Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware, Can't Run Avast, Avira or MBAM


  • This topic is locked This topic is locked
14 replies to this topic

#1 fmedwards3

fmedwards3

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 17 September 2016 - 02:09 AM

 
Unknown Malware, Can't Run Avast, Avira or MBAM
 
 
Before trying to check for malware as described below, Chrome browser had internet access .
Tried to install Avira on Win 7 desktop, but it could not update and would not run.
Then tried to install Avast, but got error that a service was not running, and manual start failed.
Tried to run  MBAM, but could not update - gave message about problem with host.
Computer now fails to connect to internet.
Copied FRST from flash drive to desktop.  FRST gave message that it could not update, but ran.  Log files are below.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2016
Ran by fmeadmin (administrator) on COMPACHOME (16-09-2016 21:45:48)
Running from C:\Users\fmeadmin\Desktop
Loaded Profiles: fmeadmin (Available Profiles: fmeadmin & onyx & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\fmeadmin\Desktop\FRST (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-08-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-16] (AVAST Software)
Startup: C:\Users\onyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-08-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{487B6B69-330F-4E07-8146-EAA55EB799B9}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3748692142-543628009-3005571777-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-16] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-16]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-19]
CHR Extension: (Google Docs) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-19]
CHR Extension: (Google Drive) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Google Sheets) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-16] (AVAST Software)
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-16] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [434144 2016-09-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-16] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-09-16] (AVAST Software)
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS33.SYS [205824 2009-07-13] (Conexant Systems, Inc.)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 21:45 - 2016-09-16 21:46 - 00007379 _____ C:\Users\fmeadmin\Desktop\FRST.txt
2016-09-16 21:45 - 2016-09-16 21:45 - 00000000 ____D C:\FRST
2016-09-16 21:45 - 2016-09-16 21:43 - 01749504 _____ (Farbar) C:\Users\fmeadmin\Desktop\FRST (1).exe
2016-09-16 21:23 - 2016-09-16 21:23 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-16 21:23 - 2016-09-16 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-16 21:23 - 2016-09-16 21:23 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-09-16 21:23 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-16 21:23 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-16 21:09 - 2016-09-16 21:23 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-16 21:09 - 2016-09-16 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-16 21:09 - 2016-09-16 21:18 - 00000000 ____D C:\Users\fmeadmin\Desktop\mbar
2016-09-16 21:09 - 2016-09-16 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-16 21:09 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-16 20:51 - 2016-09-16 20:17 - 06334848 _____ (AVAST Software) C:\Users\fmeadmin\Desktop\avast_free_antivirus_setup_online.exe
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\MSDOS.SYS
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\IO.SYS
2016-09-16 20:42 - 2016-09-16 20:42 - 00000000 ____D C:\Users\fmeadmin\AppData\Roaming\AVAST Software
2016-09-16 20:42 - 2016-09-16 20:42 - 00000000 ____D C:\Users\fmeadmin\AppData\Local\CEF
2016-09-16 20:41 - 2016-09-16 20:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00735488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00434144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00319760 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00224616 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00118664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00092256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00091232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00060424 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-09-16 20:41 - 2016-09-16 20:41 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00034008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-09-16 20:41 - 2016-09-16 20:41 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-09-16 20:41 - 2016-09-16 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-09-16 20:41 - 2016-09-16 20:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-16 20:40 - 2016-09-16 20:40 - 00000000 ____D C:\Program Files\AVAST Software
2016-09-16 20:38 - 2016-09-16 20:38 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-16 20:37 - 2016-09-16 20:37 - 00002089 _____ C:\Users\fmeadmin\Desktop\Avira Free Antivirus Setup.lnk
2016-09-13 14:43 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 14:43 - 2016-09-02 10:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 14:43 - 2016-09-02 10:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 14:43 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 14:43 - 2016-09-02 09:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 14:43 - 2016-09-02 09:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 14:43 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 14:43 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 14:43 - 2016-08-31 22:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 14:43 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 14:43 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 14:43 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 14:43 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 14:43 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 14:43 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 14:43 - 2016-08-31 21:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 14:43 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 14:43 - 2016-08-31 21:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 14:43 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 14:43 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 14:43 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 14:43 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 14:43 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 14:43 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 14:43 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 14:43 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 14:43 - 2016-08-31 20:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 14:43 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 14:43 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 14:43 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 14:43 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 14:43 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 14:43 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 14:43 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 14:43 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 14:43 - 2016-08-15 21:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 14:43 - 2016-08-15 21:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 14:43 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-29 20:20 - 2016-08-30 20:39 - 00012028 _____ C:\Users\onyx\Desktop\Tree Cutting 2016.xlsx
2016-08-29 20:15 - 2016-08-29 20:15 - 00000000 ____D C:\Users\onyx\Documents\OneNote Notebooks
2016-08-17 16:15 - 2016-07-08 10:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-16 21:29 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\addins
2016-09-16 21:23 - 2015-08-23 00:04 - 00175838 _____ C:\Windows\ntbtlog.txt
2016-09-16 20:39 - 2015-08-22 20:35 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-16 20:39 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-09-16 19:52 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-16 19:52 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 19:14 - 2015-10-31 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-16 18:13 - 2015-10-31 14:41 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 18:13 - 2015-10-31 14:41 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-16 18:12 - 2015-10-31 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-16 16:31 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-14 11:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-09-14 03:27 - 2009-07-13 23:33 - 00414792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 03:10 - 2015-10-22 05:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 03:03 - 2015-10-22 05:31 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-20 20:02 - 2015-01-07 14:49 - 00000000 ____D C:\Users\onyx\Desktop\Caroline Edwards Wedding 12.6.14
 
==================== Files in the root of some directories =======
 
2010-09-25 19:04 - 2010-09-25 19:04 - 0069632 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacAdv.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0126976 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacStmp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0028672 _____ (Elibrium, Inc) C:\Program Files\Common Files\MYSWHelpComp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0094208 _____ (Avanquest Publishing USA Inc.) C:\Program Files\Common Files\regdll.dll
2015-10-18 17:46 - 2015-10-18 17:46 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\fmeadmin\AppData\Local\Temp\ose00000.exe
C:\Users\fmeadmin\AppData\Local\Temp\ose00001.exe
C:\Users\fmeadmin\AppData\Local\Temp\ose00002.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 18:49
 
==================== End of FRST.txt ============================
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2016
Ran by fmeadmin (16-09-2016 21:46:25)
Running from C:\Users\fmeadmin\Desktop
Windows 7 Enterprise Service Pack 1 (X86) (2015-08-23 01:39:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3748692142-543628009-3005571777-500 - Administrator - Disabled)
fmeadmin (S-1-5-21-3748692142-543628009-3005571777-1000 - Administrator - Enabled) => C:\Users\fmeadmin
Guest (S-1-5-21-3748692142-543628009-3005571777-501 - Limited - Disabled)
onyx (S-1-5-21-3748692142-543628009-3005571777-1001 - Limited - Enabled) => C:\Users\onyx
UpdatusUser (S-1-5-21-3748692142-543628009-3005571777-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (Version: 1.2.11 - CANON INC.) Hidden
Canon MF Toolbox 4.9.1.1.mf17 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Check Designer (HKLM\...\{A5E65B95-F016-474D-BC0D-6AF64412BBDF}) (Version: 14.0.1.0 - Avanquest North America Inc.)
EaseUS MobiSaver for Android version 4.5 (HKLM\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.5 - CHENGDU YIWO Tech Development Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
MyCheckBook (HKLM\...\{4729A3D9-F958-4214-A198-ECA9715D47D0}) (Version: 12.0.0 - Avanquest North America Inc.)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDFlite 2.0.0.0 (HKLM\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
Toner Status (HKLM\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3748692142-543628009-3005571777-1000_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\PDFlite\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-3748692142-543628009-3005571777-1000_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\PDFlite\PdfFilter.dll (Simon Bünzli)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {41D38118-6B7E-4DE5-8BB9-D2DBE33D8A4D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {4F7F27CB-95FA-41EC-98C6-AAC5EC5CAFBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {B1655E0B-0FB3-447D-9BF4-526F22C70C96} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2013-08-30] (CANON INC.)
Task: {B9E76C41-ED3F-40A5-8213-EEBA2A15D215} - System32\Tasks\{7C4CC3CF-8DF7-4F69-B66C-E2709E55170B} => pcalua.exe -a C:\Users\fmeadmin\Desktop\Office2007\setup.exe -d C:\Users\fmeadmin\Desktop\Office2007
Task: {BF634616-4C1F-41F6-869D-C8750BEF908F} - System32\Tasks\{ADBDBE6E-55F4-4601-9470-A09F57C54B3A} => pcalua.exe -a E:\Office2007\setup.exe -d E:\Office2007
Task: {C5732A01-66AE-4D69-87A7-E23FE856879B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {D92B096C-37E4-415E-96B6-E4C097B638EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3748692142-543628009-3005571777-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v2.0.50727_32 => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: IKEEXT => 3
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: odserv => 3
MSCONFIG\Services: ose => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: StiSvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wudfsvc => 2
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
MSCONFIG\startupreg: Canon Toner Status => C:\Program Files\Canon\OIPTonerStatus\CnTnrStsTask.exe
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MFNetworkScanUtility => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7431271-37FD-452E-96EC-E9490C0AA0F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{70DD5510-4B76-400C-92CB-BFD36BC7A203}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1599FB57-6744-4DEA-A48C-BFFD7074C56A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/16/2016 08:41:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AVAST Software\Avast\setup\iplugins\IStats.dll".
Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/16/2016 07:53:41 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
 
Error: (09/16/2016 07:53:41 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x8007043C
 
Error: (07/13/2016 03:01:39 AM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Performance monitoring cannot be initialized for the gatherer object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Restart the computer.
 
Context:  Application, SystemIndex Catalog
 
Error: (05/18/2016 06:32:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18315, time stamp: 0x571ae616
Faulting module name: ntdll.dll, version: 6.1.7601.23418, time stamp: 0x5708a7a8
Exception code: 0xc0000005
Fault offset: 0x00031d76
Faulting process id: 0xce4
Faulting application start time: 0x01d1b15d7f9bd910
Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: bf737980-1d50-11e6-889e-00248c9d10ba
 
Error: (12/19/2015 10:37:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MInst.exe version 8.3.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d64
 
Start Time: 01d13ad73b5e3b50
 
Termination Time: 0
 
Application Path: C:\Users\fmeadmin\AppData\Local\Temp\_MINSTD_\MInst.exe
 
Report Id:
 
Error: (10/30/2015 11:58:53 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 177c
 
Start Time: 01d1133384ded170
 
Termination Time: 40
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (10/22/2015 05:36:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MyCheck.exe, version: 12.0.0.0, time stamp: 0x4edef564
Faulting module name: mshtml.dll, version: 11.0.9600.18057, time stamp: 0x55f8e889
Exception code: 0xc0000005
Fault offset: 0x004a4c56
Faulting process id: 0xad4
Faulting application start time: 0x01d10d129176cef0
Faulting application path: C:\Program Files\MySoftware\MyCheckBook\MyCheck.exe
Faulting module path: C:\Windows\System32\mshtml.dll
Report Id: 4df63140-790d-11e5-8934-00248c9d10ba
 
Error: (10/22/2015 09:41:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CheckDesigner.exe, version: 14.0.1.0, time stamp: 0x532a3272
Faulting module name: CheckDesigner.exe, version: 14.0.1.0, time stamp: 0x532a3272
Exception code: 0xc0000005
Fault offset: 0x0002eca5
Faulting process id: 0x9a8
Faulting application start time: 0x01d10cd7af6a43f0
Faulting application path: C:\Program Files\MySoftware\CheckDesigner\CheckDesigner.exe
Faulting module path: C:\Program Files\MySoftware\CheckDesigner\CheckDesigner.exe
Report Id: f166b090-78ca-11e5-88b1-00248c9d10ba
 
Error: (10/22/2015 02:31:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CheckDesigner.exe, version: 14.0.1.0, time stamp: 0x532a3272
Faulting module name: CheckDesigner.exe, version: 14.0.1.0, time stamp: 0x532a3272
Exception code: 0xc0000005
Fault offset: 0x0002eca5
Faulting process id: 0xdcc
Faulting application start time: 0x01d10c97f9664840
Faulting application path: C:\Program Files\MySoftware\CheckDesigner\CheckDesigner.exe
Faulting module path: C:\Program Files\MySoftware\CheckDesigner\CheckDesigner.exe
Report Id: e8ed9690-788e-11e5-88b1-00248c9d10ba
 
 
System errors:
=============
Error: (09/16/2016 09:29:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Unknown Malware, Can't Run Avast, Avira or MBAM
 
 
 
Processor: AMD Athlon™ 7550 Dual-Core Processor
Percentage of memory in use: 15%
Total physical RAM: 2942.49 MB
Available physical RAM: 2485.21 MB
Total Virtual: 5883.31 MB
Available Virtual: 5463.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:760.45 GB) NTFS
Drive e: () (Removable) (Total:3.82 GB) (Free:3.49 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D5BEB04A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 007F87A4)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 19 September 2016 - 07:45 PM

Greetings fmedwards3 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 19 September 2016 - 08:28 PM

Greetings and thank you again for your patience.

Your computer is clean. Let's start with this to see if we can identify and overcome some system issues.

===================================================

Setting Selective Startup via msconfig

--------------------
  • Hit the Windows Key + R at the same time
  • Type msconfig and hit Enter
  • Click the General tab
  • Select the following entries

Selective startup
Load system services
Load startup items

  • Click Apply then OK
  • Click Restart
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 19 September 2016 - 10:08 PM

While waiting for your first response, I noticed that trying to ping another computer on the network resulted in the following, "Unable to contact IP driver.  General failure."  Further checking showed the computer was getting an IP address beginning with 169.xx.xx.xx instead of its normal 192.xx.xx.xx

 

*********************************************************

Thanks for your response.  I did as instructed above and the computer is now connecting to the internet.


Edited by fmedwards3, 19 September 2016 - 10:10 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 19 September 2016 - 10:12 PM

Excellent.

Please run another FRST scan with Addition.txt checked and post the reports.

Edited by Oh My!, 19 September 2016 - 10:12 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 19 September 2016 - 10:28 PM

I am ending for the evening but will check back first thing in the morning.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 19 September 2016 - 11:05 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-09-2016
Ran by onyx (ATTENTION: The user is not administrator) on COMPACHOME (19-09-2016 22:19:09)
Running from C:\Users\onyx\Downloads
Loaded Profiles: onyx & UpdatusUser (Available Profiles: fmeadmin & onyx & UpdatusUser)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> svchost.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> nvxdsync.exe
Failed to access process -> nvvsvc.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
Failed to access process -> sppsvc.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
Failed to access process -> SearchIndexer.exe
Failed to access process -> HPSupportSolutionsFrameworkService.exe
Failed to access process -> daemonu.exe
Failed to access process -> svchost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [472728 2012-09-27] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Canon Toner Status] => C:\Program Files\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\S-1-5-21-3748692142-543628009-3005571777-1001\...\MountPoints2: {36d36bd8-e5d9-11e5-881e-00248c9d10ba} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-3748692142-543628009-3005571777-1001\...\MountPoints2: {36d36bf9-e5d9-11e5-881e-00248c9d10ba} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-08-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\onyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-08-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{487B6B69-330F-4E07-8146-EAA55EB799B9}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-3748692142-543628009-3005571777-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
URLSearchHook: [S-1-5-21-3748692142-543628009-3005571777-1002] ATTENTION => Default URLSearchHook is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-3748692142-543628009-3005571777-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default [2016-09-19]
CHR Extension: (Google Slides) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-31]
CHR Extension: (Google Docs) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-31]
CHR Extension: (Google Drive) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-31]
CHR Extension: (YouTube) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-31]
CHR Extension: (Google Search) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-31]
CHR Extension: (Google Sheets) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-31]
CHR Extension: (Google Docs Offline) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-31]
CHR Extension: (Chrome Media Router) - C:\Users\onyx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-30]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 lmhosts; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS33.SYS [205824 2009-07-13] (Conexant Systems, Inc.)
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 22:19 - 2016-09-19 22:19 - 00009344 _____ C:\Users\onyx\Downloads\FRST.txt
2016-09-19 22:18 - 2016-09-19 22:18 - 01750528 _____ (Farbar) C:\Users\onyx\Downloads\FRST.exe
2016-09-17 17:54 - 2016-09-17 17:54 - 00000000 ____D C:\ProgramData\Avg
2016-09-17 02:25 - 2016-09-17 02:25 - 00000000 ____D C:\Users\onyx\AppData\Local\CEF
2016-09-16 21:45 - 2016-09-19 22:19 - 00000000 ____D C:\FRST
2016-09-16 21:09 - 2016-09-16 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-16 21:09 - 2016-09-16 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\MSDOS.SYS
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\IO.SYS
2016-09-16 20:41 - 2016-09-16 20:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-09-16 20:41 - 2016-09-16 20:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-16 20:38 - 2016-09-17 17:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-13 14:43 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 14:43 - 2016-09-02 10:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 14:43 - 2016-09-02 10:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 14:43 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 14:43 - 2016-09-02 09:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 14:43 - 2016-09-02 09:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 14:43 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 14:43 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 14:43 - 2016-08-31 22:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 14:43 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 14:43 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 14:43 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 14:43 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 14:43 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 14:43 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 14:43 - 2016-08-31 21:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 14:43 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 14:43 - 2016-08-31 21:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 14:43 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 14:43 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 14:43 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 14:43 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 14:43 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 14:43 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 14:43 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 14:43 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 14:43 - 2016-08-31 20:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 14:43 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 14:43 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 14:43 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 14:43 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 14:43 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 14:43 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 14:43 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 14:43 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 14:43 - 2016-08-15 21:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 14:43 - 2016-08-15 21:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 14:43 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-29 20:20 - 2016-08-30 20:39 - 00012028 _____ C:\Users\onyx\Desktop\Tree Cutting 2016.xlsx
2016-08-29 20:15 - 2016-08-29 20:15 - 00000000 ____D C:\Users\onyx\Documents\OneNote Notebooks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 22:03 - 2015-08-22 20:35 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-19 22:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-09-19 21:59 - 2015-10-31 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-19 21:59 - 2015-10-31 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-19 21:58 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-19 21:58 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-19 21:58 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-16 21:29 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\addins
2016-09-16 21:23 - 2015-08-23 00:04 - 00175838 _____ C:\Windows\ntbtlog.txt
2016-09-16 18:13 - 2015-10-31 14:41 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 18:13 - 2015-10-31 14:41 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-14 11:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-09-14 03:27 - 2009-07-13 23:33 - 00414792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 03:10 - 2015-10-22 05:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 03:03 - 2015-10-22 05:31 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-08-20 20:02 - 2015-01-07 14:49 - 00000000 ____D C:\Users\onyx\Desktop\Caroline Edwards Wedding 12.6.14
 
==================== Files in the root of some directories =======
 
2010-09-25 19:04 - 2010-09-25 19:04 - 0069632 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacAdv.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0126976 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacStmp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0028672 _____ (Elibrium, Inc) C:\Program Files\Common Files\MYSWHelpComp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0094208 _____ (Avanquest Publishing USA Inc.) C:\Program Files\Common Files\regdll.dll
2015-10-18 17:46 - 2015-10-18 17:46 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD. The user is not administrator
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-09-2016
Ran by onyx (19-09-2016 22:19:53)
Running from C:\Users\onyx\Downloads
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) (2015-08-23 01:39:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3748692142-543628009-3005571777-500 - Administrator - Disabled)
fmeadmin (S-1-5-21-3748692142-543628009-3005571777-1000 - Administrator - Enabled) => C:\Users\fmeadmin
Guest (S-1-5-21-3748692142-543628009-3005571777-501 - Limited - Disabled)
onyx (S-1-5-21-3748692142-543628009-3005571777-1001 - Limited - Enabled) => C:\Users\onyx
UpdatusUser (S-1-5-21-3748692142-543628009-3005571777-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (Version: 1.2.11 - CANON INC.) Hidden
Canon MF Toolbox 4.9.1.1.mf17 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Check Designer (HKLM\...\{A5E65B95-F016-474D-BC0D-6AF64412BBDF}) (Version: 14.0.1.0 - Avanquest North America Inc.)
EaseUS MobiSaver for Android version 4.5 (HKLM\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.5 - CHENGDU YIWO Tech Development Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
MyCheckBook (HKLM\...\{4729A3D9-F958-4214-A198-ECA9715D47D0}) (Version: 12.0.0 - Avanquest North America Inc.)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDFlite 2.0.0.0 (HKLM\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
Toner Status (HKLM\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\avast! Emergency Update.job => 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job =>  <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job =>  <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-16 18:13 - 2016-09-13 19:38 - 01806152 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-16 18:13 - 2016-09-13 19:38 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\53.0.2785.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3748692142-543628009-3005571777-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avast! Antivirus => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7431271-37FD-452E-96EC-E9490C0AA0F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{70DD5510-4B76-400C-92CB-BFD36BC7A203}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1599FB57-6744-4DEA-A48C-BFFD7074C56A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (09/19/2016 09:47:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:45:30 PM on ‎9/‎19/‎2016 was unexpected.
 
Error: (09/17/2016 05:48:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:47:08 PM on ‎9/‎17/‎2016 was unexpected.
 
Error: (09/17/2016 02:13:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:34 AM on ‎9/‎17/‎2016 was unexpected.
 
Error: (09/16/2016 09:29:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 7550 Dual-Core Processor
Percentage of memory in use: 36%
Total physical RAM: 2942.49 MB
Available physical RAM: 1872.54 MB
Total Virtual: 5883.31 MB
Available Virtual: 4753.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:760.86 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 20 September 2016 - 08:41 AM

Thanks for the information but I would like you to run it again after logging in as fmeadmin. Running the program as an Administrator will give us a more accurate report. Be sure to check Addition.txt.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 22 September 2016 - 12:03 AM

Here are the new scan results.  Thanks for your continued assistance.

*****************************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-09-2016
Ran by fmeadmin (administrator) on COMPACHOME (21-09-2016 21:27:40)
Running from C:\Users\fmeadmin\Downloads
Loaded Profiles: fmeadmin & UpdatusUser (Available Profiles: fmeadmin & onyx & UpdatusUser)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(CANON INC.) C:\Program Files\Canon\OIPTonerStatus\CnTnrStsTask.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT.EXE [472728 2012-09-27] (CANON INC.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Canon Toner Status] => C:\Program Files\Canon\OIPTonerStatus\CnTnrStsTask.exe [1821240 2014-04-10] (CANON INC.)
HKLM\...\Run: [AvastUI.exe] => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-08-28] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\onyx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-08-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
Tcpip\..\Interfaces\{487B6B69-330F-4E07-8146-EAA55EB799B9}: [DhcpNameServer] 8.8.8.8 8.8.4.4 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3748692142-543628009-3005571777-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files\PDFlite\npPdfViewer.dll [2014-02-26] (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default [2016-09-21]
CHR Extension: (Google Slides) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-19]
CHR Extension: (Google Docs) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-19]
CHR Extension: (Google Drive) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-19]
CHR Extension: (YouTube) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-19]
CHR Extension: (Google Search) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-19]
CHR Extension: (Google Sheets) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-19]
CHR Extension: (Google Docs Offline) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-12]
CHR Extension: (Gmail) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-19]
CHR Extension: (Chrome Media Router) - C:\Users\fmeadmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 SrvHsfPCIe; C:\Windows\System32\DRIVERS\VSTBS33.SYS [205824 2009-07-13] (Conexant Systems, Inc.)
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 21:27 - 2016-09-21 21:28 - 00007250 _____ C:\Users\fmeadmin\Downloads\FRST.txt
2016-09-21 21:26 - 2016-09-21 21:26 - 01753088 _____ (Farbar) C:\Users\fmeadmin\Downloads\FRST.exe
2016-09-19 23:16 - 2016-09-19 23:16 - 00003193 _____ C:\Users\onyx\Downloads\print-graph-paper.com.pdf
2016-09-19 22:19 - 2016-09-19 22:20 - 00023204 _____ C:\Users\onyx\Downloads\FRST.txt
2016-09-19 22:19 - 2016-09-19 22:20 - 00014431 _____ C:\Users\onyx\Downloads\Addition.txt
2016-09-19 22:18 - 2016-09-19 22:18 - 01750528 _____ (Farbar) C:\Users\onyx\Downloads\FRST.exe
2016-09-17 18:26 - 2016-09-17 18:26 - 00007605 _____ C:\Users\fmeadmin\AppData\Local\Resmon.ResmonCfg
2016-09-17 17:54 - 2016-09-17 17:54 - 00000000 ____D C:\Users\fmeadmin\AppData\Local\AvgSetupLog
2016-09-17 17:54 - 2016-09-17 17:54 - 00000000 ____D C:\Users\fmeadmin\AppData\Local\Avg
2016-09-17 17:54 - 2016-09-17 17:54 - 00000000 ____D C:\ProgramData\Avg
2016-09-17 02:25 - 2016-09-17 02:25 - 00000000 ____D C:\Users\onyx\AppData\Local\CEF
2016-09-16 21:45 - 2016-09-21 21:27 - 00000000 ____D C:\FRST
2016-09-16 21:09 - 2016-09-16 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-16 21:09 - 2016-09-16 21:18 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\MSDOS.SYS
2016-09-16 20:50 - 2016-09-16 20:50 - 00000000 __RSH C:\IO.SYS
2016-09-16 20:42 - 2016-09-16 20:42 - 00000000 ____D C:\Users\fmeadmin\AppData\Local\CEF
2016-09-16 20:41 - 2016-09-16 20:41 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00039832 _____ () C:\Windows\system32\Drivers\staport.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-09-16 20:41 - 2016-09-16 20:41 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-16 20:38 - 2016-09-17 17:53 - 00000000 ____D C:\ProgramData\AVAST Software
2016-09-13 14:43 - 2016-09-02 10:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-13 14:43 - 2016-09-02 10:21 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-13 14:43 - 2016-09-02 10:21 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-13 14:43 - 2016-09-02 10:18 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-13 14:43 - 2016-09-02 10:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-13 14:43 - 2016-09-02 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-13 14:43 - 2016-09-02 09:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-13 14:43 - 2016-09-02 09:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-13 14:43 - 2016-09-02 09:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-13 14:43 - 2016-09-02 09:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-13 14:43 - 2016-09-02 09:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-13 14:43 - 2016-09-02 09:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-13 14:43 - 2016-09-01 13:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-13 14:43 - 2016-08-31 22:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-13 14:43 - 2016-08-31 22:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-13 14:43 - 2016-08-31 22:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-13 14:43 - 2016-08-31 21:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-13 14:43 - 2016-08-31 21:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-13 14:43 - 2016-08-31 21:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-13 14:43 - 2016-08-31 21:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-13 14:43 - 2016-08-31 21:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-13 14:43 - 2016-08-31 21:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-13 14:43 - 2016-08-31 21:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-13 14:43 - 2016-08-31 21:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-13 14:43 - 2016-08-31 21:24 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-13 14:43 - 2016-08-31 21:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-13 14:43 - 2016-08-31 21:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-13 14:43 - 2016-08-31 21:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-13 14:43 - 2016-08-31 20:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-13 14:43 - 2016-08-31 20:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-13 14:43 - 2016-08-31 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-13 14:43 - 2016-08-31 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-13 14:43 - 2016-08-31 20:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-13 14:43 - 2016-08-31 20:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-13 14:43 - 2016-08-31 20:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-13 14:43 - 2016-08-31 20:31 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-13 14:43 - 2016-08-31 20:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-13 14:43 - 2016-08-31 20:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-13 14:43 - 2016-08-31 20:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-13 14:43 - 2016-08-31 20:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-13 14:43 - 2016-08-31 20:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-13 14:43 - 2016-08-31 19:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-13 14:43 - 2016-08-31 19:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-13 14:43 - 2016-08-31 19:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-13 14:43 - 2016-08-15 21:48 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-13 14:43 - 2016-08-15 21:28 - 02399232 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-13 14:43 - 2016-08-12 11:21 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-13 14:43 - 2016-08-06 10:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-08-29 20:20 - 2016-08-30 20:39 - 00012028 _____ C:\Users\onyx\Desktop\Tree Cutting 2016.xlsx
2016-08-29 20:15 - 2016-08-29 20:15 - 00000000 ____D C:\Users\onyx\Documents\OneNote Notebooks
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-21 21:24 - 2015-10-31 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-21 21:24 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-21 21:23 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-21 21:23 - 2009-07-13 23:34 - 00010304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-21 20:59 - 2015-10-31 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-19 22:03 - 2015-08-22 20:35 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-19 22:03 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2016-09-17 18:16 - 2015-08-22 21:09 - 00001915 _____ C:\Users\fmeadmin\Desktop\Command Prompt.lnk
2016-09-16 21:29 - 2009-07-13 23:52 - 00000000 ____D C:\Windows\addins
2016-09-16 21:23 - 2015-08-23 00:04 - 00175838 _____ C:\Windows\ntbtlog.txt
2016-09-16 18:13 - 2015-10-31 14:41 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-16 18:13 - 2015-10-31 14:41 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-14 11:19 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2016-09-14 03:27 - 2009-07-13 23:33 - 00414792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-14 03:10 - 2015-10-22 05:32 - 00000000 ____D C:\Windows\system32\MRT
2016-09-14 03:03 - 2015-10-22 05:31 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2010-09-25 19:04 - 2010-09-25 19:04 - 0069632 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacAdv.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0126976 _____ (Elibrium, LLC) C:\Program Files\Common Files\ClacStmp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0028672 _____ (Elibrium, Inc) C:\Program Files\Common Files\MYSWHelpComp.dll
2010-09-25 19:04 - 2010-09-25 19:04 - 0094208 _____ (Avanquest Publishing USA Inc.) C:\Program Files\Common Files\regdll.dll
2016-09-17 18:26 - 2016-09-17 18:26 - 0007605 _____ () C:\Users\fmeadmin\AppData\Local\Resmon.ResmonCfg
2015-10-18 17:46 - 2015-10-18 17:46 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\fmeadmin\AppData\Local\Temp\ose00000.exe
C:\Users\fmeadmin\AppData\Local\Temp\ose00001.exe
C:\Users\fmeadmin\AppData\Local\Temp\ose00002.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-15 18:49
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by fmeadmin (21-09-2016 21:28:26)
Running from C:\Users\fmeadmin\Downloads
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) (2015-08-23 01:39:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3748692142-543628009-3005571777-500 - Administrator - Disabled)
fmeadmin (S-1-5-21-3748692142-543628009-3005571777-1000 - Administrator - Enabled) => C:\Users\fmeadmin
Guest (S-1-5-21-3748692142-543628009-3005571777-501 - Limited - Disabled)
onyx (S-1-5-21-3748692142-543628009-3005571777-1001 - Limited - Enabled) => C:\Users\onyx
UpdatusUser (S-1-5-21-3748692142-543628009-3005571777-1002 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.14 (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Canon Laser Printer/Scanner/Fax Extended Survey Program (HKLM\...\Canon Laser Printer/Scanner/Fax Extended Survey Program) (Version: 1.2.11.10002 - CANON INC.)
Canon Laser Printer/Scanner/Fax Extended Survey Program (Version: 1.2.11 - CANON INC.) Hidden
Canon MF Toolbox 4.9.1.1.mf17 (HKLM\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf17 - CANON INC.)
Canon MF220 Series (HKLM\...\{33A079E0-BF49-4E97-9293-3EDDA6D130A4}) (Version: 4.5.0.0 - CANON INC.)
Check Designer (HKLM\...\{A5E65B95-F016-474D-BC0D-6AF64412BBDF}) (Version: 14.0.1.0 - Avanquest North America Inc.)
EaseUS MobiSaver for Android version 4.5 (HKLM\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.5 - CHENGDU YIWO Tech Development Co., Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
MyCheckBook (HKLM\...\{4729A3D9-F958-4214-A198-ECA9715D47D0}) (Version: 12.0.0 - Avanquest North America Inc.)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDFlite 2.0.0.0 (HKLM\...\PDFlite) (Version: 2.0.0.0 - Amnis Technology Ltd)
Toner Status (HKLM\...\{6E9A516A-6189-4502-80FD-51BE28989CEB}) (Version: 1.0.0.0 - CANON INC.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3748692142-543628009-3005571777-1000_Classes\CLSID\{3D3B1846-CC43-42AE-BFF9-D914083C2BA3}\InprocServer32 -> C:\Program Files\PDFlite\PdfPreview.dll (Simon Bünzli)
CustomCLSID: HKU\S-1-5-21-3748692142-543628009-3005571777-1000_Classes\CLSID\{55808EA8-81FE-43c6-AAE8-1D8149F941D3}\InprocServer32 -> C:\Program Files\PDFlite\PdfFilter.dll (Simon Bünzli)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {41D38118-6B7E-4DE5-8BB9-D2DBE33D8A4D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {4F7F27CB-95FA-41EC-98C6-AAC5EC5CAFBD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
Task: {B1655E0B-0FB3-447D-9BF4-526F22C70C96} - System32\Tasks\Canon\OIPPESP\Canon OIP Product Extended Survey Program => C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe [2013-08-30] (CANON INC.)
Task: {B9E76C41-ED3F-40A5-8213-EEBA2A15D215} - System32\Tasks\{7C4CC3CF-8DF7-4F69-B66C-E2709E55170B} => pcalua.exe -a C:\Users\fmeadmin\Desktop\Office2007\setup.exe -d C:\Users\fmeadmin\Desktop\Office2007
Task: {BF634616-4C1F-41F6-869D-C8750BEF908F} - System32\Tasks\{ADBDBE6E-55F4-4601-9470-A09F57C54B3A} => pcalua.exe -a E:\Office2007\setup.exe -d E:\Office2007
Task: {C5732A01-66AE-4D69-87A7-E23FE856879B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {D92B096C-37E4-415E-96B6-E4C097B638EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-10-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-22 20:45 - 2013-01-31 04:00 - 00079648 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-09-21 16:37 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2015-10-02 07:18 - 2013-08-26 07:12 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2015-10-21 22:07 - 2010-10-19 02:15 - 00010448 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\CAPPP2K.DLL
2015-09-21 16:41 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3748692142-543628009-3005571777-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: avast! Antivirus => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7431271-37FD-452E-96EC-E9490C0AA0F6}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{70DD5510-4B76-400C-92CB-BFD36BC7A203}] => (Allow) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{1599FB57-6744-4DEA-A48C-BFFD7074C56A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
09-07-2016 10:45:11 Scheduled Checkpoint
13-07-2016 03:00:21 Windows Update
16-07-2016 03:00:29 Windows Update
23-07-2016 11:56:33 Scheduled Checkpoint
02-08-2016 06:13:54 Scheduled Checkpoint
10-08-2016 21:23:58 Scheduled Checkpoint
11-08-2016 03:00:30 Windows Update
18-08-2016 03:00:20 Windows Update
24-08-2016 03:00:18 Windows Update
31-08-2016 17:02:22 Scheduled Checkpoint
09-09-2016 17:26:21 Scheduled Checkpoint
14-09-2016 03:00:31 Windows Update
21-09-2016 20:51:30 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/19/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
 
 
Operation:
   Instantiating VSS server
 
Error: (09/18/2016 12:00:00 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (09/19/2016 10:50:38 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (09/19/2016 09:47:01 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:45:30 PM on ‎9/‎19/‎2016 was unexpected.
 
Error: (09/17/2016 05:48:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:47:08 PM on ‎9/‎17/‎2016 was unexpected.
 
Error: (09/17/2016 02:13:56 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:34 AM on ‎9/‎17/‎2016 was unexpected.
 
Error: (09/16/2016 09:29:52 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 09:21:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
aswRvrt
aswSnx
aswSP
aswVmm
discache
spldr
Wanarpv6
 
Error: (09/16/2016 08:52:23 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (09/16/2016 08:49:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 7550 Dual-Core Processor
Percentage of memory in use: 25%
Total physical RAM: 2942.49 MB
Available physical RAM: 2181.91 MB
Total Virtual: 5883.31 MB
Available Virtual: 5114.35 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:761.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D5BEB04A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 22 September 2016 - 08:37 AM

Thank you for the information.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-3748692142-543628009-3005571777-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 23 September 2016 - 03:04 PM

1.  Computer seems to be running fine.
2.  What anti-malware software do you prefer?
3.  Log file contents follow:
 
Fix result of Farbar Recovery Scan Tool (x86) Version: 21-09-2016
Ran by fmeadmin (23-09-2016 14:58:25) Run:1
Running from C:\Users\onyx\Desktop
Loaded Profiles: fmeadmin & onyx & UpdatusUser (Available Profiles: fmeadmin & onyx & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
SearchScopes: HKU\S-1-5-21-3748692142-543628009-3005571777-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
U0 aswVmm; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKU\S-1-5-21-3748692142-543628009-3005571777-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
aswVmm => service removed successfully.
Synth3dVsc => service removed successfully.
tsusbhub => service removed successfully.
VGPU => service removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5967285 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 245382901 B
Edge => 0 B
Chrome => 87997055 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 29568153 B
LocalService => 66228 B
NetworkService => 391612 B
fmeadmin => 29552321 B
onyx => 140764698 B
UpdatusUser => 0 B
 
RecycleBin => 1250854178 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:58:53 ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 23 September 2016 - 04:12 PM

Greetings and thanks for the information.

I don't recommend any one antivirus program but for whatever it is worth personally I use Avast Free. Apart from that are there any other questions or concerns before I post some closing comments?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 fmedwards3

fmedwards3
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:10:36 PM

Posted 24 September 2016 - 01:58 AM

No further questions.  Thanks so much.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 24 September 2016 - 02:37 PM

Excellent,

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,624 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 25 September 2016 - 08:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users