Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WordDocument W97m/downloader.aiw


  • This topic is locked This topic is locked
41 replies to this topic

#1 worryd

worryd

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 22 February 2016 - 02:02 PM

File deleted-WordDocument

W97m/DOWNLOADER.aiw

C;/Windows/TEMP/tmp000043f7/tmp00000...

 

This is the info from McAfee Security As A Service when it detects and deletes this file many times a day, although the file name in bold is different every time.  I spent over an hour on the phone with McAfee support, but they have no idea what is creating the file, could not delete it without it recreating itself, and suggested that I restore the computer.  It does not seem to be causing any other problems, but it is annoying (the log shows that it was deleted 976 times one month) and I thought maybe someone here could help me.  

 

The first detection was on 6/23/15 and I do not see any programs that were installed between 6/2 and 7/6/15.  The McAfee log does show a detection on 6/30/15 of Artemis 36268DBEB009, with successful removal.  Other than that the log only shows the W97m file deletions.since then.

 

I'm running Windows7 Home Premium, SP1. With the help of someone in the Window 7 forum, I ran

CCleaner, Malwarebytes Anti-Malware

 , AdwCleaner, Junkware Removal Tool and ESet Online Scan,.  All of the logs from these scans are at this link: http://www.bleepingcomputer.com/forums/t/605987/worddocument-w97mdownloaderaiw/ 

This morning I ran FRST and the FRST.txt file follows:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Michelle (administrator) on MICHELLE-HP (22-02-2016 12:19:23)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle & McAfeeMVSUser (Available Profiles: Michelle & McAfeeMVSUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
( ) C:\Windows\System32\dldocoms.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(MKS Informatique) C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9235928 2016-01-27] (Emsisoft Ltd)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9235928 2016-01-27] (Emsisoft Ltd)
HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [31848 2014-12-02] ()
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [WorkForce 840(Network) (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk [2011-01-21]
ShortcutTarget: 20-20 Shortcut Bar.lnk -> C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe (MKS Informatique)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-07-24]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-04-15]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-11-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-11-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0138F14-8354-4165-A9A9-D4B48B69972D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} file:///C:/ProgramData/20-20%20Technologies/VSat/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://ftp.am.joneslanglasalle.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-03-03] (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2015-11-10] (Intuit, Inc.)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\4o3zcxt3.default-1416925051654
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll [2014-03-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824471614-4100467613-4293871112-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-3824471614-4100467613-4293871112-1008: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2010-11-06] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj [2015-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [10963864 2016-01-27] (Emsisoft Ltd)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 dldo_device; C:\Windows\system32\dldocoms.exe [1044136 2007-09-24] ( )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [161128 2014-03-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2013-12-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2013-12-17] (McAfee, Inc.)
R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [296400 2014-04-25] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-10] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-26] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [124080 2010-11-07] (Emsisoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-17] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-17] (McAfee, Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 12:19 - 2016-02-22 12:19 - 00028491 _____ C:\Users\Michelle\Downloads\FRST.txt
2016-02-22 12:18 - 2016-02-22 12:19 - 00000000 ____D C:\FRST
2016-02-22 12:17 - 2016-02-22 12:17 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2016-02-22 10:02 - 2016-02-22 10:04 - 00000000 ____D C:\Computer logs
2016-02-21 22:11 - 2016-02-21 22:11 - 00002049 _____ C:\Users\Michelle\Desktop\Computer Cleanup - Shortcut.lnk
2016-02-21 22:10 - 2016-02-21 22:11 - 00000000 ____D C:\Users\Michelle\Documents\Computer Cleanup
2016-02-21 21:54 - 2016-02-21 21:54 - 00000000 ____H C:\ProgramData\cm-lock
2016-02-21 21:17 - 2016-02-21 21:17 - 00000000 ____D C:\Users\Michelle\AppData\Local\HuluDesktop
2016-02-21 16:14 - 2016-02-21 16:16 - 00000000 ____D C:\Users\Michelle\Documents\Computer
2016-02-21 08:32 - 2016-02-21 08:32 - 02870984 _____ (ESET) C:\Users\Michelle\Downloads\esetsmartinstaller_enu.exe
2016-02-21 08:18 - 2016-02-21 08:18 - 01609216 _____ (Malwarebytes) C:\Users\Michelle\Downloads\JRT.exe
2016-02-21 07:44 - 2016-02-21 08:06 - 00000000 ____D C:\AdwCleaner
2016-02-21 07:44 - 2016-02-21 07:44 - 01511424 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe
2016-02-20 10:59 - 2016-02-20 11:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00002086 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-19 21:08 - 2016-02-19 21:08 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-19 21:08 - 2016-02-19 21:08 - 00000000 ____D C:\Program Files\CCleaner
2016-02-19 21:07 - 2016-02-19 21:07 - 05565384 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup512_slim.exe
2016-02-19 20:05 - 2016-02-22 11:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 19:47 - 2016-02-19 19:47 - 00001145 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-11 12:09 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 12:09 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 12:09 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 12:09 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 12:09 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 12:09 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 12:09 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 12:09 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-01 13:39 - 2016-02-01 13:39 - 00770636 _____ C:\Users\Michelle\Documents\img058.pdf
2016-02-01 13:30 - 2016-02-01 13:30 - 05919809 _____ C:\Users\Michelle\Downloads\ADA Cabinets - Vanity.zip
2016-02-01 13:30 - 2016-02-01 13:30 - 00000000 ____D C:\Users\Michelle\Downloads\ADA Cabinets - Vanity
2016-02-01 12:31 - 2016-02-01 12:31 - 00768688 _____ C:\Users\Michelle\Documents\img057.pdf
2016-02-01 12:15 - 2016-02-01 12:15 - 00944177 _____ C:\Users\Michelle\Documents\img056.pdf
2016-02-01 11:44 - 2016-02-01 11:44 - 00397651 _____ C:\Users\Michelle\Documents\img055.pdf
2016-02-01 11:36 - 2016-02-01 11:36 - 01262286 _____ C:\Users\Michelle\Documents\img054.pdf
2016-02-01 11:10 - 2016-02-01 11:10 - 00128795 _____ C:\Users\Michelle\Documents\WebAdvisor.pdf
2016-02-01 10:50 - 2016-02-01 10:50 - 01947850 _____ C:\Users\Michelle\Documents\img053.pdf
2016-02-01 10:11 - 2016-02-01 10:11 - 01089626 _____ C:\Users\Michelle\Documents\img052.pdf
2016-02-01 09:49 - 2016-02-01 09:49 - 00497418 _____ C:\Users\Michelle\Documents\img051.pdf
2016-01-29 14:43 - 2016-01-29 14:43 - 00659267 _____ C:\Users\Michelle\Documents\img050.pdf
2016-01-29 14:33 - 2016-01-29 14:33 - 00013029 _____ C:\Users\Michelle\Documents\items sold 2015.xlsx
2016-01-29 12:43 - 2016-01-29 12:43 - 01233260 _____ C:\Users\Michelle\Documents\img049.pdf
2016-01-29 12:13 - 2016-01-29 12:13 - 00026003 _____ C:\Users\Michelle\Documents\paypal 2015 final.xlsx
2016-01-29 12:06 - 2016-01-29 12:06 - 00791131 _____ C:\Users\Michelle\Documents\img048.pdf
2016-01-29 08:52 - 2016-01-29 08:52 - 00502635 _____ C:\Users\Michelle\Documents\img047.pdf
2016-01-28 14:15 - 2016-01-28 14:15 - 00707659 _____ C:\Users\Michelle\Documents\img046.pdf
2016-01-28 13:40 - 2016-01-29 10:24 - 00025598 _____ C:\Users\Michelle\Documents\paypal 2.xlsx
2016-01-28 13:40 - 2016-01-29 10:23 - 00025622 _____ C:\Users\Michelle\Documents\paypal 2015.xlsx
2016-01-28 09:59 - 2016-01-28 09:59 - 00764045 _____ C:\Users\Michelle\Documents\img045.pdf
2016-01-27 14:30 - 2016-01-27 14:30 - 00352956 _____ C:\Users\Michelle\Documents\img044.pdf
2016-01-27 13:16 - 2016-01-27 13:16 - 00404791 _____ C:\Users\Michelle\Documents\img043.pdf
2016-01-27 12:57 - 2016-01-27 12:57 - 00289279 _____ C:\Users\Michelle\Documents\img042.pdf
2016-01-27 12:35 - 2016-01-27 12:35 - 02126525 _____ C:\Users\Michelle\Documents\img041.pdf
2016-01-27 09:59 - 2016-01-27 09:59 - 00465628 _____ C:\Users\Michelle\Documents\img040.pdf
2016-01-27 09:43 - 2016-01-27 09:43 - 02558743 _____ C:\Users\Michelle\Documents\img039.pdf
2016-01-26 16:02 - 2016-01-26 16:02 - 00018242 _____ C:\Users\Michelle\Documents\paypal 2.csv
2016-01-26 14:26 - 2016-01-28 13:09 - 00020185 _____ C:\Users\Michelle\Documents\paypal 2015.csv
2016-01-26 10:51 - 2016-01-26 10:51 - 00758177 _____ C:\Users\Michelle\Documents\img038.pdf
2016-01-26 08:14 - 2016-01-26 08:14 - 00019422 _____ C:\Users\Michelle\Downloads\Statement_201501.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00036746 _____ C:\Users\Michelle\Downloads\Statement_201505.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00019623 _____ C:\Users\Michelle\Downloads\Statement_201504.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00018707 _____ C:\Users\Michelle\Downloads\Statement_201502.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00018233 _____ C:\Users\Michelle\Downloads\Statement_201503.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00046016 _____ C:\Users\Michelle\Downloads\Statement_201509.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00037612 _____ C:\Users\Michelle\Downloads\Statement_201508.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00037266 _____ C:\Users\Michelle\Downloads\Statement_201506.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00028474 _____ C:\Users\Michelle\Downloads\Statement_201507.pdf
2016-01-26 08:09 - 2016-01-26 08:09 - 00046183 _____ C:\Users\Michelle\Downloads\Statement_201510.pdf
2016-01-26 08:08 - 2016-01-26 08:08 - 00037912 _____ C:\Users\Michelle\Downloads\Statement_201512.pdf
2016-01-26 08:08 - 2016-01-26 08:08 - 00037798 _____ C:\Users\Michelle\Downloads\Statement_201511.pdf
2016-01-26 08:06 - 2016-01-26 12:05 - 00015852 _____ C:\Users\Michelle\Downloads\paypal 2015.csv
2016-01-26 08:05 - 2016-01-26 08:05 - 00070641 _____ C:\Users\Michelle\Downloads\1099K_Reconciliation_2015_1453611846.csv
2016-01-26 08:03 - 2016-01-26 08:03 - 00554929 _____ C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-22 12:08 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-22 12:08 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-22 11:33 - 2014-12-10 07:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-02-22 05:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-02-21 21:59 - 2009-07-14 00:13 - 00849900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-21 21:59 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-21 21:54 - 2011-01-19 15:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-02-21 21:53 - 2015-05-13 13:39 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMichelle.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files\Google
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 21:53 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-21 21:42 - 2012-05-10 11:28 - 00003282 _____ C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}
2016-02-21 21:40 - 2013-04-25 11:20 - 00003146 _____ C:\Windows\System32\Tasks\{CE608856-3A9F-4469-B7F6-74FF7F426B40}
2016-02-21 21:40 - 2013-04-25 11:08 - 00002956 _____ C:\Windows\System32\Tasks\{F671F84A-72FB-4D2C-9583-4AD300920CAA}
2016-02-21 21:40 - 2013-04-25 10:31 - 00003148 _____ C:\Windows\System32\Tasks\{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76}
2016-02-21 21:40 - 2012-05-10 11:17 - 00003284 _____ C:\Windows\System32\Tasks\{CFE95831-11FD-48FD-8BA3-3C777AA5B42B}
2016-02-21 21:40 - 2011-01-21 12:10 - 00003162 _____ C:\Windows\System32\Tasks\{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C}
2016-02-21 21:39 - 2012-05-10 11:33 - 00003282 _____ C:\Windows\System32\Tasks\{8347D02E-7801-4B9C-9C51-309639054E11}
2016-02-21 21:39 - 2012-05-10 11:11 - 00003284 _____ C:\Windows\System32\Tasks\{63C8F793-562B-4F75-AB2D-F25B2C8A75A7}
2016-02-21 21:39 - 2011-01-21 14:00 - 00003322 _____ C:\Windows\System32\Tasks\{7C31838D-6D11-47E6-916F-125C5D4A99AC}
2016-02-21 21:38 - 2013-04-25 11:33 - 00003148 _____ C:\Windows\System32\Tasks\{5A94FC6E-9971-468E-8D4B-018A146F56FB}
2016-02-21 21:38 - 2013-01-15 13:10 - 00003100 _____ C:\Windows\System32\Tasks\{5682D37F-6DED-41E8-8B09-959C5933A560}
2016-02-21 21:38 - 2012-05-10 11:22 - 00003284 _____ C:\Windows\System32\Tasks\{4C3AD55B-DDD2-4EEE-B070-094055060F2E}
2016-02-21 21:37 - 2015-05-13 13:39 - 00003206 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichelle
2016-02-21 21:37 - 2011-03-01 08:06 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-21 21:37 - 2011-03-01 08:06 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-21 21:37 - 2011-01-19 12:30 - 00003418 _____ C:\Windows\System32\Tasks\ServicePlan
2016-02-21 21:27 - 2011-01-12 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-21 21:26 - 2014-03-28 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 21:22 - 2013-01-15 13:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-02-21 21:17 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-21 21:14 - 2011-01-12 11:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\Users\Michelle\AppData\Local\Google
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\ProgramData\Google
2016-02-20 11:00 - 2015-04-14 11:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-20 10:58 - 2011-01-21 15:07 - 00000000 ____D C:\ProgramData\Adobe
2016-02-19 21:30 - 2009-07-24 14:22 - 00000000 ____D C:\Windows\Panther
2016-02-19 20:37 - 2014-06-26 11:49 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-02-19 20:27 - 2013-01-16 11:48 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:27 - 2013-01-16 11:48 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-19 19:19 - 2011-01-19 14:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\ElevatedDiagnostics
2016-02-18 11:10 - 2011-01-19 12:22 - 00000000 ____D C:\Users\Michelle
2016-02-17 14:31 - 2011-01-12 11:07 - 00000000 ____D C:\ProgramData\PDFC
2016-02-01 15:30 - 2013-01-10 10:52 - 00000000 ____D C:\Users\Michelle\Documents\2020 Files

==================== Files in the root of some directories =======

2013-02-25 14:26 - 2013-02-25 14:28 - 0004987 _____ () C:\Users\Michelle\AppData\Roaming\FileDiagTool.log
2013-07-29 11:21 - 2013-07-29 11:32 - 0002331 _____ () C:\Users\Michelle\AppData\Roaming\FileDrTool.log
2013-07-31 12:59 - 2013-07-31 12:59 - 0004096 ____H () C:\Users\Michelle\AppData\Local\keyfile3.drm
2016-02-21 21:54 - 2016-02-21 21:54 - 0000000 ____H () C:\ProgramData\cm-lock
2013-02-28 12:02 - 2012-07-16 17:28 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2013-02-28 12:02 - 2012-08-13 14:22 - 0004376 ____R () C:\ProgramData\P1100OS.HTM
2013-02-28 12:02 - 2012-07-16 17:28 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF

Files to move or delete:
====================
C:\Users\Michelle\en_res.dll
C:\Users\Michelle\es_res.dll
C:\Users\Michelle\fr_res.dll
C:\Users\Michelle\grm_res.dll
C:\Users\Michelle\it_res.dll
C:\Users\Michelle\jp_res.dll
C:\Users\Michelle\mfc80u.dll
C:\Users\Michelle\msvcr80.dll
C:\Users\Michelle\PCPE Setup.exe
C:\Users\Michelle\pt_res.dll
C:\Users\Michelle\ResourceReader.dll
C:\Users\Michelle\ru_res.dll
C:\Users\Michelle\upd-PCL5-X64-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X32-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X64-5_2_0_8874.exe
C:\Users\Michelle\zh_res.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-19 22:16

==================== End of FRST.txt ============================

Addition.txt is attached

Attached File  Addition.txt   56.61KB   8 downloads

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 22 February 2016 - 10:59 PM

Hello worryd,

My name is Ray and I'll be assisting you with your issue. Please give me about a day to review your logs and prepare a reply. Since I'm still a trainee, all my posts have to be reviewed by my instructor prior to being posted to make sure that you receive the best assistance possible.

Thank you for your understanding, I'll be with you shortly!

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#3 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 24 February 2016 - 07:25 PM

Hello again worryd, and welcome to Bleeping Computer.
 

Let's Work Together

  • Please do not attach any log files to your replies unless specifically requested. Instead, please copy and paste the entire text of the logs without any changes into the body of your reply. Use separate posts if that's easier for you.
  • Please give complete descriptions of any unusual symptoms including verbatim copies of all error messages and codes.
  • Please do not try to fix anything without being asked.
  • It may be helpful for you to print my instructions for easy reference.
  • Any fixes I provide are for this specific problem on this machine only.
  • Removing malware is hazardous. I will not knowingly advise actions that will damage your computer, but it is impossible to guarantee the safety of your system. It may even become necessary to re-format and re-install your operating system. Before we proceed, you should back up all your data -- preferably to a different computer or to off-line storage.

Multiple anti-virus products running

I notice that you are simultaneously running McAfee® Security-as-a-Service and Emsisoft Anti-Malware. It is likely for these products to conflict. Please disable one of them.


Unrecognized Files and folders

Do you recognize the following files? Please let me know which ones you want to keep (if any) and which to delete.
C:\Users\Michelle\Documents\img058.pdf
C:\Users\Michelle\Documents\img057.pdf
C:\Users\Michelle\Documents\img056.pdf
C:\Users\Michelle\Documents\img055.pdf
C:\Users\Michelle\Documents\img054.pdf
C:\Users\Michelle\Documents\img053.pdf
C:\Users\Michelle\Documents\img052.pdf
C:\Users\Michelle\Documents\img051.pdf
C:\Users\Michelle\Documents\img050.pdf
C:\Users\Michelle\Documents\img049.pdf
C:\Users\Michelle\Documents\img048.pdf
C:\Users\Michelle\Documents\img047.pdf
C:\Users\Michelle\Documents\img046.pdf
C:\Users\Michelle\Documents\img045.pdf
C:\Users\Michelle\Documents\img044.pdf
C:\Users\Michelle\Documents\img043.pdf
C:\Users\Michelle\Documents\img042.pdf
C:\Users\Michelle\Documents\img041.pdf
C:\Users\Michelle\Documents\img040.pdf
C:\Users\Michelle\Documents\img039.pdf
C:\Users\Michelle\Documents\img038.pdf
C:\Users\Michelle\Downloads\Statement_201501.pdf
C:\Users\Michelle\Downloads\Statement_201505.pdf
C:\Users\Michelle\Downloads\Statement_201504.pdf
C:\Users\Michelle\Downloads\Statement_201502.pdf
C:\Users\Michelle\Downloads\Statement_201503.pdf
C:\Users\Michelle\Downloads\Statement_201509.pdf
C:\Users\Michelle\Downloads\Statement_201508.pdf
C:\Users\Michelle\Downloads\Statement_201506.pdf
C:\Users\Michelle\Downloads\Statement_201507.pdf
C:\Users\Michelle\Downloads\Statement_201510.pdf
C:\Users\Michelle\Downloads\Statement_201512.pdf
C:\Users\Michelle\Downloads\Statement_201511.pdf
C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf


Search for copies of a misplaced file

P1100DEF.css is included in the driver file for the HP LaserJet P1100 series. It should not reside in the C:\ProgramData\ directory. Are you still using the HP LaserJet P1100 printer? If so, please rerun FRST64.exe in Search mode to find other copies of P1100DEF.css. If you have already deleted the FRST tool, get a fresh copy from Farbar Recovery Scan Tool.

  • Launch FRST64.exe.
  • Copy the P1100DEF.css file name and paste it into the Search window of the Farbar Recovery Scan Tool.
  • Click Search Files.
  • Allow the tool enough time to do a complete search.
  • FRST will open an instance of Notepad containing the search results. This file named Search.txt can also be found in the same directory as the FRST64.exe tool.
  • Copy and paste the search results into your next reply.

 

 

 

Let's Clean Some Unneeded Entries From Your PC

If you have already deleted the FRST tool, get a fresh copy from Farbar Recovery Scan Tool.

  • Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
  • Type Notepad into the Run box and click OK.
  • Please copy the entire contents of the code box below into a new file.
EmptyTemp:

(MKS Informatique) C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk [2011-01-21]
ShortcutTarget: 20-20 Shortcut Bar.lnk -> C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe (MKS Informatique)
2016-02-21 21:54 - 2016-02-21 21:54 - 00000000 ____H C:\ProgramData\cm-lock
2016-02-21 21:42 - 2012-05-10 11:28 - 00003282 _____ C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}
2016-02-21 21:42 - 2012-05-10 11:28 - 00003282 _____ C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}
2016-02-21 21:40 - 2013-04-25 11:20 - 00003146 _____ C:\Windows\System32\Tasks\{CE608856-3A9F-4469-B7F6-74FF7F426B40}
2016-02-21 21:40 - 2013-04-25 11:08 - 00002956 _____ C:\Windows\System32\Tasks\{F671F84A-72FB-4D2C-9583-4AD300920CAA}
2016-02-21 21:40 - 2013-04-25 10:31 - 00003148 _____ C:\Windows\System32\Tasks\{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76}
2016-02-21 21:40 - 2012-05-10 11:17 - 00003284 _____ C:\Windows\System32\Tasks\{CFE95831-11FD-48FD-8BA3-3C777AA5B42B}
2016-02-21 21:40 - 2011-01-21 12:10 - 00003162 _____ C:\Windows\System32\Tasks\{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C}
2016-02-21 21:39 - 2012-05-10 11:33 - 00003282 _____ C:\Windows\System32\Tasks\{8347D02E-7801-4B9C-9C51-309639054E11}
2016-02-21 21:39 - 2012-05-10 11:11 - 00003284 _____ C:\Windows\System32\Tasks\{63C8F793-562B-4F75-AB2D-F25B2C8A75A7}
2016-02-21 21:39 - 2011-01-21 14:00 - 00003322 _____ C:\Windows\System32\Tasks\{7C31838D-6D11-47E6-916F-125C5D4A99AC}
2016-02-21 21:38 - 2013-04-25 11:33 - 00003148 _____ C:\Windows\System32\Tasks\{5A94FC6E-9971-468E-8D4B-018A146F56FB}
2016-02-21 21:38 - 2013-01-15 13:10 - 00003100 _____ C:\Windows\System32\Tasks\{5682D37F-6DED-41E8-8B09-959C5933A560}
2016-02-21 21:38 - 2012-05-10 11:22 - 00003284 _____ C:\Windows\System32\Tasks\{4C3AD55B-DDD2-4EEE-B070-094055060F2E}
AlternateDataStreams: C:\Windows:CM_869b1a1a87109aec4a93c5ce1e6e47e86ec6bce78e5558267a0fa9474ed379e3
AlternateDataStreams: C:\Windows:CM_8befd2116ed3ae5b76a72f986d48e27ea3d67e1bd92e83d0657f6afcda475cd0
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
  • Save the file as fixlist.txt into the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted.
  • Run FRST64.exe and click Fix only once and wait until the program completes execution.
  • Restart the computer normally to reset the registry.
  • The tool will create a log (Fixlog.txt). Please post it into your reply.

 

 

Re-scan using Farbar Recovery Scan Tool

Launch FRST64.exe again and checkmark all the boxes in the Whitelist section and both the List BCD and the Addition.txt boxes in the Optional Scan section then click Scan. Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your reply.


In your next reply...

  • Please tell me whether you have backed up all your important data.
  • Please tell me which AV product you will retain. Is it McAfee® Security-as-a-Service or Emsisoft Anti-Malware?
  • Please tell me which of the files I listed you want to keep.
  • Are you still using the HP LaserJet P1100 printer? If so, copy and paste the contents of the Search.txt file into the body of your message.
  • Please copy and paste the entire contents of the Fixlog.txt file into the body of your post.
  • Copy and paste the entire contents of both the FRST.txt file and the Addition.txt file into the body of your reply.
  • Re-read your message before sending it. Avoid ambiguity.

Tell me how your PC is running now.

Thank you,

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#4 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 February 2016 - 08:55 PM

OK- I disabled  McAfee® Security-as-a-Service for now.  None of the .pdf files listed are important -- they were produced by the Epson scanner and have been backed up.  Yes, I still use the HP Laser Jet so I will run FRST and post the log.

Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Michelle (2016-02-24 20:46:26)
Running from C:\Users\Michelle\Downloads
Boot Mode: Normal
 
================== Search Files: "P1100DEF.css" =============
 
C:\Windows\System32\DriverStore\FileRepository\hp1100.inf_amd64_neutral_f43d2a2230927b9d\P1100DEF.CSS
[2013-02-23 11:00][2012-07-16 17:28] 0024772 ____A () 80BBC3D49F42FB6B80D69F32894DAB78 [File is digitally signed]
 
C:\ProgramData\P1100DEF.css
[2013-02-28 12:02][2012-07-16 17:28] 0024772 ____A () 80BBC3D49F42FB6B80D69F32894DAB78 [File is digitally signed]
 
C:\Program Files\hp\HP LaserJet P1100 Series\P1100DEF.CSS
[2013-02-23 11:03][2012-07-16 17:28] 0024772 ____A () 80BBC3D49F42FB6B80D69F32894DAB78 [File is digitally signed]
 
====== End of Search ======


#5 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 February 2016 - 09:12 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Michelle (2016-02-24 20:59:09) Run:1
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle & McAfeeMVSUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
EmptyTemp:
 
(MKS Informatique) C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk [2011-01-21]
ShortcutTarget: 20-20 Shortcut Bar.lnk -> C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe (MKS Informatique)
2016-02-21 21:54 - 2016-02-21 21:54 - 00000000 ____H C:\ProgramData\cm-lock
2016-02-21 21:42 - 2012-05-10 11:28 - 00003282 _____ C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}
2016-02-21 21:42 - 2012-05-10 11:28 - 00003282 _____ C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}
2016-02-21 21:40 - 2013-04-25 11:20 - 00003146 _____ C:\Windows\System32\Tasks\{CE608856-3A9F-4469-B7F6-74FF7F426B40}
2016-02-21 21:40 - 2013-04-25 11:08 - 00002956 _____ C:\Windows\System32\Tasks\{F671F84A-72FB-4D2C-9583-4AD300920CAA}
2016-02-21 21:40 - 2013-04-25 10:31 - 00003148 _____ C:\Windows\System32\Tasks\{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76}
2016-02-21 21:40 - 2012-05-10 11:17 - 00003284 _____ C:\Windows\System32\Tasks\{CFE95831-11FD-48FD-8BA3-3C777AA5B42B}
2016-02-21 21:40 - 2011-01-21 12:10 - 00003162 _____ C:\Windows\System32\Tasks\{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C}
2016-02-21 21:39 - 2012-05-10 11:33 - 00003282 _____ C:\Windows\System32\Tasks\{8347D02E-7801-4B9C-9C51-309639054E11}
2016-02-21 21:39 - 2012-05-10 11:11 - 00003284 _____ C:\Windows\System32\Tasks\{63C8F793-562B-4F75-AB2D-F25B2C8A75A7}
2016-02-21 21:39 - 2011-01-21 14:00 - 00003322 _____ C:\Windows\System32\Tasks\{7C31838D-6D11-47E6-916F-125C5D4A99AC}
2016-02-21 21:38 - 2013-04-25 11:33 - 00003148 _____ C:\Windows\System32\Tasks\{5A94FC6E-9971-468E-8D4B-018A146F56FB}
2016-02-21 21:38 - 2013-01-15 13:10 - 00003100 _____ C:\Windows\System32\Tasks\{5682D37F-6DED-41E8-8B09-959C5933A560}
2016-02-21 21:38 - 2012-05-10 11:22 - 00003284 _____ C:\Windows\System32\Tasks\{4C3AD55B-DDD2-4EEE-B070-094055060F2E}
AlternateDataStreams: C:\Windows:CM_869b1a1a87109aec4a93c5ce1e6e47e86ec6bce78e5558267a0fa9474ed379e3
AlternateDataStreams: C:\Windows:CM_8befd2116ed3ae5b76a72f986d48e27ea3d67e1bd92e83d0657f6afcda475cd0
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
*****************
 
[3500] C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe => process closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\20-20 Shortcut Bar.lnk => moved successfully
C:\Program Files (x86)\20-20 Technologies\2020Design\Mswin\60\scbar.exe => moved successfully
Could not move "C:\ProgramData\cm-lock" => Scheduled to move on reboot.
C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673} => moved successfully
"C:\Windows\System32\Tasks\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}" => not found.
C:\Windows\System32\Tasks\{CE608856-3A9F-4469-B7F6-74FF7F426B40} => moved successfully
C:\Windows\System32\Tasks\{F671F84A-72FB-4D2C-9583-4AD300920CAA} => moved successfully
C:\Windows\System32\Tasks\{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76} => moved successfully
C:\Windows\System32\Tasks\{CFE95831-11FD-48FD-8BA3-3C777AA5B42B} => moved successfully
C:\Windows\System32\Tasks\{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C} => moved successfully
C:\Windows\System32\Tasks\{8347D02E-7801-4B9C-9C51-309639054E11} => moved successfully
C:\Windows\System32\Tasks\{63C8F793-562B-4F75-AB2D-F25B2C8A75A7} => moved successfully
C:\Windows\System32\Tasks\{7C31838D-6D11-47E6-916F-125C5D4A99AC} => moved successfully
C:\Windows\System32\Tasks\{5A94FC6E-9971-468E-8D4B-018A146F56FB} => moved successfully
C:\Windows\System32\Tasks\{5682D37F-6DED-41E8-8B09-959C5933A560} => moved successfully
C:\Windows\System32\Tasks\{4C3AD55B-DDD2-4EEE-B070-094055060F2E} => moved successfully
C:\Windows => ":CM_869b1a1a87109aec4a93c5ce1e6e47e86ec6bce78e5558267a0fa9474ed379e3" ADS removed successfully.
C:\Windows => ":CM_8befd2116ed3ae5b76a72f986d48e27ea3d67e1bd92e83d0657f6afcda475cd0" ADS removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
EmptyTemp: => 766.4 MB temporary data Removed.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-24 21:04:58)
 
"C:\ProgramData\cm-lock" => Could not move
 
==== End of Fixlog 21:04:58 ====


#6 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 24 February 2016 - 09:25 PM

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Michelle (administrator) on MICHELLE-HP (24-02-2016 21:15:56)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle (Available Profiles: Michelle & McAfeeMVSUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
( ) C:\Windows\System32\dldocoms.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Emsisoft Ltd) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [9235928 2016-01-27] (Emsisoft Ltd)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [31848 2014-12-02] ()
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [WorkForce 840(Network) (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-07-24]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-04-15]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-11-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-11-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A556D1D-1E00-4677-AC7E-23EF6A9E7E46}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0138F14-8354-4165-A9A9-D4B48B69972D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} file:///C:/ProgramData/20-20%20Technologies/VSat/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://ftp.am.joneslanglasalle.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-03-03] (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2015-11-10] (Intuit, Inc.)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\4o3zcxt3.default-1416925051654
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll [2014-03-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824471614-4100467613-4293871112-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2010-11-06] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj [2015-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [10963864 2016-01-27] (Emsisoft Ltd)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 dldo_device; C:\Windows\system32\dldocoms.exe [1044136 2007-09-24] ( )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [161128 2014-03-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2013-12-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2013-12-17] (McAfee, Inc.)
R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [296400 2014-04-25] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-10] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-26] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 epp; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-23] (Emsisoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-24] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-17] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-17] (McAfee, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-24 21:01 - 2016-02-24 21:01 - 00000000 ____H C:\ProgramData\cm-lock
2016-02-24 20:59 - 2016-02-24 21:04 - 00004659 _____ C:\Users\Michelle\Downloads\Fixlog.txt
2016-02-24 20:46 - 2016-02-24 20:47 - 00000791 _____ C:\Users\Michelle\Downloads\Search.txt
2016-02-24 20:45 - 2016-02-24 20:45 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64 (2).exe
2016-02-24 20:43 - 2016-02-24 20:43 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64 (1).exe
2016-02-23 13:55 - 2016-02-23 14:41 - 00412632 _____ C:\Windows\ntbtlog.txt
2016-02-22 12:20 - 2016-02-22 12:20 - 00057966 _____ C:\Users\Michelle\Downloads\AdditionFeb 22.txt
2016-02-22 12:19 - 2016-02-24 21:19 - 00027319 _____ C:\Users\Michelle\Downloads\FRST.txt
2016-02-22 12:19 - 2016-02-22 12:20 - 00044675 _____ C:\Users\Michelle\Downloads\FRST Feb 22.txt
2016-02-22 12:18 - 2016-02-24 21:15 - 00000000 ____D C:\FRST
2016-02-22 12:17 - 2016-02-22 12:17 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2016-02-22 10:02 - 2016-02-22 10:04 - 00000000 ____D C:\Computer logs
2016-02-21 22:11 - 2016-02-21 22:11 - 00002049 _____ C:\Users\Michelle\Desktop\Computer Cleanup - Shortcut.lnk
2016-02-21 22:10 - 2016-02-24 20:44 - 00000000 ____D C:\Users\Michelle\Documents\Computer Cleanup
2016-02-21 21:17 - 2016-02-21 21:17 - 00000000 ____D C:\Users\Michelle\AppData\Local\HuluDesktop
2016-02-21 16:14 - 2016-02-21 16:16 - 00000000 ____D C:\Users\Michelle\Documents\Computer
2016-02-21 08:32 - 2016-02-21 08:32 - 02870984 _____ (ESET) C:\Users\Michelle\Downloads\esetsmartinstaller_enu.exe
2016-02-21 08:18 - 2016-02-21 08:18 - 01609216 _____ (Malwarebytes) C:\Users\Michelle\Downloads\JRT.exe
2016-02-21 07:44 - 2016-02-21 08:06 - 00000000 ____D C:\AdwCleaner
2016-02-21 07:44 - 2016-02-21 07:44 - 01511424 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe
2016-02-20 10:59 - 2016-02-24 20:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00002086 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-19 21:08 - 2016-02-19 21:08 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-19 21:08 - 2016-02-19 21:08 - 00000000 ____D C:\Program Files\CCleaner
2016-02-19 21:07 - 2016-02-19 21:07 - 05565384 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup512_slim.exe
2016-02-19 20:05 - 2016-02-24 21:02 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 19:47 - 2016-02-19 19:47 - 00001145 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-11 12:09 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 12:09 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 12:09 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 12:09 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 12:09 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 12:09 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 12:09 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 12:09 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-01 13:39 - 2016-02-01 13:39 - 00770636 _____ C:\Users\Michelle\Documents\img058.pdf
2016-02-01 13:30 - 2016-02-01 13:30 - 05919809 _____ C:\Users\Michelle\Downloads\ADA Cabinets - Vanity.zip
2016-02-01 13:30 - 2016-02-01 13:30 - 00000000 ____D C:\Users\Michelle\Downloads\ADA Cabinets - Vanity
2016-02-01 12:31 - 2016-02-01 12:31 - 00768688 _____ C:\Users\Michelle\Documents\img057.pdf
2016-02-01 12:15 - 2016-02-01 12:15 - 00944177 _____ C:\Users\Michelle\Documents\img056.pdf
2016-02-01 11:44 - 2016-02-01 11:44 - 00397651 _____ C:\Users\Michelle\Documents\img055.pdf
2016-02-01 11:36 - 2016-02-01 11:36 - 01262286 _____ C:\Users\Michelle\Documents\img054.pdf
2016-02-01 11:10 - 2016-02-01 11:10 - 00128795 _____ C:\Users\Michelle\Documents\WebAdvisor.pdf
2016-02-01 10:50 - 2016-02-01 10:50 - 01947850 _____ C:\Users\Michelle\Documents\img053.pdf
2016-02-01 10:11 - 2016-02-01 10:11 - 01089626 _____ C:\Users\Michelle\Documents\img052.pdf
2016-02-01 09:49 - 2016-02-01 09:49 - 00497418 _____ C:\Users\Michelle\Documents\img051.pdf
2016-01-29 14:43 - 2016-01-29 14:43 - 00659267 _____ C:\Users\Michelle\Documents\img050.pdf
2016-01-29 14:33 - 2016-01-29 14:33 - 00013029 _____ C:\Users\Michelle\Documents\items sold 2015.xlsx
2016-01-29 12:43 - 2016-01-29 12:43 - 01233260 _____ C:\Users\Michelle\Documents\img049.pdf
2016-01-29 12:13 - 2016-01-29 12:13 - 00026003 _____ C:\Users\Michelle\Documents\paypal 2015 final.xlsx
2016-01-29 12:06 - 2016-01-29 12:06 - 00791131 _____ C:\Users\Michelle\Documents\img048.pdf
2016-01-29 08:52 - 2016-01-29 08:52 - 00502635 _____ C:\Users\Michelle\Documents\img047.pdf
2016-01-28 14:15 - 2016-01-28 14:15 - 00707659 _____ C:\Users\Michelle\Documents\img046.pdf
2016-01-28 13:40 - 2016-01-29 10:24 - 00025598 _____ C:\Users\Michelle\Documents\paypal 2.xlsx
2016-01-28 13:40 - 2016-01-29 10:23 - 00025622 _____ C:\Users\Michelle\Documents\paypal 2015.xlsx
2016-01-28 09:59 - 2016-01-28 09:59 - 00764045 _____ C:\Users\Michelle\Documents\img045.pdf
2016-01-27 14:30 - 2016-01-27 14:30 - 00352956 _____ C:\Users\Michelle\Documents\img044.pdf
2016-01-27 13:16 - 2016-01-27 13:16 - 00404791 _____ C:\Users\Michelle\Documents\img043.pdf
2016-01-27 12:57 - 2016-01-27 12:57 - 00289279 _____ C:\Users\Michelle\Documents\img042.pdf
2016-01-27 12:35 - 2016-01-27 12:35 - 02126525 _____ C:\Users\Michelle\Documents\img041.pdf
2016-01-27 09:59 - 2016-01-27 09:59 - 00465628 _____ C:\Users\Michelle\Documents\img040.pdf
2016-01-27 09:43 - 2016-01-27 09:43 - 02558743 _____ C:\Users\Michelle\Documents\img039.pdf
2016-01-26 16:02 - 2016-01-26 16:02 - 00018242 _____ C:\Users\Michelle\Documents\paypal 2.csv
2016-01-26 14:26 - 2016-01-28 13:09 - 00020185 _____ C:\Users\Michelle\Documents\paypal 2015.csv
2016-01-26 10:51 - 2016-01-26 10:51 - 00758177 _____ C:\Users\Michelle\Documents\img038.pdf
2016-01-26 08:14 - 2016-01-26 08:14 - 00019422 _____ C:\Users\Michelle\Downloads\Statement_201501.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00036746 _____ C:\Users\Michelle\Downloads\Statement_201505.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00019623 _____ C:\Users\Michelle\Downloads\Statement_201504.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00018707 _____ C:\Users\Michelle\Downloads\Statement_201502.pdf
2016-01-26 08:13 - 2016-01-26 08:13 - 00018233 _____ C:\Users\Michelle\Downloads\Statement_201503.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00046016 _____ C:\Users\Michelle\Downloads\Statement_201509.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00037612 _____ C:\Users\Michelle\Downloads\Statement_201508.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00037266 _____ C:\Users\Michelle\Downloads\Statement_201506.pdf
2016-01-26 08:12 - 2016-01-26 08:12 - 00028474 _____ C:\Users\Michelle\Downloads\Statement_201507.pdf
2016-01-26 08:09 - 2016-01-26 08:09 - 00046183 _____ C:\Users\Michelle\Downloads\Statement_201510.pdf
2016-01-26 08:08 - 2016-01-26 08:08 - 00037912 _____ C:\Users\Michelle\Downloads\Statement_201512.pdf
2016-01-26 08:08 - 2016-01-26 08:08 - 00037798 _____ C:\Users\Michelle\Downloads\Statement_201511.pdf
2016-01-26 08:06 - 2016-01-26 12:05 - 00015852 _____ C:\Users\Michelle\Downloads\paypal 2015.csv
2016-01-26 08:05 - 2016-01-26 08:05 - 00070641 _____ C:\Users\Michelle\Downloads\1099K_Reconciliation_2015_1453611846.csv
2016-01-26 08:03 - 2016-01-26 08:03 - 00554929 _____ C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-24 21:19 - 2014-12-10 07:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-02-24 21:10 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:10 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-24 21:09 - 2009-07-14 00:13 - 00849900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-24 21:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-24 21:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-02-24 21:01 - 2011-01-19 15:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-02-24 21:01 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-24 20:59 - 2013-03-01 10:15 - 00000000 ____D C:\Users\Michelle\AppData\LocalLow\Temp
2016-02-24 00:44 - 2011-01-12 11:07 - 00000000 ____D C:\ProgramData\PDFC
2016-02-23 14:42 - 2011-01-19 14:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\ElevatedDiagnostics
2016-02-21 21:53 - 2015-05-13 13:39 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMichelle.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files\Google
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 21:37 - 2015-05-13 13:39 - 00003206 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichelle
2016-02-21 21:37 - 2011-03-01 08:06 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-21 21:37 - 2011-03-01 08:06 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-21 21:37 - 2011-01-19 12:30 - 00003418 _____ C:\Windows\System32\Tasks\ServicePlan
2016-02-21 21:27 - 2011-01-12 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-21 21:26 - 2014-03-28 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 21:22 - 2013-01-15 13:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-02-21 21:17 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-21 21:14 - 2011-01-12 11:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\Users\Michelle\AppData\Local\Google
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\ProgramData\Google
2016-02-20 11:00 - 2015-04-14 11:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-20 10:58 - 2011-01-21 15:07 - 00000000 ____D C:\ProgramData\Adobe
2016-02-19 21:30 - 2009-07-24 14:22 - 00000000 ____D C:\Windows\Panther
2016-02-19 20:37 - 2014-06-26 11:49 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-02-19 20:27 - 2013-01-16 11:48 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:27 - 2013-01-16 11:48 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 11:10 - 2011-01-19 12:22 - 00000000 ____D C:\Users\Michelle
2016-02-01 15:30 - 2013-01-10 10:52 - 00000000 ____D C:\Users\Michelle\Documents\2020 Files
 
==================== Files in the root of some directories =======
 
2013-02-25 14:26 - 2013-02-25 14:28 - 0004987 _____ () C:\Users\Michelle\AppData\Roaming\FileDiagTool.log
2013-07-29 11:21 - 2013-07-29 11:32 - 0002331 _____ () C:\Users\Michelle\AppData\Roaming\FileDrTool.log
2013-07-31 12:59 - 2013-07-31 12:59 - 0004096 ____H () C:\Users\Michelle\AppData\Local\keyfile3.drm
2016-02-24 21:01 - 2016-02-24 21:01 - 0000000 ____H () C:\ProgramData\cm-lock
2013-02-28 12:02 - 2012-07-16 17:28 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2013-02-28 12:02 - 2012-08-13 14:22 - 0004376 ____R () C:\ProgramData\P1100OS.HTM
2013-02-28 12:02 - 2012-07-16 17:28 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
 
Files to move or delete:
====================
C:\Users\Michelle\en_res.dll
C:\Users\Michelle\es_res.dll
C:\Users\Michelle\fr_res.dll
C:\Users\Michelle\grm_res.dll
C:\Users\Michelle\it_res.dll
C:\Users\Michelle\jp_res.dll
C:\Users\Michelle\mfc80u.dll
C:\Users\Michelle\msvcr80.dll
C:\Users\Michelle\PCPE Setup.exe
C:\Users\Michelle\pt_res.dll
C:\Users\Michelle\ResourceReader.dll
C:\Users\Michelle\ru_res.dll
C:\Users\Michelle\upd-PCL5-X64-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X32-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X64-5_2_0_8874.exe
C:\Users\Michelle\zh_res.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {e48fea22-23f8-11e0-a713-6c626da3301e}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {e48fea22-23f8-11e0-a713-6c626da3301e}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {5312aa06-7887-11de-b1db-001321be213f}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {e48fea22-23f8-11e0-a713-6c626da3301e}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{e48fea23-23f8-11e0-a713-6c626da3301e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{e48fea23-23f8-11e0-a713-6c626da3301e}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {5312aa06-7887-11de-b1db-001321be213f}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {e48fea23-23f8-11e0-a713-6c626da3301e}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
 
LastRegBack: 2016-02-19 22:16
 
==================== End of FRST.txt ============================

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Michelle (2016-02-24 21:20:09)
Running from C:\Users\Michelle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-19 17:22:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3824471614-4100467613-4293871112-500 - Administrator - Disabled)
Guest (S-1-5-21-3824471614-4100467613-4293871112-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3824471614-4100467613-4293871112-1010 - Limited - Enabled)
McAfeeMVSUser (S-1-5-21-3824471614-4100467613-4293871112-1008 - Limited - Enabled) => C:\Users\McAfeeMVSUser
Michelle (S-1-5-21-3824471614-4100467613-4293871112-1000 - Administrator - Enabled) => C:\Users\Michelle
QBDataServiceUser20 (S-1-5-21-3824471614-4100467613-4293871112-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee® Security-as-a-Service (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Emsisoft Anti-Malware (Enabled - Up to date) {15510D9D-6530-DA29-224F-7BA1BDD1CB58}
AS: McAfee® Security-as-a-Service (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {AE30EC79-430A-D5A7-18FF-40D3C65681E5}
FW: McAfee® Security-as-a-Service (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
20-20 Design Version 9.0 (HKLM-x32\...\{5CF81B66-941B-4890-8D73-E6B8E848681F}) (Version: 9.0.0 - 20-20 Technologies inc)
20-20 Design Version 9.0 (x32 Version: 9.0.0 - 20-20 Technologies inc) Hidden
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
AlignmentUtility (x32 Version: 18.00.0000 - UPS) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCC (x32 Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
CodeMeter Runtime Kit v5.00 (HKLM\...\{5FE750E9-5EB2-477C-86D2-4D886ABB0D01}) (Version: 5.00.1057.500 - WIBU-SYSTEMS AG)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Design (HKLM-x32\...\{D73E76B7-3FE2-4AEB-83B6-B31C4F077762}) (Version: 10.3.1.38 - 20-20 Technologies)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd)
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{C1A0A3F9-C302-4A18-A2E0-71C927D24652}) (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FormsComponent (x32 Version: 18.00.0000 - UPS) Hidden
FOSS (x32 Version: 18.00.0000 - UPS) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Browser Protection Service (HKLM-x32\...\McAfeeBrowserProtection) (Version: 6.0.3.138 - McAfee, Inc.) <==== ATTENTION
McAfee Firewall Protection Service (HKLM-x32\...\McAfee Managed Firewall) (Version: 6.0.3.138 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise (x32 Version: 3.5.0.1204 - McAfee, Inc.) Hidden
McAfee Virus and Spyware Protection Service (HKLM-x32\...\MVS) (Version: 6.0.3.127 - McAfee, Inc.)
Merillat 20-20 Catalogs (HKLM-x32\...\{FA69D133-6732-4AB1-91A8-11B752F12AF4}) (Version:  - )
Merillat Order Form (HKLM-x32\...\{035AF550-8307-45B9-A3E2-2BB6E92A49D2}) (Version: 10.31.38 - 20-20 Technologies inc.)
Merillat Order Form (HKLM-x32\...\{A3B4EF50-DAA4-457D-81F6-7AAD20FF08FD}) (Version: 10.0.7 - 20-20 Technologies)
MerillatOrderForm (HKLM-x32\...\{EBAC456A-33D9-4234-9294-961F61C66E0D}) (Version: 1.00.000 - 20-20 Technologies inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSIChecker (x32 Version: 18.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NA1Messenger (x32 Version: 18.00.0000 - Your Company Name) Hidden
NRF (x32 Version: 18.00.0000 - UPS) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PolicyManager (x32 Version: 18.00.0000 - UPS) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 23.0.4014.2305 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{0CFC5C64-A7D1-42C0-B8BF-03DFF0E6C54E}) (Version: 3.5.5 - Intuit)
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4004.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 18.00.0000 - UPS) Hidden
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SupportUtility (x32 Version: 18.00.0000 - UPS) Hidden
System (x32 Version: 18.00.0000 - UPS) Hidden
UnifiedPrinting (x32 Version: 18.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (x32 Version: 18.00.0000 - UPS) Hidden
UPSICC (x32 Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 17.00.0000 - UPS)
Wibu Share 64 Dll (HKLM-x32\...\{3359F638-219D-45DD-87A3-02718F299D8D}) (Version: 1.0.0 - 20-20 Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WorldShip (x32 Version: 18.00.0000 - UPS) Hidden
WSShared (x32 Version: 18.00.0000 - UPS) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05A6B0BA-0F3A-4C5F-9A80-1AAEEBC19573} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {06E45E55-50C5-4971-9A9C-1E7BE842AA13} - \{F671F84A-72FB-4D2C-9583-4AD300920CAA} -> No File <==== ATTENTION
Task: {24775D59-842F-4591-88D2-F71FCADE768B} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {3A7023E0-D4AD-4279-912A-5E0005235E55} - \{CE608856-3A9F-4469-B7F6-74FF7F426B40} -> No File <==== ATTENTION
Task: {3EB05AD7-91B9-4853-BEB6-5ACFC4791379} - \{4C3AD55B-DDD2-4EEE-B070-094055060F2E} -> No File <==== ATTENTION
Task: {4701F691-F44B-4BB1-BD8C-BC5438B59AE2} - \{7C31838D-6D11-47E6-916F-125C5D4A99AC} -> No File <==== ATTENTION
Task: {572506CA-373B-439A-865A-369D7B020365} - \{CFE95831-11FD-48FD-8BA3-3C777AA5B42B} -> No File <==== ATTENTION
Task: {618220B0-270C-4A54-8A1B-B78D2C2D2976} - System32\Tasks\{A2884691-F253-41CC-A4F8-7D89475F244F} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-10] (SEIKO EPSON CORP.)
Task: {699529CD-6911-4C8C-8D4B-D0BB1FAC875E} - \{5DF55D45-AD90-4C99-93C5-74CB79DC0673} -> No File <==== ATTENTION
Task: {69C8750A-A455-47D7-9D77-B297477BA02D} - \{63C8F793-562B-4F75-AB2D-F25B2C8A75A7} -> No File <==== ATTENTION
Task: {743BB385-1327-4BF6-953E-528A1D0DD7BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {84FE602A-7A85-4492-AB63-105FA996D42F} - \{5682D37F-6DED-41E8-8B09-959C5933A560} -> No File <==== ATTENTION
Task: {86AA4B26-646B-44F2-81ED-C72A81E03410} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {87B8071B-2E4D-4423-BEB4-B33ABDBCE638} - \{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C} -> No File <==== ATTENTION
Task: {8D0276D5-90FA-40C7-BD27-74740B705521} - \{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76} -> No File <==== ATTENTION
Task: {8ED76AB5-DA04-44AE-911E-7A8B169EEA15} - \{5A94FC6E-9971-468E-8D4B-018A146F56FB} -> No File <==== ATTENTION
Task: {9710D665-0CE4-41B7-99E9-C35FFA15D3E8} - System32\Tasks\HPCeeScheduleForMichelle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A2C67CA4-EBCA-4C99-9802-3E34196A013E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {A63EE547-2731-4D61-AA9A-F4A73E2B4381} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {A7F55A11-68EF-40D0-B040-0E388FBA67AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B752FAEE-3912-483C-82FB-2FC60D094BD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {C5CF3D21-A8D5-4629-96A4-60265A50EAEB} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {CFED835B-43E7-4FD1-9E58-959F434D953C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {D2C40833-0420-4D5F-A93C-8AA40592C90A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {E6B4812C-DC86-42E0-96D6-9A5DFC87B2FF} - \{8347D02E-7801-4B9C-9C51-309639054E11} -> No File <==== ATTENTION
Task: {F9D6ED15-B882-487E-B4B8-AE2AC4D12DAE} - System32\Tasks\{0C6423FC-B540-48CD-96E2-2595B3C647DB} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-10] (SEIKO EPSON CORP.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichelle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-02-23 11:03 - 2012-08-21 16:07 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2011-01-21 12:26 - 2007-07-18 10:45 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldodrpp.dll
2013-02-23 11:03 - 2012-08-21 16:07 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-01-12 11:21 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2014-12-02 19:29 - 2014-12-02 19:29 - 00031848 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
2012-03-15 09:54 - 2012-03-15 09:54 - 00014848 ____R () C:\Program Files (x86)\Common Files\WIBU Shared\Plugins\5000093\5000093-BindingExtension.dll
2010-11-06 15:33 - 2010-11-06 15:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9fd2bc740df7be47afcc4601d4bb52af\IsdiInterop.ni.dll
2011-01-12 11:11 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-11-10 07:35 - 2015-11-10 07:35 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2015-11-10 04:09 - 2015-11-10 04:09 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2015-11-10 07:35 - 2015-11-10 07:35 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00577816 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-12-02 17:45 - 2014-12-02 17:45 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
2014-12-02 17:24 - 2014-12-02 17:24 - 00018432 _____ () C:\UPS\WSTD\UPSResourceManager.dll
2014-12-02 17:39 - 2014-12-02 17:39 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
2014-12-02 17:39 - 2014-12-02 17:39 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
2011-01-12 11:21 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2016-02-19 20:27 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 20:26 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\.DEFAULT\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\.DEFAULT\...\microsoft.com -> hxxps://support.microsoft.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\microsoft.com -> hxxps://support.microsoft.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\mcafeeasap.com -> hxxp://vs.mcafeeasap.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\mcafeeasap.com -> hxxps://vs.mcafeeasap.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\microsoft.com -> hxxps://support.microsoft.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
MSCONFIG\startupreg: MVS Splash => "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5672B15E-826D-4584-B0A7-D8EAC5BFD863}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{4EC344B6-8B0A-46E6-BB60-E66057A35530}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{6768AAD8-0C32-4318-912D-10545D1C4581}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{637A60AF-BC2D-4932-B460-A2C4B3729A1C}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{B0C2CF39-C62C-464C-9A7B-113E54DD8C57}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{9DC5B1E4-EDD1-4AAF-A8ED-BD6A068C45C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8C887965-E7B9-4A3F-8DBD-D201200AC265}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F7790463-BF06-47EC-98D8-BB5525CE3B46}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{AAD84698-71E7-4425-AC3A-DD5370D5311C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{7ED6BCB6-B570-4B2E-9194-67622E637438}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D608D922-A84C-416E-9C34-B05A153E60FB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{3CF6256E-F98D-4043-94EE-15733087360C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{26824ED7-EC29-4ABA-88C6-D014A7502B8D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{83964E44-D151-46BD-8656-1AF52E797FFA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{BFEDDDFF-94FD-41B2-9347-1A8D83DF19D3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{1E63EBE3-E7B7-4249-85EA-5C24304C8959}] => (Allow) svchost.exe
FirewallRules: [{36A6E07C-6DF8-46D3-A486-2CD725F96C96}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2A52724B-BA76-4714-A498-0050ACF918A8}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{033414EB-FF29-44F6-9E2D-C032DB9FFFE3}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{122DD147-3390-4F15-8111-E35013820FFE}] => (Allow) LPort=67
FirewallRules: [TCP Query User{846A39DD-2101-47D2-B53E-73B35FAD7323}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D59F9567-2FE1-4111-9774-D8B6E058C6FD}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{CA1D17D6-2818-41B7-9A8C-97C4D43FEDE1}] => (Allow) C:\Windows\System32\dldocoms.exe
FirewallRules: [{BCB050D3-B7FC-425F-BFDF-B479270E5763}] => (Allow) C:\Windows\System32\dldocoms.exe
FirewallRules: [{880812B8-CCFB-4E60-A528-EFE975BC3DFE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F775EBBD-15B1-4B16-A6C4-4398718934F7}] => (Allow) LPort=2869
FirewallRules: [{668D607C-DD62-482A-BE42-3E0D4D9EE956}] => (Allow) LPort=1900
FirewallRules: [{CDEC38A3-5EAE-4B65-B44E-99E87D7DEC5F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4411E568-1D9D-443E-A00C-A02CB5F071C4}] => (Allow) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3D137977-32EA-4C6A-86DC-EC97D56728E8}] => (Allow) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{91981FFC-081C-41D0-A7A9-10B93A164586}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{18BDF1C3-3D01-47E4-B660-DE984CA368A5}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5644A59D-BC85-4334-B5C7-1FB084382EA8}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7A871150-C921-465D-BC2C-CD0FC98C3CB9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2A67791E-69D9-4D5B-8D29-AD20D5F440B2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{B2E1093A-33DE-4CA1-8067-CE4F7D0129A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{BE1492B7-0FC7-4577-BEEF-6D1F25C495E0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{E918A142-0946-45EC-842B-B75E440F7E6C}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{96E5D7F2-EC40-4FD6-9909-EA9E38B31ED2}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [TCP Query User{9EFC0FB2-013C-4DE4-A5E7-A9E38918865D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{749B5BE2-7B5A-429C-9565-6049D9C0D4E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{58155B7B-DFB5-4ED5-98C3-49A5EF1CED76}] => (Allow) LPort=67
FirewallRules: [{DDD551E5-D5CB-4BA6-8C81-F3DFD4575607}] => (Allow) C:\Program Files (x86)\20-20 Technologies\Design\Bin\System\design.exe
FirewallRules: [{0E9EF231-FAA5-4AD6-B137-ACE6FA2E607E}] => (Allow) LPort=4040
FirewallRules: [{30C7F1A7-181F-4E05-8D6A-0C58D32558A3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B766CBA8-996D-4CD8-AACB-0CCC30E663C1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1C918F64-CF1D-49C4-893E-F0D26385AD82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D26A86AC-B183-496E-B4A4-62145F1E3813}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE706CE2-80E6-4129-9360-D7DF8B60E72F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6F6AE53F-BEB6-44C4-9257-E52E5D1D813B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{076B60B0-94A1-4063-BF62-704D187F79B6}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8431E916-C95A-465D-B4FA-88DABC8A8265}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8E48E8A4-36C7-4184-8F66-A586B5041D9D}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{0666F1B3-574E-446F-A7E1-98C7DDA3A95C}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Restore Points =========================
 
21-02-2016 08:20:53 JRT Pre-Junkware Removal
21-02-2016 21:10:10 Removed HP Advisor.
21-02-2016 21:19:44 Removed Java 8 Update 40
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2016 09:13:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:42:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:42:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:33:02 PM) (Source: MsiInstaller) (EventID: 1024) (User: Michelle-HP)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (02/24/2016 12:21:40 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
FCS Copy Files Error 11.
 
Error: (02/23/2016 01:51:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program taskmgr.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 304
 
Start Time: 01d16e6a93af6fd7
 
Termination Time: 15
 
Application Path: C:\Windows\system32\taskmgr.exe
 
Report Id: 47823f96-da5e-11e5-8c03-6c626da3301e
 
Error: (02/23/2016 01:46:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.19135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 57c
 
Start Time: 01d16e69c1f4dce1
 
Termination Time: 141
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 9e12ddf0-da5d-11e5-8c03-6c626da3301e
 
Error: (02/23/2016 01:33:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.19135 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 9e4
 
Start Time: 01d16e682c2ff8f3
 
Termination Time: 110
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: c2eed055-da5b-11e5-9a28-6c626da3301e
 
Error: (02/22/2016 12:31:37 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/22/2016 12:30:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
 
System errors:
=============
Error: (02/24/2016 09:02:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/24/2016 09:02:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2016 08:21:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2016 08:21:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/23/2016 09:44:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/23/2016 09:44:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/23/2016 05:48:17 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3A556D1D-1E00-4677-AC7E-23EF6A9E7E46}.
The backup browser is stopping.
 
Error: (02/23/2016 05:09:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/23/2016 05:08:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/23/2016 05:07:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:54:16 PM on ‎2/‎23/‎2016 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-19 08:59:11.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:09.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:09.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 37%
Total physical RAM: 6007.08 MB
Available physical RAM: 3761.62 MB
Total Virtual: 12012.36 MB
Available Virtual: 8906.7 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:686.06 GB) (Free:572.06 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.48 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 0249465E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#7 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 25 February 2016 - 08:32 AM

I enabled McAfee last night and it immediately found and deleted W97m/DOWNLOADER.aiw

C;/Windows/TEMP/tmp000043f7/tmp00000... and has done so 16 more time overnight.

 

You asked which program I wanted to keep - McAfee SaaS or Emsisoft. -  I thought that they each had different functions, but, if not, I guess McAfee is the more complete protection.  Do you want me to uninstall Emsisoft?

 

thank you for you time

Debbie



#8 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 25 February 2016 - 01:17 PM

Hi worryd,

Thank you for the quick response.

It is very important that you make complete backups of all your important data before we proceed with some of these powerful tools. Please confirm that you have current and complete backups before you follow any of the following steps.

 

OK- I disabled McAfee® Security-as-a-Service for now.

 

When Addition.txt was created at 2016-02-24 21:20:09, it showed both McAfee® Security-as-a-Service and Emsisoft Anti-Malware still active. Please uninstall one of these products before we go any further. For the McAfee product, follow the steps in this article. For Emsisoft, follow the steps in this article.



Let's Clean Some Additional Entries From Your PC

If you have already deleted the FRST tool, get a fresh copy from Farbar Recovery Scan Tool.

  • Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
  • Type Notepad into the Run box and click OK.
  • Please copy the entire contents of the code box below into a new file.
C:\Users\Michelle\Documents\img058.pdf
C:\Users\Michelle\Documents\img057.pdf
C:\Users\Michelle\Documents\img056.pdf
C:\Users\Michelle\Documents\img055.pdf
C:\Users\Michelle\Documents\img054.pdf
C:\Users\Michelle\Documents\img053.pdf
C:\Users\Michelle\Documents\img052.pdf
C:\Users\Michelle\Documents\img051.pdf
C:\Users\Michelle\Documents\img050.pdf
C:\Users\Michelle\Documents\img049.pdf
C:\Users\Michelle\Documents\img048.pdf
C:\Users\Michelle\Documents\img047.pdf
C:\Users\Michelle\Documents\img046.pdf
C:\Users\Michelle\Documents\img045.pdf
C:\Users\Michelle\Documents\img044.pdf
C:\Users\Michelle\Documents\img043.pdf
C:\Users\Michelle\Documents\img042.pdf
C:\Users\Michelle\Documents\img041.pdf
C:\Users\Michelle\Documents\img040.pdf
C:\Users\Michelle\Documents\img039.pdf
C:\Users\Michelle\Documents\img038.pdf
C:\Users\Michelle\Downloads\Statement_201501.pdf
C:\Users\Michelle\Downloads\Statement_201505.pdf
C:\Users\Michelle\Downloads\Statement_201504.pdf
C:\Users\Michelle\Downloads\Statement_201502.pdf
C:\Users\Michelle\Downloads\Statement_201503.pdf
C:\Users\Michelle\Downloads\Statement_201509.pdf
C:\Users\Michelle\Downloads\Statement_201508.pdf
C:\Users\Michelle\Downloads\Statement_201506.pdf
C:\Users\Michelle\Downloads\Statement_201507.pdf
C:\Users\Michelle\Downloads\Statement_201510.pdf
C:\Users\Michelle\Downloads\Statement_201512.pdf
C:\Users\Michelle\Downloads\Statement_201511.pdf
C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf
C:\ProgramData\P1100DEF.css
C:\Users\Michelle\en_res.dll
C:\Users\Michelle\es_res.dll
C:\Users\Michelle\fr_res.dll
C:\Users\Michelle\grm_res.dll
C:\Users\Michelle\it_res.dll
C:\Users\Michelle\jp_res.dll
C:\Users\Michelle\mfc80u.dll
C:\Users\Michelle\msvcr80.dll
C:\Users\Michelle\PCPE Setup.exe
C:\Users\Michelle\pt_res.dll
C:\Users\Michelle\ResourceReader.dll
C:\Users\Michelle\ru_res.dll
C:\Users\Michelle\upd-PCL5-X64-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X32-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X64-5_2_0_8874.exe
C:\Users\Michelle\zh_res.dll
Task: {06E45E55-50C5-4971-9A9C-1E7BE842AA13} - \{F671F84A-72FB-4D2C-9583-4AD300920CAA} -> No File <==== ATTENTION
Task: {3A7023E0-D4AD-4279-912A-5E0005235E55} - \{CE608856-3A9F-4469-B7F6-74FF7F426B40} -> No File <==== ATTENTION
Task: {3EB05AD7-91B9-4853-BEB6-5ACFC4791379} - \{4C3AD55B-DDD2-4EEE-B070-094055060F2E} -> No File <==== ATTENTION
Task: {4701F691-F44B-4BB1-BD8C-BC5438B59AE2} - \{7C31838D-6D11-47E6-916F-125C5D4A99AC} -> No File <==== ATTENTION
Task: {572506CA-373B-439A-865A-369D7B020365} - \{CFE95831-11FD-48FD-8BA3-3C777AA5B42B} -> No File <==== ATTENTION
Task: {699529CD-6911-4C8C-8D4B-D0BB1FAC875E} - \{5DF55D45-AD90-4C99-93C5-74CB79DC0673} -> No File <==== ATTENTION
Task: {69C8750A-A455-47D7-9D77-B297477BA02D} - \{63C8F793-562B-4F75-AB2D-F25B2C8A75A7} -> No File <==== ATTENTION
Task: {84FE602A-7A85-4492-AB63-105FA996D42F} - \{5682D37F-6DED-41E8-8B09-959C5933A560} -> No File <==== ATTENTION
Task: {87B8071B-2E4D-4423-BEB4-B33ABDBCE638} - \{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C} -> No File <==== ATTENTION
Task: {8D0276D5-90FA-40C7-BD27-74740B705521} - \{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76} -> No File <==== ATTENTION
Task: {8ED76AB5-DA04-44AE-911E-7A8B169EEA15} - \{5A94FC6E-9971-468E-8D4B-018A146F56FB} -> No File <==== ATTENTION
Task: {E6B4812C-DC86-42E0-96D6-9A5DFC87B2FF} - \{8347D02E-7801-4B9C-9C51-309639054E11} -> No File <==== ATTENTION

Unlock: C:\ProgramData\cm-lock
C:\ProgramData\cm-lock


FirewallRules: [{1E63EBE3-E7B7-4249-85EA-5C24304C8959}] => (Allow) svchost.exe
FirewallRules: [{122DD147-3390-4F15-8111-E35013820FFE}] => (Allow) LPort=67
  • Save the file as fixlist.txt into the same folder where the Farbar tool is running from. The location is listed in the 3rd line of the FRST.txt log you have submitted.
  • Run FRST64.exe and click Fix only once and wait until the program completes execution.
  • Restart the computer normally to reset the registry.
  • The tool will create a log (Fixlog.txt). Please post it into your reply.

 

Re-scan using Farbar Recovery Scan Tool

Launch FRST64.exe again and checkmark all the boxes in the Whitelist section and the Addition.txt box in the Optional Scan section then click Scan. Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your reply.

 

Do nuisance files recur?

Please operate your PC as you normally do for a while. Do files with names similar to C:/Windows/TEMP/tmp000043f7/tmp00000 recur? If so, please describe how often they are created. Is their creation related to any specific task you perform? Do you see any other suspicious symptoms? Please copy and paste the report from McAfee which shows deletion of these files.


In your next message...

  • Please confirm that your backups are current and complete.
  • Confirm that one of your AV products is uninstalled. Which one is uninstalled?
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message.
  • If the nuisance files recur, tell me about the circumstances of their creation.



How is your PC running now?

Thank you,

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#9 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 February 2016 - 06:24 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Michelle (2016-02-26 06:05:56) Run:2
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle & McAfeeMVSUser (Available Profiles: Michelle & McAfeeMVSUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
C:\Users\Michelle\Documents\img058.pdf
C:\Users\Michelle\Documents\img057.pdf
C:\Users\Michelle\Documents\img056.pdf
C:\Users\Michelle\Documents\img055.pdf
C:\Users\Michelle\Documents\img054.pdf
C:\Users\Michelle\Documents\img053.pdf
C:\Users\Michelle\Documents\img052.pdf
C:\Users\Michelle\Documents\img051.pdf
C:\Users\Michelle\Documents\img050.pdf
C:\Users\Michelle\Documents\img049.pdf
C:\Users\Michelle\Documents\img048.pdf
C:\Users\Michelle\Documents\img047.pdf
C:\Users\Michelle\Documents\img046.pdf
C:\Users\Michelle\Documents\img045.pdf
C:\Users\Michelle\Documents\img044.pdf
C:\Users\Michelle\Documents\img043.pdf
C:\Users\Michelle\Documents\img042.pdf
C:\Users\Michelle\Documents\img041.pdf
C:\Users\Michelle\Documents\img040.pdf
C:\Users\Michelle\Documents\img039.pdf
C:\Users\Michelle\Documents\img038.pdf
C:\Users\Michelle\Downloads\Statement_201501.pdf
C:\Users\Michelle\Downloads\Statement_201505.pdf
C:\Users\Michelle\Downloads\Statement_201504.pdf
C:\Users\Michelle\Downloads\Statement_201502.pdf
C:\Users\Michelle\Downloads\Statement_201503.pdf
C:\Users\Michelle\Downloads\Statement_201509.pdf
C:\Users\Michelle\Downloads\Statement_201508.pdf
C:\Users\Michelle\Downloads\Statement_201506.pdf
C:\Users\Michelle\Downloads\Statement_201507.pdf
C:\Users\Michelle\Downloads\Statement_201510.pdf
C:\Users\Michelle\Downloads\Statement_201512.pdf
C:\Users\Michelle\Downloads\Statement_201511.pdf
C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf
C:\ProgramData\P1100DEF.css
C:\Users\Michelle\en_res.dll
C:\Users\Michelle\es_res.dll
C:\Users\Michelle\fr_res.dll
C:\Users\Michelle\grm_res.dll
C:\Users\Michelle\it_res.dll
C:\Users\Michelle\jp_res.dll
C:\Users\Michelle\mfc80u.dll
C:\Users\Michelle\msvcr80.dll
C:\Users\Michelle\PCPE Setup.exe
C:\Users\Michelle\pt_res.dll
C:\Users\Michelle\ResourceReader.dll
C:\Users\Michelle\ru_res.dll
C:\Users\Michelle\upd-PCL5-X64-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X32-5_2_0_8874.exe
C:\Users\Michelle\upd-PCL6-X64-5_2_0_8874.exe
C:\Users\Michelle\zh_res.dll
Task: {06E45E55-50C5-4971-9A9C-1E7BE842AA13} - \{F671F84A-72FB-4D2C-9583-4AD300920CAA} -> No File <==== ATTENTION
Task: {3A7023E0-D4AD-4279-912A-5E0005235E55} - \{CE608856-3A9F-4469-B7F6-74FF7F426B40} -> No File <==== ATTENTION
Task: {3EB05AD7-91B9-4853-BEB6-5ACFC4791379} - \{4C3AD55B-DDD2-4EEE-B070-094055060F2E} -> No File <==== ATTENTION
Task: {4701F691-F44B-4BB1-BD8C-BC5438B59AE2} - \{7C31838D-6D11-47E6-916F-125C5D4A99AC} -> No File <==== ATTENTION
Task: {572506CA-373B-439A-865A-369D7B020365} - \{CFE95831-11FD-48FD-8BA3-3C777AA5B42B} -> No File <==== ATTENTION
Task: {699529CD-6911-4C8C-8D4B-D0BB1FAC875E} - \{5DF55D45-AD90-4C99-93C5-74CB79DC0673} -> No File <==== ATTENTION
Task: {69C8750A-A455-47D7-9D77-B297477BA02D} - \{63C8F793-562B-4F75-AB2D-F25B2C8A75A7} -> No File <==== ATTENTION
Task: {84FE602A-7A85-4492-AB63-105FA996D42F} - \{5682D37F-6DED-41E8-8B09-959C5933A560} -> No File <==== ATTENTION
Task: {87B8071B-2E4D-4423-BEB4-B33ABDBCE638} - \{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C} -> No File <==== ATTENTION
Task: {8D0276D5-90FA-40C7-BD27-74740B705521} - \{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76} -> No File <==== ATTENTION
Task: {8ED76AB5-DA04-44AE-911E-7A8B169EEA15} - \{5A94FC6E-9971-468E-8D4B-018A146F56FB} -> No File <==== ATTENTION
Task: {E6B4812C-DC86-42E0-96D6-9A5DFC87B2FF} - \{8347D02E-7801-4B9C-9C51-309639054E11} -> No File <==== ATTENTION
 
Unlock: C:\ProgramData\cm-lock
C:\ProgramData\cm-lock
 
 
FirewallRules: [{1E63EBE3-E7B7-4249-85EA-5C24304C8959}] => (Allow) svchost.exe
FirewallRules: [{122DD147-3390-4F15-8111-E35013820FFE}] => (Allow) LPort=67
*****************
 
C:\Users\Michelle\Documents\img058.pdf => moved successfully
C:\Users\Michelle\Documents\img057.pdf => moved successfully
C:\Users\Michelle\Documents\img056.pdf => moved successfully
C:\Users\Michelle\Documents\img055.pdf => moved successfully
C:\Users\Michelle\Documents\img054.pdf => moved successfully
C:\Users\Michelle\Documents\img053.pdf => moved successfully
C:\Users\Michelle\Documents\img052.pdf => moved successfully
C:\Users\Michelle\Documents\img051.pdf => moved successfully
C:\Users\Michelle\Documents\img050.pdf => moved successfully
C:\Users\Michelle\Documents\img049.pdf => moved successfully
C:\Users\Michelle\Documents\img048.pdf => moved successfully
C:\Users\Michelle\Documents\img047.pdf => moved successfully
C:\Users\Michelle\Documents\img046.pdf => moved successfully
C:\Users\Michelle\Documents\img045.pdf => moved successfully
C:\Users\Michelle\Documents\img044.pdf => moved successfully
C:\Users\Michelle\Documents\img043.pdf => moved successfully
C:\Users\Michelle\Documents\img042.pdf => moved successfully
C:\Users\Michelle\Documents\img041.pdf => moved successfully
C:\Users\Michelle\Documents\img040.pdf => moved successfully
C:\Users\Michelle\Documents\img039.pdf => moved successfully
C:\Users\Michelle\Documents\img038.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201501.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201505.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201504.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201502.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201503.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201509.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201508.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201506.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201507.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201510.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201512.pdf => moved successfully
C:\Users\Michelle\Downloads\Statement_201511.pdf => moved successfully
C:\Users\Michelle\Downloads\1099K_2015_1453611846.pdf => moved successfully
C:\ProgramData\P1100DEF.css => moved successfully
C:\Users\Michelle\en_res.dll => moved successfully
C:\Users\Michelle\es_res.dll => moved successfully
C:\Users\Michelle\fr_res.dll => moved successfully
C:\Users\Michelle\grm_res.dll => moved successfully
C:\Users\Michelle\it_res.dll => moved successfully
C:\Users\Michelle\jp_res.dll => moved successfully
C:\Users\Michelle\mfc80u.dll => moved successfully
C:\Users\Michelle\msvcr80.dll => moved successfully
C:\Users\Michelle\PCPE Setup.exe => moved successfully
C:\Users\Michelle\pt_res.dll => moved successfully
C:\Users\Michelle\ResourceReader.dll => moved successfully
C:\Users\Michelle\ru_res.dll => moved successfully
C:\Users\Michelle\upd-PCL5-X64-5_2_0_8874.exe => moved successfully
C:\Users\Michelle\upd-PCL6-X32-5_2_0_8874.exe => moved successfully
C:\Users\Michelle\upd-PCL6-X64-5_2_0_8874.exe => moved successfully
C:\Users\Michelle\zh_res.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{06E45E55-50C5-4971-9A9C-1E7BE842AA13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06E45E55-50C5-4971-9A9C-1E7BE842AA13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F671F84A-72FB-4D2C-9583-4AD300920CAA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A7023E0-D4AD-4279-912A-5E0005235E55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A7023E0-D4AD-4279-912A-5E0005235E55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CE608856-3A9F-4469-B7F6-74FF7F426B40}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EB05AD7-91B9-4853-BEB6-5ACFC4791379}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB05AD7-91B9-4853-BEB6-5ACFC4791379}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4C3AD55B-DDD2-4EEE-B070-094055060F2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4701F691-F44B-4BB1-BD8C-BC5438B59AE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4701F691-F44B-4BB1-BD8C-BC5438B59AE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C31838D-6D11-47E6-916F-125C5D4A99AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{572506CA-373B-439A-865A-369D7B020365}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{572506CA-373B-439A-865A-369D7B020365}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CFE95831-11FD-48FD-8BA3-3C777AA5B42B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{699529CD-6911-4C8C-8D4B-D0BB1FAC875E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{699529CD-6911-4C8C-8D4B-D0BB1FAC875E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5DF55D45-AD90-4C99-93C5-74CB79DC0673}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{69C8750A-A455-47D7-9D77-B297477BA02D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69C8750A-A455-47D7-9D77-B297477BA02D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{63C8F793-562B-4F75-AB2D-F25B2C8A75A7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84FE602A-7A85-4492-AB63-105FA996D42F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84FE602A-7A85-4492-AB63-105FA996D42F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5682D37F-6DED-41E8-8B09-959C5933A560}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87B8071B-2E4D-4423-BEB4-B33ABDBCE638}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87B8071B-2E4D-4423-BEB4-B33ABDBCE638}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8A3AA816-0FBE-4AD3-BD27-5E4D8620596C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D0276D5-90FA-40C7-BD27-74740B705521}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D0276D5-90FA-40C7-BD27-74740B705521}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EADFDAB9-3CDF-4DE0-835F-26A0E2C57D76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8ED76AB5-DA04-44AE-911E-7A8B169EEA15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ED76AB5-DA04-44AE-911E-7A8B169EEA15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5A94FC6E-9971-468E-8D4B-018A146F56FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6B4812C-DC86-42E0-96D6-9A5DFC87B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6B4812C-DC86-42E0-96D6-9A5DFC87B2FF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8347D02E-7801-4B9C-9C51-309639054E11}" => key removed successfully
"C:\ProgramData\cm-lock" => was unlocked
Could not move "C:\ProgramData\cm-lock" => Scheduled to move on reboot.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1E63EBE3-E7B7-4249-85EA-5C24304C8959} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{122DD147-3390-4F15-8111-E35013820FFE} => value removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-02-26 06:18:56)
 
"C:\ProgramData\cm-lock" => Could not move
 
==== End of Fixlog 06:18:56 ====


#10 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 February 2016 - 07:05 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
Ran by Michelle (administrator) on MICHELLE-HP (26-02-2016 06:29:19)
Running from C:\Users\Michelle\Downloads
Loaded Profiles: Michelle & McAfeeMVSUser (Available Profiles: Michelle & McAfeeMVSUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(CinemaNow, Inc.) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
( ) C:\Windows\System32\dldocoms.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\saHookMain.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [emsisoft anti-malware] => "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-14] (PDF Complete Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [2068992 2009-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-10] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [nmctxth] => C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe [642856 2008-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976832 2009-12-17] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [31848 2014-12-02] ()
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-10-24] (AMD)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\Run: [WorkForce 840(Network) (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGMA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\Run: [HPAdvisorDock] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2012-07-24]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2014-04-15]
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-11-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-11-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-11-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk [2015-02-23]
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3A556D1D-1E00-4677-AC7E-23EF6A9E7E46}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A0138F14-8354-4165-A9A9-D4B48B69972D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {6434ABB9-8EB7-48BA-95B7-C3766AF12F00} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7BC6D922-8D7F-4E7C-B6D5-6610501DE187} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D83FD71F-55EF-4724-92D2-0CEA2DEEF9E8} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140407095040.dll [2013-12-17] (McAfee, Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} file:///C:/ProgramData/20-20%20Technologies/VSat/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: HKLM-x32 {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://ftp.am.joneslanglasalle.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-03-03] (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2015-11-10] (Intuit, Inc.)
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\x64\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll [2014-11-12] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\4o3zcxt3.default-1416925051654
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\NPMcFFPlg.dll [2014-03-06] (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2010-11-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3824471614-4100467613-4293871112-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Michelle\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-28] (Citrix Online)
FF Plugin HKU\S-1-5-21-3824471614-4100467613-4293871112-1008: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-01-28] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2010-11-06] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02]
CHR Extension: (Google Docs) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-04]
CHR Extension: (YouTube) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-04]
CHR Extension: (Google Sheets) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02]
CHR Extension: (McAfee SiteAdvisor Enterprise) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\feobgjncdknhelkhjpiejdbpliekmfaj [2015-03-02]
CHR Extension: (Google Docs Offline) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
CHR HKLM-x32\...\Chrome\Extension: [feobgjncdknhelkhjpiejdbpliekmfaj] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McChPlg.crx [2014-03-06]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R2 dldo_device; C:\Windows\system32\dldocoms.exe [1044136 2007-09-24] ( )
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S2 LinksysUpdater; C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [204800 2008-11-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [161128 2014-03-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2013-12-17] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2013-12-17] (McAfee, Inc.)
R2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 myAgtSvc; C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [296400 2014-04-25] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-11-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-26] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 RumorServer; "C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" /RunDLL=RumorServer.dll;ServiceHost [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2013-12-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2013-12-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [520056 2013-12-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2013-12-17] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2013-12-17] (McAfee, Inc.)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [748648 2010-08-12] (Realtek Semiconductor Corporation                           )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-26 06:28 - 2016-02-26 06:28 - 00001158 _____ C:\Users\Michelle\Desktop\FRST64.exe - Shortcut.lnk
2016-02-26 06:07 - 2016-02-26 06:07 - 00000000 ____H C:\ProgramData\cm-lock
2016-02-26 06:05 - 2016-02-26 06:18 - 00013054 _____ C:\Users\Michelle\Downloads\Fixlog.txt
2016-02-26 05:56 - 2016-02-26 05:56 - 00641240 _____ (Emsisoft Ltd) C:\Users\Michelle\Downloads\emsiclean.exe
2016-02-24 21:20 - 2016-02-24 21:21 - 00055787 _____ C:\Users\Michelle\Downloads\Addition.txt
2016-02-24 20:59 - 2016-02-24 21:04 - 00004659 _____ C:\Users\Michelle\Downloads\Fixlog feb 24.txt
2016-02-24 20:46 - 2016-02-24 20:47 - 00000791 _____ C:\Users\Michelle\Downloads\Search.txt
2016-02-24 20:45 - 2016-02-24 20:45 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64 (2).exe
2016-02-24 20:43 - 2016-02-24 20:43 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64 (1).exe
2016-02-23 13:55 - 2016-02-23 14:41 - 00412632 _____ C:\Windows\ntbtlog.txt
2016-02-22 12:20 - 2016-02-22 12:20 - 00057966 _____ C:\Users\Michelle\Downloads\AdditionFeb 22.txt
2016-02-22 12:19 - 2016-02-26 06:30 - 00027491 _____ C:\Users\Michelle\Downloads\FRST.txt
2016-02-22 12:19 - 2016-02-22 12:20 - 00044675 _____ C:\Users\Michelle\Downloads\FRST Feb 22.txt
2016-02-22 12:18 - 2016-02-26 06:29 - 00000000 ____D C:\FRST
2016-02-22 12:17 - 2016-02-22 12:17 - 02371072 _____ (Farbar) C:\Users\Michelle\Downloads\FRST64.exe
2016-02-22 10:02 - 2016-02-22 10:04 - 00000000 ____D C:\Computer logs
2016-02-21 22:11 - 2016-02-21 22:11 - 00002049 _____ C:\Users\Michelle\Desktop\Computer Cleanup - Shortcut.lnk
2016-02-21 22:10 - 2016-02-24 20:44 - 00000000 ____D C:\Users\Michelle\Documents\Computer Cleanup
2016-02-21 21:17 - 2016-02-21 21:17 - 00000000 ____D C:\Users\Michelle\AppData\Local\HuluDesktop
2016-02-21 16:14 - 2016-02-21 16:16 - 00000000 ____D C:\Users\Michelle\Documents\Computer
2016-02-21 08:32 - 2016-02-21 08:32 - 02870984 _____ (ESET) C:\Users\Michelle\Downloads\esetsmartinstaller_enu.exe
2016-02-21 08:18 - 2016-02-21 08:18 - 01609216 _____ (Malwarebytes) C:\Users\Michelle\Downloads\JRT.exe
2016-02-21 07:44 - 2016-02-21 08:06 - 00000000 ____D C:\AdwCleaner
2016-02-21 07:44 - 2016-02-21 07:44 - 01511424 _____ C:\Users\Michelle\Downloads\AdwCleaner.exe
2016-02-20 10:59 - 2016-02-24 20:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00002086 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-20 10:59 - 2016-02-20 10:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-19 21:08 - 2016-02-19 21:08 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-02-19 21:08 - 2016-02-19 21:08 - 00000000 ____D C:\Program Files\CCleaner
2016-02-19 21:07 - 2016-02-19 21:07 - 05565384 _____ (Piriform Ltd) C:\Users\Michelle\Downloads\ccsetup512_slim.exe
2016-02-19 20:05 - 2016-02-26 06:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-19 19:47 - 2016-02-19 19:47 - 00001145 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2016-02-19 19:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 19:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-02-19 19:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-11 12:09 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 12:09 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 12:09 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 12:09 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 12:09 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 12:09 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 12:09 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 12:09 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 12:09 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 12:09 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 12:09 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-01 13:30 - 2016-02-01 13:30 - 05919809 _____ C:\Users\Michelle\Downloads\ADA Cabinets - Vanity.zip
2016-02-01 13:30 - 2016-02-01 13:30 - 00000000 ____D C:\Users\Michelle\Downloads\ADA Cabinets - Vanity
2016-02-01 11:10 - 2016-02-01 11:10 - 00128795 _____ C:\Users\Michelle\Documents\WebAdvisor.pdf
2016-01-29 14:33 - 2016-01-29 14:33 - 00013029 _____ C:\Users\Michelle\Documents\items sold 2015.xlsx
2016-01-29 12:13 - 2016-01-29 12:13 - 00026003 _____ C:\Users\Michelle\Documents\paypal 2015 final.xlsx
2016-01-28 13:40 - 2016-01-29 10:24 - 00025598 _____ C:\Users\Michelle\Documents\paypal 2.xlsx
2016-01-28 13:40 - 2016-01-29 10:23 - 00025622 _____ C:\Users\Michelle\Documents\paypal 2015.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-26 06:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\tracing
2016-02-26 06:15 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-26 06:15 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-26 06:14 - 2009-07-14 00:13 - 00849900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-26 06:14 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-02-26 06:07 - 2011-01-19 15:31 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-02-26 06:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-26 06:05 - 2011-01-19 12:22 - 00000000 ____D C:\Users\Michelle
2016-02-25 19:31 - 2014-02-18 15:30 - 00000000 ____D C:\Users\McAfeeMVSUser
2016-02-25 19:15 - 2014-12-10 07:05 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2016-02-25 19:00 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-25 19:00 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-24 20:59 - 2013-03-01 10:15 - 00000000 ____D C:\Users\Michelle\AppData\LocalLow\Temp
2016-02-24 00:44 - 2011-01-12 11:07 - 00000000 ____D C:\ProgramData\PDFC
2016-02-23 14:42 - 2011-01-19 14:37 - 00000000 ____D C:\Users\Michelle\AppData\Local\ElevatedDiagnostics
2016-02-21 21:53 - 2015-05-13 13:39 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForMichelle.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files\Google
2016-02-21 21:53 - 2011-03-01 08:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-21 21:37 - 2015-05-13 13:39 - 00003206 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMichelle
2016-02-21 21:37 - 2011-03-01 08:06 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-21 21:37 - 2011-03-01 08:06 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-21 21:37 - 2011-01-19 12:30 - 00003418 _____ C:\Windows\System32\Tasks\ServicePlan
2016-02-21 21:27 - 2011-01-12 11:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-02-21 21:26 - 2014-03-28 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-21 21:22 - 2013-01-15 13:33 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-21 21:17 - 2011-01-12 11:22 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-02-21 21:17 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-21 21:14 - 2011-01-12 11:06 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\Users\Michelle\AppData\Local\Google
2016-02-21 21:08 - 2011-03-01 08:06 - 00000000 ____D C:\ProgramData\Google
2016-02-20 11:00 - 2015-04-14 11:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-20 10:58 - 2011-01-21 15:07 - 00000000 ____D C:\ProgramData\Adobe
2016-02-19 21:30 - 2009-07-24 14:22 - 00000000 ____D C:\Windows\Panther
2016-02-19 20:37 - 2014-06-26 11:49 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-02-19 20:27 - 2013-01-16 11:48 - 00002251 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 20:27 - 2013-01-16 11:48 - 00002222 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-01 15:30 - 2013-01-10 10:52 - 00000000 ____D C:\Users\Michelle\Documents\2020 Files
2016-01-28 13:09 - 2016-01-26 14:26 - 00020185 _____ C:\Users\Michelle\Documents\paypal 2015.csv
 
==================== Files in the root of some directories =======
 
2013-02-25 14:26 - 2013-02-25 14:28 - 0004987 _____ () C:\Users\Michelle\AppData\Roaming\FileDiagTool.log
2013-07-29 11:21 - 2013-07-29 11:32 - 0002331 _____ () C:\Users\Michelle\AppData\Roaming\FileDrTool.log
2013-07-31 12:59 - 2013-07-31 12:59 - 0004096 ____H () C:\Users\Michelle\AppData\Local\keyfile3.drm
2016-02-26 06:07 - 2016-02-26 06:07 - 0000000 ____H () C:\ProgramData\cm-lock
2013-02-28 12:02 - 2012-08-13 14:22 - 0004376 ____R () C:\ProgramData\P1100OS.HTM
2013-02-28 12:02 - 2012-07-16 17:28 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-19 22:16
 
==================== End of FRST.txt ============================
 
/////////////////////////////////////////////////
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
Ran by Michelle (2016-02-26 06:31:19)
Running from C:\Users\Michelle\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-01-19 17:22:16)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3824471614-4100467613-4293871112-500 - Administrator - Disabled)
Guest (S-1-5-21-3824471614-4100467613-4293871112-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3824471614-4100467613-4293871112-1010 - Limited - Enabled)
McAfeeMVSUser (S-1-5-21-3824471614-4100467613-4293871112-1008 - Limited - Enabled) => C:\Users\McAfeeMVSUser
Michelle (S-1-5-21-3824471614-4100467613-4293871112-1000 - Administrator - Enabled) => C:\Users\Michelle
QBDataServiceUser20 (S-1-5-21-3824471614-4100467613-4293871112-1006 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee® Security-as-a-Service (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee® Security-as-a-Service (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee® Security-as-a-Service (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
20-20 Design Version 9.0 (HKLM-x32\...\{5CF81B66-941B-4890-8D73-E6B8E848681F}) (Version: 9.0.0 - 20-20 Technologies inc)
20-20 Design Version 9.0 (x32 Version: 9.0.0 - 20-20 Technologies inc) Hidden
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
AlignmentUtility (x32 Version: 18.00.0000 - UPS) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
CCC (x32 Version: 18.00.0000 - United Parcel Service, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CinemaNow Media Manager (HKLM-x32\...\{6C122441-1861-4CD7-B1C5-A163A6984E12}) (Version: 1.9.1.105 - CinemaNow, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
CodeMeter Runtime Kit v5.00 (HKLM\...\{5FE750E9-5EB2-477C-86D2-4D886ABB0D01}) (Version: 5.00.1057.500 - WIBU-SYSTEMS AG)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2823 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Design (HKLM-x32\...\{D73E76B7-3FE2-4AEB-83B6-B31C4F077762}) (Version: 10.3.1.38 - 20-20 Technologies)
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 4.1.4030 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
Epson CreativeZone (HKLM-x32\...\{E6C82F8F-2031-4825-8CC3-98C5960875C1}) (Version:  - )
Epson Easy Photo Print 2 (HKLM-x32\...\{C1A0A3F9-C302-4A18-A2E0-71C927D24652}) (Version: 2.2.3.1 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (x32 Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
Epson Event Manager (HKLM-x32\...\{089EC7B5-6480-4478-ACF0-DEFD4047343C}) (Version: 2.40.0004 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
FormsComponent (x32 Version: 18.00.0000 - UPS) Hidden
FOSS (x32 Version: 18.00.0000 - UPS) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP MAINSTREAM KEYBOARD (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.4.3.0 - Hewlett-Packard)
HP MediaSmart CinemaNow 2.0 (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.1.4229 - Hewlett-Packard)
HP MediaSmart Music (HKLM-x32\...\InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}) (Version: 4.1.4301 - Hewlett-Packard)
HP MediaSmart Photo (HKLM-x32\...\InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}) (Version: 4.1.4211 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{5B08AF35-B699-4A44-BB89-3E51E70611E8}) (Version: 3.1.1.12 - Hewlett-Packard)
HP MediaSmart Video (HKLM-x32\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.1.4214 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BDDA1E1E-204E-4368-B0C2-737F16B76307}) (Version: 1.0.3.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{72D90DB3-A16A-4545-B555-868471101833}) (Version: 8.1.4186.3400 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.2.27173 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.212.0 - Advanced Micro Devices, Inc.) Hidden
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 18.00.0000 - UPS)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2823 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2823 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
Linksys EasyLink Advisor (HKLM-x32\...\Linksys EasyLink Advisor) (Version:  - Linksys By Cisco Systems)
Linksys EasyLink Advisor (x32 Version: 3.11.9139.94 - Linksys By Cisco Systems) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Browser Protection Service (HKLM-x32\...\McAfeeBrowserProtection) (Version: 6.0.3.138 - McAfee, Inc.) <==== ATTENTION
McAfee Firewall Protection Service (HKLM-x32\...\McAfee Managed Firewall) (Version: 6.0.3.138 - McAfee, Inc.)
McAfee SiteAdvisor Enterprise (x32 Version: 3.5.0.1204 - McAfee, Inc.) Hidden
McAfee Virus and Spyware Protection Service (HKLM-x32\...\MVS) (Version: 6.0.3.127 - McAfee, Inc.)
Merillat 20-20 Catalogs (HKLM-x32\...\{FA69D133-6732-4AB1-91A8-11B752F12AF4}) (Version:  - )
Merillat Order Form (HKLM-x32\...\{035AF550-8307-45B9-A3E2-2BB6E92A49D2}) (Version: 10.31.38 - 20-20 Technologies inc.)
Merillat Order Form (HKLM-x32\...\{A3B4EF50-DAA4-457D-81F6-7AAD20FF08FD}) (Version: 10.0.7 - 20-20 Technologies)
MerillatOrderForm (HKLM-x32\...\{EBAC456A-33D9-4234-9294-961F61C66E0D}) (Version: 1.00.000 - 20-20 Technologies inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 4.1.4030 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 4.1.4030 - Hewlett-Packard) Hidden
MSIChecker (x32 Version: 18.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NA1Messenger (x32 Version: 18.00.0000 - Your Company Name) Hidden
NRF (x32 Version: 18.00.0000 - UPS) Hidden
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)
PhotoNow! (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
PhotoNow! (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.28 - Hewlett-Packard Company)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PolicyManager (x32 Version: 18.00.0000 - UPS) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4022 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4022 - CyberLink Corp.) Hidden
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2906 - CyberLink Corp.)
PowerDirector (x32 Version: 8.0.2906 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-13231864975D}) (Version: 5.10.621.0 -  NewspaperDirect Inc.)
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
QuickBooks (x32 Version: 20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 23.0.4014.2305 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{0CFC5C64-A7D1-42C0-B8BF-03DFF0E6C54E}) (Version: 3.5.5 - Intuit)
QuickBooks Pro 2010 (HKLM-x32\...\{0700E22B-A422-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.)
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4004.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
Reconciler (x32 Version: 18.00.0000 - UPS) Hidden
Recovery Manager (x32 Version: 5.5.2926 - CyberLink Corp.) Hidden
ReportServer (x32 Version: 18.00.0000 - Your Company Name) Hidden
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SupportUtility (x32 Version: 18.00.0000 - UPS) Hidden
System (x32 Version: 18.00.0000 - UPS) Hidden
UnifiedPrinting (x32 Version: 18.00.0000 - UPS) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 18.0 - UPS)
UPSDB (x32 Version: 18.00.0000 - UPS) Hidden
UPSICC (x32 Version: 18.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 18.00.0000 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 17.00.0000 - UPS)
Wibu Share 64 Dll (HKLM-x32\...\{3359F638-219D-45DD-87A3-02718F299D8D}) (Version: 1.0.0 - 20-20 Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WorldShip (x32 Version: 18.00.0000 - UPS) Hidden
WSShared (x32 Version: 18.00.0000 - UPS) Hidden
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.0.2811 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.0.2811 - Zinio LLC) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05A6B0BA-0F3A-4C5F-9A80-1AAEEBC19573} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {24775D59-842F-4591-88D2-F71FCADE768B} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-05-25] ()
Task: {618220B0-270C-4A54-8A1B-B78D2C2D2976} - System32\Tasks\{A2884691-F253-41CC-A4F8-7D89475F244F} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-10] (SEIKO EPSON CORP.)
Task: {743BB385-1327-4BF6-953E-528A1D0DD7BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {86AA4B26-646B-44F2-81ED-C72A81E03410} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe [2009-02-27] ()
Task: {9710D665-0CE4-41B7-99E9-C35FFA15D3E8} - System32\Tasks\HPCeeScheduleForMichelle => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {A2C67CA4-EBCA-4C99-9802-3E34196A013E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-27] (Hewlett-Packard)
Task: {A63EE547-2731-4D61-AA9A-F4A73E2B4381} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {A7F55A11-68EF-40D0-B040-0E388FBA67AB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B752FAEE-3912-483C-82FB-2FC60D094BD2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {C5CF3D21-A8D5-4629-96A4-60265A50EAEB} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {CFED835B-43E7-4FD1-9E58-959F434D953C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
Task: {D2C40833-0420-4D5F-A93C-8AA40592C90A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9D6ED15-B882-487E-B4B8-AE2AC4D12DAE} - System32\Tasks\{0C6423FC-B540-48CD-96E2-2595B3C647DB} => C:\Windows\twain_32\escndv\escndv.exe [2009-01-10] (SEIKO EPSON CORP.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMichelle.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-02-23 11:03 - 2012-08-21 16:07 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2011-01-21 12:26 - 2007-07-18 10:45 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\dldodrpp.dll
2013-02-23 11:03 - 2012-08-21 16:07 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2011-01-12 11:21 - 2009-02-27 22:13 - 00053248 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2014-04-07 08:49 - 2014-03-05 14:21 - 00227688 _____ () C:\Program Files (x86)\McAfee\Managed VirusScan\VScan64\MVSShExt6.0.3.127.dll
2014-12-02 19:29 - 2014-12-02 19:29 - 00031848 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
2012-03-15 09:54 - 2012-03-15 09:54 - 00014848 ____R () C:\Program Files (x86)\Common Files\WIBU Shared\Plugins\5000093\5000093-BindingExtension.dll
2010-11-06 15:33 - 2010-11-06 15:33 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9fd2bc740df7be47afcc4601d4bb52af\IsdiInterop.ni.dll
2011-01-12 11:11 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-11-10 07:35 - 2015-11-10 07:35 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2015-11-10 04:09 - 2015-11-10 04:09 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2015-11-10 07:35 - 2015-11-10 07:35 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00577816 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2015-11-10 07:36 - 2015-11-10 07:36 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00148480 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2008-12-12 18:11 - 2008-12-12 18:11 - 00097280 _____ () C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-12-02 17:45 - 2014-12-02 17:45 - 00045056 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.NA1MessengerServer.dll
2014-12-02 17:24 - 2014-12-02 17:24 - 00018432 _____ () C:\UPS\WSTD\UPSResourceManager.dll
2014-12-02 17:39 - 2014-12-02 17:39 - 00053248 _____ () C:\UPS\WSTD\PolicyMgr\UPS.Components.PolicyHolder.dll
2014-12-02 17:39 - 2014-12-02 17:39 - 00024576 _____ () C:\UPS\WSTD\PolicyMgr\Microsoft.ApplicationBlocks.Data.dll
2011-01-12 11:21 - 2009-02-19 20:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
2016-02-19 20:27 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 20:26 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\.DEFAULT\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\.DEFAULT\...\microsoft.com -> hxxps://support.microsoft.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\...\microsoft.com -> hxxps://support.microsoft.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\driversupport.com -> hxxps://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\mcafeeasap.com -> hxxp://vs.mcafeeasap.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\mcafeeasap.com -> hxxps://vs.mcafeeasap.com
IE trusted site: HKU\S-1-5-21-3824471614-4100467613-4293871112-1008\...\microsoft.com -> hxxps://support.microsoft.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3824471614-4100467613-4293871112-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPAdvisorDock => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
MSCONFIG\startupreg: MSN Toolbar => "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe"
MSCONFIG\startupreg: MVS Splash => "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5672B15E-826D-4584-B0A7-D8EAC5BFD863}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{4EC344B6-8B0A-46E6-BB60-E66057A35530}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{6768AAD8-0C32-4318-912D-10545D1C4581}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\CinemaNow\CinemaNow.exe
FirewallRules: [{637A60AF-BC2D-4932-B460-A2C4B3729A1C}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{B0C2CF39-C62C-464C-9A7B-113E54DD8C57}] => (Allow) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
FirewallRules: [{9DC5B1E4-EDD1-4AAF-A8ED-BD6A068C45C7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{8C887965-E7B9-4A3F-8DBD-D201200AC265}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{F7790463-BF06-47EC-98D8-BB5525CE3B46}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{AAD84698-71E7-4425-AC3A-DD5370D5311C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{7ED6BCB6-B570-4B2E-9194-67622E637438}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{D608D922-A84C-416E-9C34-B05A153E60FB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{3CF6256E-F98D-4043-94EE-15733087360C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Photo\HPMediaSmartPhoto.exe
FirewallRules: [{26824ED7-EC29-4ABA-88C6-D014A7502B8D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\MediaSmart\Video\HPMediaSmartVideo.exe
FirewallRules: [{83964E44-D151-46BD-8656-1AF52E797FFA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Music\HPTouchSmartMusic.exe
FirewallRules: [{BFEDDDFF-94FD-41B2-9347-1A8D83DF19D3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{36A6E07C-6DF8-46D3-A486-2CD725F96C96}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{2A52724B-BA76-4714-A498-0050ACF918A8}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{033414EB-FF29-44F6-9E2D-C032DB9FFFE3}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [TCP Query User{846A39DD-2101-47D2-B53E-73B35FAD7323}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D59F9567-2FE1-4111-9774-D8B6E058C6FD}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{CA1D17D6-2818-41B7-9A8C-97C4D43FEDE1}] => (Allow) C:\Windows\System32\dldocoms.exe
FirewallRules: [{BCB050D3-B7FC-425F-BFDF-B479270E5763}] => (Allow) C:\Windows\System32\dldocoms.exe
FirewallRules: [{880812B8-CCFB-4E60-A528-EFE975BC3DFE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F775EBBD-15B1-4B16-A6C4-4398718934F7}] => (Allow) LPort=2869
FirewallRules: [{668D607C-DD62-482A-BE42-3E0D4D9EE956}] => (Allow) LPort=1900
FirewallRules: [{CDEC38A3-5EAE-4B65-B44E-99E87D7DEC5F}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4411E568-1D9D-443E-A00C-A02CB5F071C4}] => (Allow) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3D137977-32EA-4C6A-86DC-EC97D56728E8}] => (Allow) C:\Users\Michelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{91981FFC-081C-41D0-A7A9-10B93A164586}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{18BDF1C3-3D01-47E4-B660-DE984CA368A5}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{5644A59D-BC85-4334-B5C7-1FB084382EA8}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7A871150-C921-465D-BC2C-CD0FC98C3CB9}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{2A67791E-69D9-4D5B-8D29-AD20D5F440B2}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [TCP Query User{B2E1093A-33DE-4CA1-8067-CE4F7D0129A6}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{BE1492B7-0FC7-4577-BEEF-6D1F25C495E0}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{E918A142-0946-45EC-842B-B75E440F7E6C}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [{96E5D7F2-EC40-4FD6-9909-EA9E38B31ED2}] => (Allow) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
FirewallRules: [TCP Query User{9EFC0FB2-013C-4DE4-A5E7-A9E38918865D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{749B5BE2-7B5A-429C-9565-6049D9C0D4E3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{58155B7B-DFB5-4ED5-98C3-49A5EF1CED76}] => (Allow) LPort=67
FirewallRules: [{DDD551E5-D5CB-4BA6-8C81-F3DFD4575607}] => (Allow) C:\Program Files (x86)\20-20 Technologies\Design\Bin\System\design.exe
FirewallRules: [{0E9EF231-FAA5-4AD6-B137-ACE6FA2E607E}] => (Allow) LPort=4040
FirewallRules: [{30C7F1A7-181F-4E05-8D6A-0C58D32558A3}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B766CBA8-996D-4CD8-AACB-0CCC30E663C1}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1C918F64-CF1D-49C4-893E-F0D26385AD82}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{D26A86AC-B183-496E-B4A4-62145F1E3813}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{FE706CE2-80E6-4129-9360-D7DF8B60E72F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{6F6AE53F-BEB6-44C4-9257-E52E5D1D813B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{076B60B0-94A1-4063-BF62-704D187F79B6}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8431E916-C95A-465D-B4FA-88DABC8A8265}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{8E48E8A4-36C7-4184-8F66-A586B5041D9D}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
FirewallRules: [{0666F1B3-574E-446F-A7E1-98C7DDA3A95C}] => (Allow) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
 
==================== Restore Points =========================
 
21-02-2016 08:20:53 JRT Pre-Junkware Removal
21-02-2016 21:10:10 Removed HP Advisor.
21-02-2016 21:19:44 Removed Java 8 Update 40
25-02-2016 18:59:44 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/26/2016 06:28:10 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/26/2016 06:04:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/26/2016 06:02:01 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/26/2016 05:57:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/26/2016 12:13:32 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
FCS Copy Files Error 11.
 
Error: (02/25/2016 12:11:28 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
FCS Copy Files Error 11.
 
Error: (02/24/2016 09:13:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:42:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:42:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (02/24/2016 08:33:02 PM) (Source: MsiInstaller) (EventID: 1024) (User: Michelle-HP)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F0A4E5B00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (02/26/2016 06:25:37 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{3A556D1D-1E00-4677-AC7E-23EF6A9E7E46}.
The backup browser is stopping.
 
Error: (02/26/2016 06:08:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/26/2016 06:07:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 07:17:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/25/2016 07:16:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/25/2016 07:06:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (02/25/2016 07:05:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2016 09:36:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Linksys Updater service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/24/2016 09:35:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The APC Data Service service depends on the APC UPS Service service which failed to start because of the following error: 
%%1053
 
Error: (02/24/2016 09:35:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
CodeIntegrity:
===================================
  Date: 2016-02-19 08:59:11.329
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.517
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:10.081
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:09.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-19 08:59:09.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.318
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\Update.tmp\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-24 04:04:23.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\McAfee\Managed VirusScan\Agent\TPSTool.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3 CPU 540 @ 3.07GHz
Percentage of memory in use: 35%
Total physical RAM: 6007.08 MB
Available physical RAM: 3883.61 MB
Total Virtual: 12012.36 MB
Available Virtual: 9501.11 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:686.06 GB) (Free:570.83 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.48 GB) (Free:1.53 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 0249465E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=686.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 26 February 2016 - 07:11 AM


Ray's Request:

  • Please confirm that your backups are current and complete.  - YES
  • Confirm that one of your AV products is uninstalled. Which one is uninstalled?  -EMSISOFT was uninstalled
  • Copy and paste the entire contents of Fixlog.txt into the body of your message.  -DONE
  • Copy and paste the entire contents of FRST.txt and Addition.txt into the body of your message. - DONE
  • If the nuisance files recur, tell me about the circumstances of their creation. - Will update status tonight.
  • Debbie
  •  


#12 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 27 February 2016 - 10:12 AM

Success!  It's been 24 hours without a detection, and, there is no tmp0000XXXX/tmp00000... file in the Windows/Temp folder.

 

Thank you SO much!

 

Debbie



#13 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 27 February 2016 - 10:09 PM

Hi Worryd,
 
 
 

Success! It's been 24 hours without a detection, and, there is no tmp0000XXXX/tmp00000... file in the Windows/Temp folder.

 

Great! I don't think we should stop here, though. I'm particularly concerned about the persistence of the C:\ProgramData\cm-lock file and the fact that it shows an updated date/time stamp in each successive FRST log. It is a hidden file in a potentially sensitive location.


If any step below fails, just describe the symptoms for me and proceed to the next step. Please read through this entire message before you begin.

 

:step1: Submit cm-lock to VirusTotal

The cm-lock file may or may not be legitimate. Please submit it to VirusTotal for an online scan:

  • Please visit https://www.virustotal.com/.
  • Click the File tab.
  • Click Choose File.
  • Use the File Upload window to navigate to C:\ProgramData\cm-lock on your local PC and click Open.
  • Click the Scan it! button on the VirusTotal website.
  • After a short time, the analysis will be presented on a web page.
  • Please copy the URL of that page (https:// etc.) and paste it into your reply to me.

If you cant find cm-lock in C:\ProgramData\, please set your system to show all files.

  • Click Start > My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • Uncheck: Hide file extensions for known file types.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • When we are done with this topic, you can reverse these steps, if desired.

 

 

:step2: Try again to delete cm-lock

You will need a flash drive (AKA Thumb drive) for this procedure.


GrantPerms by Farbar

  • Download Grantperms (32 bit systems) or Grantperms64 (64 bit systems) and save it to your Desktop.
  • Unzip the file and launch Grantperms.exe or Grantperms64.exe.
  • Copy and paste the following into the edit box:
C:\ProgramData\cm-lock
  • Click List Permissions.
  • Click Unlock.
  • A small window should open with the message, "Unlock operation completed." Confirm seeing this message.
  • Copy and paste the contents of Perms.txt into the body of your reply. You can find Perms.txt on your Desktop.

If you need help extracting files from an archive (a ZIP file), see:
http://windows.microsoft.com/en-us/windows/compress-uncompress-files-zip-files#1TC=windows-7.



Create a new Fixlist.txt file
Press the windows key Windows_Logo_key.gif+ R on your keyboard at the same time. This will open the Run dialog box.
Type Notepad into the Run box and click OK.
Please copy the entire contents of the code box below into a new file.

start

2016-02-26 06:07 - 2016-02-26 06:07 - 00000000 ____H C:\ProgramData\cm-lock
Folder: C:\Windows\TEMP

End

Save the file as fixlist.txt onto your flash drive.
 


Download a fresh copy of FRST64.exe from Farbar Recovery Scan Tool and save it onto your flash drive. Note that Fixlist.txt and FRST64.exe must be in the same folder on your Flash drive.
 


Run FRST from the Recovery Environment

Enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded, begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and enter any required password then click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt


Select Command Prompt



Once in the Command Prompt:

  • After the Command Prompt window loads type notepad and press Enter.
  • In Notepad, click File > Open.
  • In the Files of type: window, select All files.
  • Navigate to your USB drive.
  • Right-click on FRST64 and select Run as administrator.
  • Click Fix.
  • FRST64 will create a log file (Fixlog.txt) on the USB drive.
  • When the fix is complete, click Scan.
  • FRST64 will create a scan file (FRST.txt) on the USB drive.
  • Copy and paste the entire contents of both files into your next reply.

 

 

:step3: In your next reply...

  • Please copy and paste the VirusTotal scan URL address into the body of your reply.
  • Copy and paste the contents of Perms.txt into the body of your reply.
  • Copy and paste the contents of Fixlog.txt and FRST.txt into the body of your reply.

How is your PC running now?
 
RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.


#14 worryd

worryd
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 28 February 2016 - 10:01 AM

hmm - this cannot be good.  I tried to upload CM-Lock to VirusTotal and got the message

"CM-Lock

This file is in use

Enter a new name or close the file that's open in another program."

 

Should I assume it's not legit and go to the next step of your instructions to delete it?



#15 RayS

RayS

  • Malware Study Hall Senior
  • 2,325 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:31 AM

Posted 01 March 2016 - 05:55 PM

Hi worrryd,

 

I apologize for the delay. I am experiencing an unavoidable glitch at my end. I'll have a substantive reply for you as soon as possible.

 

Meanwhile, please let me know if there has been any change in the status of your PC.

 

Thank you.

 

RayS


I don't accept payment for my help, but it would please me if you perform a kindness for your neighbor. You might also contact your local animal shelter. They can always use a bag of kibble or a few cans of pet food. Who knows... you might even find a life-long furry friend there.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users