Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017 Ran by Deann (25-05-2017 14:23:57) Running from C:\Users\Deann\Desktop Windows 7 Professional Service Pack 1 (X64) (2015-08-18 14:09:20) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-775206907-1226859653-549646819-500 - Administrator - Disabled) Deann (S-1-5-21-775206907-1226859653-549646819-1000 - Administrator - Enabled) => C:\Users\Deann Guest (S-1-5-21-775206907-1226859653-549646819-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-775206907-1226859653-549646819-1003 - Limited - Enabled) UpdatusUser (S-1-5-21-775206907-1226859653-549646819-1001 - Limited - Enabled) => C:\Users\TEMP ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (HKLM-x32\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated) Brother MFL-Pro Suite MFC-9330CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.) CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7967.2161 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-775206907-1226859653-549646819-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA Graphics Driver 309.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 309.08 - NVIDIA Corporation) NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden QuickBooks (x32 Version: 25.0.4013.2506 - Intuit Inc.) Hidden QuickBooks Premier: Contractor Edition 2015 (HKLM-x32\...\{AAE6D96A-EA2A-4F49-B86F-C1657731BB58}) (Version: 25.0.4013.2506 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.) VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-775206907-1226859653-549646819-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Deann\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64\FileCoAuthLib64.dll (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2F8C2947-C4E5-408D-8F47-D5B5AC3B9C7B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated) Task: {3A73938A-96BD-4530-96B8-8DE842D34CCD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation) Task: {59D2FDC7-AC05-4C6B-8513-0EB96234BB97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.) Task: {7636BE9E-DCCE-4240-B6FA-7D80A3D9530C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-18] (Google Inc.) Task: {B3A25ED0-A6DE-4959-BAE5-8851A12A4A61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-18] (Adobe Systems Incorporated) Task: {CB84108F-A2A5-4D91-9E08-F27E67C94BA4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation) Task: {E9CA45BD-F670-462E-93CB-889901F5ED4C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-12] (Microsoft Corporation) Task: {EE39AF0B-E073-4109-AC88-B53DCCA507A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-08-30 10:42 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2015-08-18 10:29 - 2015-01-30 20:57 - 00086160 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-19 09:19 - 2017-05-12 03:18 - 08931008 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2017-05-17 14:18 - 2017-05-09 05:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll 2017-05-17 14:18 - 2017-05-09 05:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll 2016-02-24 16:53 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-775206907-1226859653-549646819-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.29.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup MSCONFIG\startupreg: OneDrive => "C:\Users\Deann\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{CAA3A175-57CB-461C-8DAE-592198C4AE94}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{FD4385BA-377D-4809-8D1A-29C604065E96}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{41247000-4A9A-4DDC-A5D7-F5BEC1984585}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2C99A5E5-488E-46EB-8EA9-599BC49E03CA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{84AAA343-F7CB-402B-B372-6F70267962C7}] => (Allow) C:\Users\Deann\AppData\Local\Microsoft\OneDrive\OneDrive.exe FirewallRules: [{06CB1185-1AD2-4AC8-BC41-2B41FE142945}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3177076B-AD28-4EF4-888C-7187241F1F0C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2F5C2F3B-8E26-4B06-8548-07B4FEC6EC7E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe FirewallRules: [{B5E692C2-500D-4BCF-9A16-4E8ABE166F8E}] => (Allow) C:\Program Files (x86)\Brother\Brmfl12d\FAXRX.exe FirewallRules: [{CF5E21E9-9513-4A12-9310-E1BCDAB6BB42}] => (Allow) LPort=54925 FirewallRules: [{7D17820A-E3B3-424E-9BC9-83C6D50E51D5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{C2593D94-FEE2-48E0-914E-60BBAA47EF85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 25-05-2017 10:38:11 Windows Update 25-05-2017 13:25:47 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (05/25/2017 01:25:47 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-775206907-1226859653-549646819-1001.bak). hr = 0x80070539, The security ID structure is invalid. . Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {90883df6-e665-469c-b5e3-df9ca78660ad} Error: (05/25/2017 12:32:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Deann-PC) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (05/25/2017 12:32:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Deann-PC) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (05/25/2017 12:24:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Deann-PC) Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (05/25/2017 12:24:16 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Deann-PC) Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (05/25/2017 09:31:46 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {60A9D51C-9BD2-465F-8145-0DC5324BC112} Error: (05/25/2017 09:31:46 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {60A9D51C-9BD2-465F-8145-0DC5324BC112} System errors: ============= Error: (05/25/2017 12:28:10 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control. CodeIntegrity: =================================== Date: 2016-08-30 14:44:07.757 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-30 14:44:07.523 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-29 08:12:30.960 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-29 08:12:30.726 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-28 12:50:17.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-28 12:50:17.710 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-15 11:08:10.320 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-15 11:08:10.258 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 08:51:13.538 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswKbd.sys because the set of per-page image hashes could not be found on the system. Date: 2016-08-10 08:51:13.460 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\aswSnx.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) D CPU 2.80GHz Percentage of memory in use: 34% Total physical RAM: 4029.92 MB Available physical RAM: 2632.48 MB Total Virtual: 8058.02 MB Available Virtual: 6040.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.91 GB) (Free:92.02 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E686F016) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=148.9 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================