:03 - 000000000 _____ C:\Users\jblanchard\.uc-396f90c5f77dc90bffbb318bd70b9599.jblanchard.mtrask.tmp
2018-07-11 14:43 - 2018-07-11 14:43 - 000000000 ____D C:\ProgramData\sccomm
2018-07-11 14:39 - 2018-07-11 14:39 - 000000000 ____D C:\ProgramData\Applications
2018-07-11 14:38 - 2018-07-12 11:35 - 000000000 ____D C:\Program Files (x86)\Malwarebytes' Managed Client
2018-07-11 14:34 - 2018-07-11 14:35 - 000000000 ____D C:\Windows\FortiEMSInstaller_logs
2018-07-11 14:34 - 2018-07-11 14:34 - 000003624 _____ C:\Windows\System32\Tasks\FEMS_INSTALLER_0692b297_6b78_4bbc_8cd9_6a60937d5037
2018-07-11 14:33 - 2018-07-11 14:34 - 000000000 ____D C:\Windows\FortiEMSInstaller
2018-07-11 08:00 - 2018-07-11 08:00 - 000001799 _____ C:\Windows\SMSAdvancedClient.configmgr1802-client-kb4339794-x64.mif
2018-07-11 07:58 - 2018-07-11 07:58 - 000004764 _____ C:\Windows\system32\CcmFramework.ini
2018-07-11 07:58 - 2018-07-11 07:58 - 000000621 _____ C:\Windows\system32\CcmFramework.h
2018-07-11 07:56 - 2018-07-11 07:56 - 000000000 ____D C:\Windows\ms
2018-07-06 10:43 - 2018-07-06 10:43 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-07-05 17:06 - 2018-07-17 07:40 - 000000000 ____D C:\ProgramData\Emsisoft
2018-07-05 17:01 - 2018-07-17 07:40 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2018-07-05 16:49 - 2018-07-05 17:10 - 000000000 ____D C:\AdwCleaner
2018-07-05 16:47 - 2018-07-05 17:04 - 000002440 _____ C:\Users\rpelletier\Desktop\Rkill.txt
2018-07-05 16:47 - 2018-07-05 16:47 - 000002001 _____ C:\Users\rpelletier\Desktop\MBAM - Shortcut.lnk
2018-07-05 16:47 - 2018-07-05 16:47 - 000000000 ____D C:\ProgramData\MB2Migration
2018-07-05 16:46 - 2018-07-05 16:46 - 000111536 _____ C:\Users\rpelletier\AppData\Local\GDIPFONTCACHEV1.DAT
2018-07-05 16:46 - 2018-07-05 16:46 - 000000000 ____D C:\Users\rpelletier\AppData\Local\Google
2018-07-05 16:45 - 2018-07-09 00:41 - 000003258 _____ C:\Users\rpelletier\Desktop\HP Classroom Manager Tech Console.lnk
2018-07-05 16:45 - 2018-07-09 00:41 - 000003258 _____ C:\Users\rpelletier\Desktop\Drive Vaccine PC Restore Plus RMC.lnk
2018-07-05 16:45 - 2018-07-09 00:41 - 000003226 _____ C:\Users\rpelletier\Desktop\Reboot Restore Rx Pro RMC.lnk
2018-07-05 16:45 - 2018-07-09 00:41 - 000003194 _____ C:\Users\rpelletier\Desktop\Launch PowerFAIDS.lnk
2018-07-05 16:45 - 2018-07-09 00:41 - 000003178 _____ C:\Users\rpelletier\Desktop\Jenzabar EX 7.lnk
2018-07-05 16:45 - 2018-07-05 16:45 - 000001417 _____ C:\Users\rpelletier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2018-07-05 16:45 - 2018-07-05 16:45 - 000000000 ____D C:\Users\rpelletier\AppData\Roaming\Adobe
2018-07-05 16:44 - 2018-07-17 07:31 - 000000000 ____D C:\Users\rpelletier
2018-07-05 16:44 - 2018-07-17 07:30 - 000012258 __RSH C:\Users\rpelletier\ntuser.pol
2018-07-05 16:44 - 2018-07-09 00:41 - 000000000 ____D C:\Users\rpelletier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemoteApp and Desktop Connections
2018-07-05 16:44 - 2018-07-05 16:44 - 000000020 ___SH C:\Users\rpelletier\ntuser.ini
2018-07-05 16:44 - 2018-07-05 16:44 - 000000000 ____D C:\Users\rpelletier\AppData\Local\VirtualStore
2018-07-05 16:44 - 2018-07-05 16:44 - 000000000 ____D C:\Users\rpelletier\.oracle_jre_usage
2018-07-05 16:44 - 2018-07-05 16:44 - 000000000 _____ C:\Users\rpelletier\.uc-396f90c5f77dc90bffbb318bd70b9599.rpelletier.mtrask.tmp
2018-07-05 16:44 - 2018-01-16 13:12 - 000000000 ____D C:\Users\rpelletier\AppData\Local\Microsoft Help
2018-07-05 16:44 - 2017-06-06 13:01 - 000000000 ____D C:\Users\rpelletier\AppData\Roaming\Sun
2018-07-05 16:44 - 2016-09-09 11:23 - 000000000 ____D C:\Users\rpelletier\AppData\Roaming\Macromedia
2018-07-05 16:44 - 2009-07-14 03:12 - 000000000 ____D C:\Users\rpelletier\AppData\Roaming\Media Center Programs
2018-07-05 08:13 - 2018-07-12 11:20 - 000003178 _____ C:\Users\jblanchard\Desktop\Jenzabar EX 7.lnk
2018-07-03 14:42 - 2017-03-28 10:40 - 000291336 _____ (CodePlex Community) C:\Windows\Microsoft.Win32.TaskScheduler.dll
2018-07-03 14:42 - 2017-03-28 10:40 - 000022024 _____ () C:\Windows\Shutdown Tool.exe
2018-07-03 12:12 - 2018-07-03 12:12 - 000000000 ____D C:\123
2018-07-03 12:12 - 2018-07-03 11:52 - 000000000 _____ C:\email.htm
2018-07-03 09:29 - 2018-07-03 09:29 - 000000000 ____D C:\a
2018-06-28 16:56 - 2009-07-13 21:38 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lanesiwamreg_.exe
2018-06-21 19:15 - 2018-06-21 19:15 - 000001799 _____ C:\Windows\SMSAdvancedClient.configmgr1802-client-kb4163547-x64.mif
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 07:48 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\inf
2018-07-17 07:39 - 2016-09-09 11:41 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-17 07:30 - 2016-08-31 11:12 - 000000360 _____ C:\Windows\system32\config\netlogon.ftl
2018-07-17 07:22 - 2017-09-11 09:43 - 000003970 _____ C:\Windows\System32\Tasks\SCCM Client Health
2018-07-17 07:22 - 2017-06-06 12:35 - 000004528 _____ C:\Windows\System32\Tasks\ScheduledUpdates
2018-07-17 03:52 - 2009-07-14 00:45 - 000012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-17 03:52 - 2009-07-14 00:45 - 000012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-16 12:23 - 2016-08-31 11:15 - 000087136 __RSH C:\ProgramData\ntuser.pol
2018-07-15 20:16 - 2009-07-14 01:13 - 000784382 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-15 20:15 - 2016-09-02 08:19 - 000000580 _____ C:\Windows\SMSCFG.ini
2018-07-15 20:10 - 2016-09-09 11:30 - 000000000 ____D C:\ProgramData\Foxit Software
2018-07-15 20:09 - 2009-07-14 01:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-14 08:24 - 2017-07-11 13:52 - 000000000 ____D C:\Users\jblanchard
2018-07-14 08:21 - 2016-09-09 11:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-14 08:21 - 2016-08-31 11:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-13 00:34 - 2017-07-11 13:52 - 000000000 ____D C:\Users\jblanchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RemoteApp and Desktop Connections
2018-07-12 16:55 - 2016-09-02 08:19 - 000000000 ____D C:\Windows\ccmcache
2018-07-12 13:10 - 2017-07-11 13:56 - 000000000 ____D C:\Users\jblanchard\AppData\LocalLow\Mozilla
2018-07-12 13:01 - 2017-07-11 13:52 - 000012258 __RSH C:\Users\jblanchard\ntuser.pol
2018-07-12 11:29 - 2018-04-24 14:45 - 000000000 ____D C:\Users\jblanchard\Desktop\Saturday Event - Floor Signs - Emergency lights
2018-07-12 00:51 - 2016-09-02 08:14 - 000000000 ____D C:\Windows\ccmsetup
2018-07-11 08:00 - 2016-09-02 08:19 - 000000000 ____D C:\Windows\CCM
2018-07-11 07:58 - 2016-09-02 08:20 - 000020567 _____ C:\Windows\system32\InstallUtil.InstallLog
2018-07-11 07:56 - 2016-09-02 08:22 - 000000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
2018-07-06 10:43 - 2016-08-26 08:29 - 133315992 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-06-26 18:11 - 2017-01-19 12:35 - 000002224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-26 18:11 - 2017-01-19 12:35 - 000002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 10:47 - 2009-07-13 23:20 - 000000000 ____D C:\Windows\rescache
2018-06-23 09:59 - 2018-05-29 07:20 - 000000000 ____D C:\Users\KRoney
Some files in TEMP:
====================
2018-07-17 07:41 - 2018-07-10 15:41 - 096317440 _____ (Fortinet Inc.) C:\Users\rpelletier\AppData\Local\Temp\FortiClientSetup_6.0.0_x64.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-17 00:28
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by rpelletier (17-07-2018 07:49:33)
Running from C:\Users\rpelletier\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-08-25 19:03:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2077899806-1534360597-632962526-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2077899806-1534360597-632962526-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Emsisoft Anti-Malware (Disabled - Up to date) {67773CDD-EA83-AD98-A2ED-386463EB3B0D}
AV: System Center Endpoint Protection (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: System Center Endpoint Protection (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Emsisoft Anti-Malware (Disabled - Up to date) {DC16DD39-CCB9-A216-985D-0316186C71B0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Configuration Manager Client (HKLM\...\{B7D3A842-E826-4542-B39B-1D883264B279}) (Version: 5.00.8634.1000 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.0.2.805 - Foxit Software Inc.)
FusionInventory Agent 2.3.18 (x64 edition) (HKLM\...\FusionInventory-Agent) (Version: 2.3.18 - FusionInventory Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Java 8 Update 162 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Java 8 Update 162 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180162F0}) (Version: 8.0.1620.12 - Oracle Corporation)
Microsoft .NET Framework 4.7.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02558 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
OCS Inventory NG Agent 2.3.0.0 (HKLM-x32\...\OCS Inventory NG Agent) (Version: 2.3.0.0 - OCS Inventory NG Team)
Opera Stable 43.0.2442.806 (HKLM-x32\...\Opera 43.0.2442.806) (Version: 43.0.2442.806 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.7.214.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-06-02] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2016-08-05] (Foxit Software Inc.)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-06-02] (Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2015-06-02] (Microsoft Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0095553F-9591-499C-8CA5-BCD88FE82C98} - System32\Tasks\SCCM Client Health => powershell.exe -ExecutionPolicy Bypass -File "\\emsrv-sysctr1.emcc.edu\ConfigMgr\Content\Tools\ConfigMgrClientHealth\ConfigMgrClientHealth.ps1" -Config "\\emsrv-sysctr1.emcc.edu\ConfigMgr\Content\Tools\ConfigMgrClientHealth\Config.xml"
Task: {00C70452-BE02-4CF9-A8FC-DA7809635946} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces2
Task: {0C4F947D-75EA-4B1E-B81C-7D0F4880D285} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2018-02-24] (Microsoft Corporation)
Task: {0E83ED10-52E6-4BAE-900E-D64B421D4E40} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Start Workspace Runtime at logon
Task: {13BE1805-6B59-4209-8308-31EB8D6CCA82} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (at login, if needed) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspacesIfNeeded
Task: {1D9AE8D3-AE65-410E-9C65-907C6EA1420D} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (at login, if needed) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspacesIfNeeded
Task: {1EF4DBD2-69A1-4078-80B2-838C9531723E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {21A4D537-3A93-4572-8B71-AB601E121022} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report update status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify2
Task: {2E9B716B-8952-4751-B369-EBB11422F13C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {2F1965AA-2C80-4C6D-B7D3-C2B4A10C3BA6} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report update status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify2
Task: {37A21FAB-E959-4A7E-9EDF-0F76FCDDA1DB} - System32\Tasks\RecastShutdown1 => C:\Windows\Shutdown Tool.exe [2017-03-28] ()
Task: {410E7835-B2E4-4931-894E-14DEC3E58EC6} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report connection status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify
Task: {4548BFBB-0572-41AA-912E-47910E98184D} - System32\Tasks\FEMS_INSTALLER_0692b297_6b78_4bbc_8cd9_6a60937d5037 => C:\Windows\FortiEMSInstaller\FortiClientSetup_6.0.0_x64.exe [2018-07-11] (Fortinet Inc.)
Task: {4994C0C9-A5E0-47AD-B81D-0DB7E203D481} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (daily) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces
Task: {5A7E9B43-D52B-40E5-A3B0-2E2962864047} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Start Workspace Runtime at logon
Task: {667A4248-04B3-492E-9E3C-0BAA996378CB} - System32\Tasks\RCT_Sch_Shutdown => C:\Windows\Shutdown Tool.exe [2017-03-28] ()
Task: {6E1E8EE7-CC40-49F4-BED8-79F80D6BA282} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (at login, if needed) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspacesIfNeeded
Task: {6FA08318-1142-454D-B97C-A8932305046B} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report connection status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify
Task: {711EA1B9-9E44-4461-AFAD-216939FC6CDC} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Start Workspace Runtime at logon
Task: {71782340-178D-40D8-A969-CE9FA3900D00} - System32\Tasks\ScheduledUpdates => \emcc.edu\home\IT System Resources\Installation Files\Scripts\SCCMUpdates\update.bat <==== ATTENTION
Task: {83664341-450D-4FCF-B3A6-45B5A7BBC524} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report update status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify2
Task: {8766DC90-F4ED-4087-B2B2-C9B6C9E2D9D5} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {8A14C815-58A6-4957-8D53-70326B0E4A41} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report connection status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify
Task: {9DDF0595-8DE3-4474-912C-9518AC5DF447} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces2
Task: {ADD944B3-E8C1-4D9A-9A98-A7B6E5FCB8AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-19] (Google Inc.)
Task: {B64B3428-ED5F-4AD2-825D-A404DB2E3382} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (at login, if needed) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspacesIfNeeded
Task: {BB3048B7-60F5-42A8-B121-975905471994} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (daily) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces
Task: {C8134CA3-5611-457F-A372-AD95BF389FA0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {D1C06169-93C6-4826-88BE-0F1FAEB97A86} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (daily) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces
Task: {E9E10F65-39B1-4A2A-8D38-13186351AB49} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Report connection status => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify
Task: {EA024695-4095-47FA-ADA1-CB37AA82E526} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {FA3A96B0-5DA2-490D-9062-52F650445EC5} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections (daily) => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces
Task: {FC0ECC24-4AC3-434A-8162-EA8D9E4361B2} - System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update\[email protected]\Update connections => %SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces2
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-06-17 13:34 - 2016-06-17 13:34 - 001830912 _____ () C:\Program Files\FusionInventory-Agent\perl\bin\perl522.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000537938 _____ () C:\Program Files\FusionInventory-Agent\perl\bin\libgcc_s_sjlj-1.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 001215603 _____ () C:\Program Files\FusionInventory-Agent\perl\bin\libstdc++-6.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000037888 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\threads\threads.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000024576 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Fcntl\Fcntl.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000102400 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\POSIX\POSIX.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000024576 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Cwd\Cwd.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000019968 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Tie\Hash\NamedCapture\NamedCapture.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000041984 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Encode\Encode.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000050688 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Win32\Win32.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000065024 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32\Daemon\Daemon.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000031232 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\File\Glob\Glob.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000025600 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\IO\IO.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000091648 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Storable\Storable.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000027136 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Digest\MD5\MD5.xs.dll
2016-06-17 13:36 - 2016-06-17 13:36 - 000025088 _____ () C:\Program Files\FusionInventory-Agent\perl\site\lib\auto\Data\Structure\Util\Util.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000053760 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\List\Util\Util.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000032256 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32\API\API.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000039936 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\threads\shared\shared.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000035840 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32\Job\Job.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000171008 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32API\Registry\Registry.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000080896 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32\WinError\WinError.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000043008 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Socket\Socket.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000019456 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\attributes\attributes.xs.dll
2016-06-17 13:37 - 2016-06-17 13:37 - 000124928 _____ () C:\Program Files\FusionInventory-Agent\perl\vendor\lib\auto\Win32\OLE\OLE.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000046080 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Data\Dumper\Dumper.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000114176 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Compress\Raw\Zlib\Zlib.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000015872 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Sys\Hostname\Hostname.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000023552 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\MIME\Base64\Base64.xs.dll
2016-06-17 13:34 - 2016-06-17 13:34 - 000029184 _____ () C:\Program Files\FusionInventory-Agent\perl\lib\auto\Encode\Unicode\Unicode.xs.dll
2017-07-11 07:59 - 2017-07-11 07:59 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-16 08:58 - 2017-07-13 17:12 - 000359856 _____ () \\emsrv-printman2.emcc.edu\PCClient\win\pc-client.exe
2016-04-28 08:39 - 2016-04-28 08:39 - 000068608 _____ () C:\Program Files (x86)\OCS Inventory Agent\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2025429265-2077806209-725345543-69729\Control Panel\Desktop\\Wallpaper -> C:\Users\rpelletier\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.40.1.19 - 10.40.1.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Malwarebytes Anti-Malware => "C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{10C71EA6-032B-4B06-903B-90974B2BBE73}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{287E8FDB-ABFF-4BA6-823F-39A3D9183BB7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{BBB05771-939C-43D3-8ACF-DA51113E9A1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{FD70F14F-31C7-481C-AEF1-1F17FE04FB1D}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{E209052A-EFD2-4317-B69D-C46421A93093}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA921783-83ED-43CA-8075-9F7A77E5C8AE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14A4BCE5-5B36-426A-99EA-E3656070B722}] => (Allow) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
FirewallRules: [{3A06F426-7CBD-40AD-9417-05A2C710CC29}] => (Allow) LPort=62354
FirewallRules: [{D5C2F729-A350-4C05-99AB-21B07D0B8CDE}] => (Allow) LPort=62354
FirewallRules: [{A2FA68EF-DEE4-4F79-AF34-046D18C864CA}] => (Allow) LPort=62354
FirewallRules: [{DCD84742-FA63-4843-807B-B2DC399A7E57}] => (Allow) LPort=62354
FirewallRules: [{CD8B64C2-41B2-4213-9052-8983B55FBA02}] => (Allow) LPort=62354
FirewallRules: [{1AE1898A-AF81-4E47-B94A-F5C63B340087}] => (Allow) LPort=62354
FirewallRules: [{0F546DFA-A201-49C1-9279-0236A961018B}] => (Allow) LPort=62354
FirewallRules: [{1FDB04E9-3E05-49D9-A92E-B9FEC2EC9882}] => (Allow) LPort=62354
FirewallRules: [{B107A965-3392-46CD-8634-293EEB82DABF}] => (Allow) LPort=62354
FirewallRules: [{DEA1BA6F-A898-4DD5-B6B0-ED08049ADBC2}] => (Allow) LPort=62354
FirewallRules: [{11306E64-9B44-484D-816C-D0C0C81AB63A}] => (Allow) LPort=62354
FirewallRules: [{6F0B8C03-9E40-4FED-BD7C-B1B7612D8F96}] => (Allow) LPort=62354
FirewallRules: [{62E32BDF-EB1A-4FDA-A66F-6D20FB69B1B1}] => (Allow) LPort=62354
FirewallRules: [{16B166FD-F1FE-48A0-9FA1-ADDFC0D4EFD3}] => (Allow) LPort=62354
FirewallRules: [{F4E99D7F-EACF-4DD5-9C74-13FC9C9D737D}] => (Allow) LPort=62354
FirewallRules: [{724D3B52-C58B-4B1B-9BEF-68A1000687A3}] => (Allow) LPort=62354
FirewallRules: [{E91B654A-0724-43C6-9DC8-DFFDA0B43B44}] => (Allow) LPort=62354
FirewallRules: [{DDFC16C5-C876-44D6-ABE7-96B2DCAC0BF0}] => (Allow) LPort=62354
FirewallRules: [{8799B2C7-7E6A-4C91-97EC-A162103546E0}] => (Allow) LPort=62354
FirewallRules: [{C9BB4422-B856-4CB5-969A-A4B9D43D2042}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D740AE36-A1EE-43AF-A9E2-75BE8853D6F9}] => (Allow) LPort=62354
FirewallRules: [{4B9ED025-42DD-4688-BC53-24E1DA9F2596}] => (Allow) LPort=62354
FirewallRules: [{F1ECA0EB-35AE-4710-86B2-B549C6FEC8AC}] => (Allow) LPort=62354
FirewallRules: [{D2013677-5C32-4BC0-BE57-2D42319442B5}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{DEE731F5-FAFC-4B43-B758-90AACF86DAA3}] => (Allow) LPort=62354
FirewallRules: [{B5BCBE92-BFBD-40E3-850A-978E2CE24D25}] => (Allow) LPort=62354
FirewallRules: [{F10C1329-AED4-4599-B6CC-4D74566ED052}] => (Allow) LPort=62354
FirewallRules: [{9CD425D3-3B3B-4630-AE1A-215D015B64E8}] => (Allow) LPort=62354
==================== Restore Points =========================
04-06-2018 00:00:03 Scheduled Checkpoint
12-06-2018 00:00:02 Scheduled Checkpoint
14-06-2018 18:50:09 Windows Update
23-06-2018 10:47:16 Scheduled Checkpoint
01-07-2018 20:27:29 Scheduled Checkpoint
09-07-2018 00:00:07 Scheduled Checkpoint
17-07-2018 00:00:06 Scheduled Checkpoint
17-07-2018 07:41:54 Installed FortiClient
==================== Faulty Device Manager Devices =============
Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2018 07:49:54 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:48:53 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:47:52 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:46:51 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:45:51 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:44:49 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:43:48 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
Error: (07/17/2018 07:42:47 AM) (Source: OCS Inventory Service) (EventID: 20) (User: )
Description: Service encounter error <Failed to load/parse last inventory state>.
System errors:
=============
Error: (07/16/2018 06:16:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 204065EE service to connect.
Error: (07/16/2018 05:34:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 204065EE service to connect.
Error: (07/16/2018 11:12:35 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
Error: (07/15/2018 08:40:21 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{7468B777-AE58-4754-82A7-D1C7280BC251}.
The backup browser is stopping.
Error: (07/15/2018 08:07:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FusionInventory Agent service terminated unexpectedly. It has done this 1 time(s).
Error: (07/14/2018 11:56:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the stylespack service to connect.
Error: (07/14/2018 10:20:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the stylespack service to connect.
Error: (07/14/2018 10:19:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 204065EE service to connect.
Windows Defender:
===================================
Date: 2016-09-09 15:33:15.526
Description:
Windows Defender has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version:
Update Source:User
Signature Type:
Update Type:
Current Engine Version:
Previous Engine Version:1.1.13000.0
Error code:0x8050a003
Error description:This package does not contain up-to-date definition files for this program. For more information, see Help and Support.
CodeIntegrity:
===================================
Date: 2018-07-17 07:31:42.703
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-12 14:07:49.687
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-12 13:03:11.122
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-12 11:31:59.945
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-12 11:20:51.245
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-11 09:07:04.696
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-10 08:48:47.299
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
Date: 2018-07-10 07:46:09.237
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: AMD Athlon™ Dual Core Processor 5400B
Percentage of memory in use: 69%
Total physical RAM: 1918.33 MB
Available physical RAM: 586.24 MB
Total Virtual: 7978.33 MB
Available Virtual: 6393.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.79 GB) (Free:179.28 GB) NTFS
\\?\Volume{8d975622-6b06-11e6-ba98-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: A240A240)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Sign In
Create Account
