clckr Posted September 27, 2015 ID:992485 Share Posted September 27, 2015 My computer is infected with malware. I keep getting ads from engineadsupply.com and sheknows.com popping up in new windows on both Microsoft Edge and Google Chrome. I have run both Windows Defender and Malwarebytes in safe mode and they show no infection. I ran farbar and am attaching the first.txt and addition.txt files. Would someone please help me get rid of this? Thanks, DonnaAddition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 27, 2015 ID:992486 Share Posted September 27, 2015 Hello, They call me TwinHeadedEagle around here, and I'll try to help your with your issue. Before we start please read and note the following:We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.Note that we may live in totally different time zones, what may cause some delays between answers.Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me! There are no silly questions. Never be afraid to ask if in doubt! Rules and policies We won't support any piracy. That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding! Failure to follow these guidelines will result with closing your topic and withdrawning any assistance. Scan with ZOEKPlease download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)Temporary disable your AntiVirus and AntiSpyware protection - instructions here.createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";bRight-click on icon and select Run as Administrator to start the tool.Wait patiently until the main console will appear, it may take a minute or two.In the main box please paste in the following script:Make sure that Scan All Users option is checked.Push Run Script and wait patiently. The scan may take a couple of minutes.When the scan completes, a zoek-results logfile should open in notepad.If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)Post its content into your next reply. Link to post Share on other sites More sharing options...
clckr Posted September 27, 2015 Author ID:992505 Share Posted September 27, 2015 Thank you so much for your help! Here is what Zoek said: Zoek.exe v5.0.0.0 Updated 27-09-2015Tool run by donna_000 on Sun 09/27/2015 at 11:38:18.17.Microsoft Windows 10 Home 10.0.10240 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\donna_000\Desktop\zoek.exe [scan all users] [Quick Scan] [Auto Clean] ==== System Restore Info ====================== 9/27/2015 11:51:23 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfullyC:\Users\QBDataServiceUser23\AppData\LocalLow deleted successfullyC:\Users\donna_000\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\donna_000\AppData\Local\EmieSiteList deleted successfullyC:\Users\donna_000\AppData\Local\EmieUserList deleted successfullyC:\Users\donna_000\AppData\Local\MediaShow deleted successfullyC:\Users\donna_000\AppData\Local\NetworkTiles deleted successfullyC:\Users\donna_000\AppData\Local\PackageStaging deleted successfullyC:\Users\donna_000\AppData\Local\pinger.com deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\install.exe deletedC:\PROGRA~3\Package Cache deletedC:\Users\donna_000\AppData\Local\{26768782-66EB-49F0-8A7D-A646D1B5852D} deletedC:\Users\donna_000\AppData\Local\{75B9D29E-0C4B-45C7-81AF-BD5C2387A379} deletedC:\Users\donna_000\AppData\Local\{A391D62E-D35A-469C-952C-C1EE2052BDAE} deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted"C:\Users\donna_000\AppData\Local\{7ED936D7-0CD5-4F6F-A7A2-40CC122881DE}" deleted ==== Files Recently Created / Modified ====================== ====== C:\WINDOWS ========== C:\Users\DONNA_~1\AppData\Local\Temp ========== Java Cache =========== C:\WINDOWS\SysWOW64 =========== C:\WINDOWS\SysWOW64\drivers =========== C:\WINDOWS\Sysnative =====2015-09-27 15:28:10 18581D141079E0116F4D7318B615791D 16148 ----a-w- C:\WINDOWS\Sysnative\DONNA_donna_000_HistoryPrediction.bin====== C:\WINDOWS\Sysnative\drivers =====2015-09-17 22:00:17 67AC9F7B3E1A9C8BDB76C1761EA2E20C 4629744 ----a-w- C:\WINDOWS\Sysnative\drivers\rtwlane.sys2015-08-28 21:19:49 C67A03F54A1EA683F4880A481EE5FF6C 373072 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS====== C:\WINDOWS\Tasks ======2015-09-21 14:17:44 D2826D8BA265E689CF2544847DDA9965 3742 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore2015-09-21 14:17:44 4E5D513D56415067696785D78027297D 916 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-09-21 14:17:44 4B15EE883D5275E4A5A1AC0EA813DEF0 912 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-09-21 14:17:44 0F960AB6391D203613B81AC8EF6FB85F 3974 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA2015-09-02 23:32:36 FE2E8AAC46FDF6A18D6A29307B681D73 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job====== C:\WINDOWS\Temp ============= C:\Program Files =====2015-09-15 01:48:24 -------- d-----w- C:\Program Files\iPod2015-09-15 01:48:16 -------- d-----w- C:\Program Files\iTunes======= C:\PROGRA~2 =====2015-09-21 14:17:31 -------- d-----w- C:\PROGRA~2\Google2015-09-15 01:48:25 -------- d-----w- C:\PROGRA~2\iTunes2015-09-01 13:40:29 -------- d-----w- C:\PROGRA~2\Citrix======= C: =========== C:\Users\donna_000\AppData\Roaming ======2015-09-21 14:17:19 -------- d-----w- C:\Users\donna_000\AppData\Local\Google====== C:\Users\donna_000 ======2015-09-21 14:18:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-09-21 14:16:35 FD2048552915F1E001E56BD936D5B3C4 929872 ----a-w- C:\Users\donna_000\Downloads\ChromeSetup (1).exe2015-09-18 13:11:18 D4DC35D50455CDA1E8BC20E993DE3BDB 1662976 ----a-w- C:\Users\donna_000\Downloads\AdwCleaner.exe2015-09-17 13:00:29 8F95CEF8F5E14277BE4E9365F268B949 2192384 ----a-w- C:\Users\donna_000\Downloads\FRST64.exe2015-09-15 01:51:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes ====== C: exe-files ===== C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe""OneDrive"="C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64""Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64""Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s""Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup""BrStsWnd"="C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun""PMSpeed"="C:\Program Files (x86)\NewSoft\Presto PageManager 9.04\PMSpeed.EXE""HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe""OneDrive"="C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64""Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64""Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch""RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s""RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /ANDREA_BF_BYPASS""SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui""OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe""OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe""ShipWorksScheduler$0D6950460F08419AAA258995FEA5B023"="C:\Program Files\ShipWorks\ShipWorks.exe /s=Scheduler""WrtMon.exe"="C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe""IgfxTray"="C:\Windows\system32\igfxtray.exe""HotKeysCmds"="C:\Windows\system32\hkcmd.exe""Persistence"="C:\Windows\system32\igfxpers.exe""iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe""SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [08/11/2015 06:04 AM]C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job --a-------- C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [09/19/2015 01:46 PM]C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job --a-------- C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [09/19/2015 01:46 PM]C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:17 AM]C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:17 AM]C:\WINDOWS\tasks\HPCeeScheduleFordonna_000.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [06/16/2015 09:51 AM]C:\WINDOWS\tasks\UKGoods 1406223383.job --ah------- [undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]"C:\WINDOWS\SysNative\tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001" [C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe]"C:\WINDOWS\SysNative\tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001" [C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe]"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]"C:\WINDOWS\SysNative\tasks\HPCeeScheduleFordonna_000" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]"C:\WINDOWS\SysNative\tasks\UKGoods 1406223383" [C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exe]"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{27B263AA-EC1F-4277-B86E-5BD2BD6309A4}" [C:\Windows\system32\msfeedssync.exe]"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{8EDABC21-996F-430A-9A78-69EC0D8AD7F6}" [C:\Windows\system32\msfeedssync.exe]"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"]"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe] ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 Google Slides - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoekGoogle Drive - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfYouTube - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfGoogle Sheets - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejapGoogle Docs Offline - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhiChrome Hotword Shared Module - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgChrome Web Store Payments - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmiedaGmail - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\7V6NQD37 will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\H8YT734V will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCCEH1PU will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\LPIMM53C will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=152 folders=36 2684046636 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptiedC:\Users\DONNA_~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\7V6NQD37" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\H8YT734V" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCCEH1PU" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\LPIMM53C" not found ==== EOF on Sun 09/27/2015 at 13:00:21.48 ====================== Cheers, Donna Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 27, 2015 ID:992527 Share Posted September 27, 2015 No, this is not what I asked you to do. Link to post Share on other sites More sharing options...
clckr Posted September 28, 2015 Author ID:992607 Share Posted September 28, 2015 Sorry about that! I didn't see the part about running the script. Here are the results of the script: Zoek.exe Version 4.0.0.5 Updated 27-09-2015Tool run by donna_000 on Mon 09/28/2015 at 7:49:02.40.Microsoft Windows 10 Home 10.0.10240 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\donna_000\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results-old.log 17024 bytes ==== System Restore Info ====================== 9/28/2015 7:58:32 AM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\QBDataServiceUser23\AppData\LocalLow deleted successfullyC:\Users\Administrator\AppData\Local\Google deleted successfullyC:\Users\donna_000\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Chromium Look ====================== Google Chrome Version: 45.0.2454.101 Chrome Hotword Shared Module - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4" ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\8QX6N9XJ will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\T6Z7XB6H will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\TVWBN9BV will be deleted at rebootC:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\X8QVBIFQ will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptiedC:\Users\DONNA_~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\8QX6N9XJ" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\T6Z7XB6H" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\TVWBN9BV" not found"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\X8QVBIFQ" not found ==== EOF on Mon 09/28/2015 at 9:28:49.67 ====================== Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 29, 2015 ID:992775 Share Posted September 29, 2015 This is much better. How is your PC behaving now? Link to post Share on other sites More sharing options...
clckr Posted September 29, 2015 Author ID:992795 Share Posted September 29, 2015 I am still getting engine4dsply.com ads coming up in a new windows. This window also changes to show ads from showme.com and fanduel.com. Google is using an extremely large amount of CPU (40-60%) even though the page has already rendered. There are also 3 instances of chrome showing in my task manager. I have no extensions or addons. Thanks for all your help! I really do appreciate it!!!! Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 29, 2015 ID:992826 Share Posted September 29, 2015 Scan with Farbar Recovery Scan Tool Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Make sure that Addition option is checked.Press Scan button and wait.The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.Please include their content into your next reply. Link to post Share on other sites More sharing options...
clckr Posted September 29, 2015 Author ID:992875 Share Posted September 29, 2015 Okay. I've run farbar. Here is the first.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015Ran by donna_000 (administrator) on DONNA (29-09-2015 17:06:48)Running from C:\Users\donna_000\DownloadsLoaded Profiles: donna_000 & QBDataServiceUser23 (Available Profiles: donna_000 & Admin & QBDataServiceUser23 & Administrator)Platform: Windows 10 Home (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Edge)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe(Microsoft Corporation) C:\Windows\System32\alg.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSpeed.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe(Atandra) C:\Atandra\T-HUB10\Turbo.THUB.WindowsServicesController.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbextclr11.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-08-23] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-23] (Realtek Semiconductor)HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)HKLM\...\Run: [shipWorksScheduler$0D6950460F08419AAA258995FEA5B023] => C:\Program Files\ShipWorks\ShipWorks.exe [22933136 2015-08-03] (Interapptive®, Inc.)HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSpeed.EXE [116632 2010-07-13] (NewSoft Technology Corporation)HKLM-x32\...\Run: [smBizcard] => [X]HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\MountPoints2: {9d1be676-4878-11e4-827e-806e6f6e6963} - "F:\Launch.exe"HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2014-05-31]ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-05-17]ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BulletScan Manager.lnk [2014-08-27]ShortcutTarget: BulletScan Manager.lnk -> C:\Program Files (x86)\BulletScan\BulletScan Manager\ButtonManager.exe (iVina Ltd.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-05-09]ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-05-09]ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-05-09]ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-HUB Automator.lnk [2014-05-10]ShortcutTarget: T-HUB Automator.lnk -> C:\Windows\Installer\{4FDEA7E6-5DA1-49A8-B110-16D45578F4CC}\_9DBB04F494F436382103A4.exe ()Startup: C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2014-05-31]ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.10.1Tcpip\..\Interfaces\{36c8226a-4cf0-4b90-8419-a3d2eb5c2454}: [DhcpNameServer] 172.20.10.1Tcpip\..\Interfaces\{3D191CC1-C3D9-40BA-91A4-8203A4FCBB3D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1Tcpip\..\Interfaces\{6adbe3fd-848f-4485-93b8-56320d9681c6}: [DhcpNameServer] 192.168.40.4Tcpip\..\Interfaces\{7d83df18-ab48-47d8-96c2-ab77a8046b73}: [DhcpNameServer] 192.168.10.1Tcpip\..\Interfaces\{97d53714-613f-48f9-b315-09bed8f0e5d1}: [DhcpNameServer] 10.1.10.1Tcpip\..\Interfaces\{aa4914be-7bec-474a-be5b-ff783be8eb92}: [DhcpNameServer] 192.168.10.1 Internet Explorer:==================HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1005 -> {B2592692-15CE-4F47-AC80-B7A6ACB51B4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No FileBHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation) FireFox:========FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1922649430-2310944725-4124380653-1001: @citrixonline.com/appdetectorplugin -> C:\Users\donna_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online) Chrome:=======CHR HomePage: Default -> hxxp://hotair.com/CHR Profile: C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]CHR Extension: (Google Drive) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-21]CHR Extension: (YouTube) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]CHR Extension: (Google Search) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-21]CHR Extension: (Google Sheets) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]CHR Extension: (Google Docs Offline) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-21]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21]CHR Extension: (Gmail) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-21] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)R3 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2015-07-11] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)R2 MSSQL$SHIPWORKS; c:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)R2 MSSQL$THUBDBSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed]R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-23] (Realtek Semiconductor)S2 SQLAgent$SHIPWORKS; c:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)S2 SQLAgent$THUBDBSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-05] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)S3 CXPLRCAP; C:\Windows\system32\drivers\elvidcap.sys [150896 2012-08-20] (Elgato Systems GmbH)R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-29] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-17] (Realtek Semiconductor Corporation )S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 17:06 - 2015-09-29 17:08 - 00024004 _____ C:\Users\donna_000\Downloads\FRST.txt2015-09-29 16:56 - 2015-09-29 16:56 - 00016148 _____ C:\WINDOWS\system32\DONNA_donna_000_HistoryPrediction.bin2015-09-28 09:29 - 2015-09-28 09:29 - 00000000 ___HD C:\OneDriveTemp2015-09-28 09:05 - 2015-09-28 07:48 - 00024064 _____ C:\WINDOWS\zoek-delete.exe2015-09-28 09:02 - 2015-09-28 09:02 - 00000000 ____D C:\Users\donna_000\AppData\Local\NetworkTiles2015-09-28 07:58 - 2015-09-28 09:28 - 00004678 _____ C:\zoek-results.log2015-09-28 07:48 - 2015-09-28 07:48 - 00000000 ____D C:\zoek_backup2015-09-27 13:38 - 2015-09-27 13:38 - 00000140 _____ C:\Users\donna_000\Desktop\RecoverOn.reg2015-09-27 11:50 - 2015-09-27 13:00 - 00017024 _____ C:\zoek-results-old.log2015-09-27 09:41 - 2015-09-27 12:35 - 00000000 ____D C:\zoek_backup_old2015-09-27 09:35 - 2015-09-27 09:41 - 01308672 _____ C:\Users\donna_000\Desktop\zoek.exe2015-09-27 09:04 - 2015-09-27 09:04 - 00000000 ____D C:\Users\donna_000\Downloads\FRST-OlderVersion2015-09-22 10:05 - 2015-09-22 10:06 - 00000098 _____ C:\Users\donna_000\Documents\bluecross problem.txt2015-09-21 10:18 - 2015-09-26 13:18 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk2015-09-21 10:18 - 2015-09-21 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-09-21 10:17 - 2015-09-29 09:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-09-21 10:17 - 2015-09-28 11:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-09-21 10:17 - 2015-09-21 12:22 - 00000000 ____D C:\Users\donna_000\AppData\Local\Google2015-09-21 10:17 - 2015-09-21 10:18 - 00000000 ____D C:\Program Files (x86)\Google2015-09-21 10:17 - 2015-09-21 10:17 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-09-21 10:17 - 2015-09-21 10:17 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-09-21 10:16 - 2015-09-21 10:17 - 00929872 _____ (Google Inc.) C:\Users\donna_000\Downloads\ChromeSetup (1).exe2015-09-19 11:31 - 2015-09-19 11:31 - 00024576 _____ C:\Users\donna_000\Documents\budget.xls2015-09-19 11:13 - 2015-09-19 11:13 - 00040960 _____ C:\Users\donna_000\Downloads\2796_attchmnt.xls2015-09-19 09:16 - 2015-09-19 09:17 - 00000999 _____ C:\Users\donna_000\Downloads\250016384016693 (1).txt2015-09-19 08:45 - 2015-09-19 08:45 - 00002145 _____ C:\Users\donna_000\Downloads\242163957016691.txt2015-09-18 09:12 - 2015-09-22 09:24 - 00000000 ____D C:\AdwCleaner2015-09-18 09:11 - 2015-09-18 09:11 - 01662976 _____ C:\Users\donna_000\Downloads\AdwCleaner.exe2015-09-17 18:00 - 2015-09-17 18:00 - 04629744 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys2015-09-17 09:01 - 2015-09-29 17:07 - 00000000 ____D C:\FRST2015-09-17 09:00 - 2015-09-27 09:04 - 02192384 _____ (Farbar) C:\Users\donna_000\Downloads\FRST64.exe2015-09-14 21:51 - 2015-09-14 21:51 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk2015-09-14 21:51 - 2015-09-14 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-09-14 21:48 - 2015-09-14 21:51 - 00000000 ____D C:\Program Files\iTunes2015-09-14 21:48 - 2015-09-14 21:48 - 00000000 ____D C:\Program Files\iPod2015-09-14 21:48 - 2015-09-14 21:48 - 00000000 ____D C:\Program Files (x86)\iTunes2015-09-12 12:32 - 2015-09-12 12:32 - 00000108 ____H C:\Users\donna_000\Downloads\.~lock.207862759016681.txt#2015-09-08 16:15 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll2015-09-08 16:15 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys2015-09-08 16:15 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys2015-09-08 16:15 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2015-09-08 16:15 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe2015-09-08 16:15 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll2015-09-08 16:15 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2015-09-08 16:15 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2015-09-08 16:15 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe2015-09-08 16:15 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll2015-09-08 16:15 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2015-09-08 16:15 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll2015-09-08 16:15 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2015-09-08 16:15 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2015-09-08 16:15 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll2015-09-08 16:15 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2015-09-08 16:15 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2015-09-08 16:15 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe2015-09-08 16:15 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll2015-09-08 16:15 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll2015-09-08 16:15 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll2015-09-08 16:15 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2015-09-08 16:15 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll2015-09-08 16:15 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll2015-09-08 16:15 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2015-09-08 16:15 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll2015-09-08 16:15 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll2015-09-08 16:15 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2015-09-08 16:15 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2015-09-08 16:15 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll2015-09-08 16:15 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2015-09-08 16:15 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll2015-09-08 11:40 - 2015-09-08 11:41 - 00832968 _____ C:\WINDOWS\Minidump\090815-25296-01.dmp2015-09-08 11:40 - 2015-09-08 11:40 - 00000000 ____D C:\WINDOWS\Minidump2015-09-03 17:29 - 2015-09-03 17:29 - 00002227 _____ C:\Users\Public\Desktop\Total Tester.lnk2015-09-03 08:03 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2015-09-02 19:32 - 2015-09-22 08:15 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job2015-09-01 09:40 - 2015-09-01 09:40 - 00000000 ____D C:\Program Files (x86)\Citrix2015-09-01 08:39 - 2015-09-01 08:39 - 00004984 _____ C:\Users\donna_000\Downloads\SharpesDevil.odm ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-29 16:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru2015-09-29 16:56 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log2015-09-29 16:56 - 2015-01-15 13:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-09-29 09:25 - 2014-08-27 14:07 - 00000598 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job2015-09-29 08:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness2015-09-29 07:53 - 2015-05-31 05:54 - 00000694 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job2015-09-28 11:42 - 2015-08-05 20:01 - 00000000 ____D C:\Users\QBDataServiceUser232015-09-28 11:33 - 2014-08-27 13:24 - 00000000 ____D C:\Users\donna_000\AppData\Roaming\.oit2015-09-28 11:33 - 2014-05-13 12:17 - 00000467 _____ C:\WINDOWS\Brownie.ini2015-09-28 11:33 - 2014-05-09 19:31 - 00000000 ___DO C:\Users\donna_000\SkyDrive2015-09-28 11:31 - 2015-08-05 20:02 - 00000000 ____D C:\Users\donna_0002015-09-28 11:30 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-09-28 09:26 - 2015-08-05 19:51 - 00018716 _____ C:\WINDOWS\PFRO.log2015-09-28 09:26 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI2015-09-27 12:54 - 2014-05-18 11:21 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordonna_000.job2015-09-27 11:34 - 2014-05-18 11:21 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordonna_0002015-09-27 11:34 - 2014-05-11 11:44 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log2015-09-26 15:31 - 2014-05-09 20:40 - 00000000 ____D C:\ProgramData\Intuit2015-09-26 08:01 - 2013-11-09 15:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information2015-09-26 07:57 - 2014-12-25 12:23 - 00000000 ____D C:\ProgramData\Skype2015-09-26 07:29 - 2014-05-09 19:28 - 00000000 ____D C:\Users\donna_000\AppData\Local\Packages2015-09-25 10:12 - 2014-05-10 14:39 - 00000000 ____D C:\Users\donna_000\AppData\Local\Hewlett-Packard2015-09-23 08:29 - 2014-07-15 13:34 - 00000600 _____ C:\Users\donna_000\AppData\Roaming\winscp.rnd2015-09-22 10:56 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp2015-09-19 13:46 - 2015-05-31 05:54 - 00003852 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-10012015-09-19 13:46 - 2014-08-27 14:07 - 00003756 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-10012015-09-18 09:00 - 2015-08-05 19:59 - 01215438 _____ C:\WINDOWS\system32\PerfStringBackup.INI2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-09-15 08:51 - 2015-08-05 21:07 - 00002393 _____ C:\Users\donna_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk2015-09-14 21:48 - 2014-05-15 18:48 - 00000000 ____D C:\Program Files\Common Files\Apple2015-09-13 11:25 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup2015-09-13 11:24 - 2014-04-02 02:45 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll2015-09-08 18:52 - 2015-07-10 08:20 - 00249248 _____ C:\WINDOWS\system32\FNTCACHE.DAT2015-09-08 18:49 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser2015-09-08 18:48 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal2015-09-08 17:33 - 2014-05-10 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT2015-09-08 11:41 - 2015-07-10 08:20 - 00028557 _____ C:\WINDOWS\setupact.log2015-09-08 11:40 - 2014-05-12 14:10 - 488276013 _____ C:\WINDOWS\MEMORY.DMP2015-09-03 18:03 - 2014-04-02 03:12 - 00000000 ____D C:\ProgramData\McAfee2015-09-03 18:03 - 2014-04-02 03:12 - 00000000 ____D C:\Program Files (x86)\McAfee2015-09-03 17:59 - 2015-07-31 11:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee2015-09-03 17:59 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP2015-09-03 17:59 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM2015-09-03 17:58 - 2013-11-09 15:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection2015-09-03 17:56 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated2015-09-03 17:56 - 2013-04-11 13:24 - 00000000 ____D C:\Users\Keith2015-09-03 17:29 - 2015-02-14 14:15 - 00000000 ____D C:\Program Files (x86)\Total Seminars2015-09-02 17:12 - 2015-02-14 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Seminars2015-09-02 17:10 - 2014-05-29 12:14 - 00000000 ____D C:\WINDOWS\BulletScan2015-09-02 08:42 - 2013-11-09 15:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat2015-09-02 08:37 - 2013-11-09 15:41 - 00000000 ____D C:\ProgramData\WildTangent2015-09-02 08:37 - 2013-11-09 15:41 - 00000000 ____D C:\Program Files (x86)\WildTangent Games2015-09-01 09:38 - 2014-08-27 14:07 - 00000000 ____D C:\Users\donna_000\AppData\Local\Citrix2015-08-31 14:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache2015-08-30 19:06 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF ==================== Files in the root of some directories ======= 2014-05-11 08:37 - 2014-05-31 14:45 - 27045552 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe2014-07-15 13:34 - 2015-09-23 08:29 - 0000600 _____ () C:\Users\donna_000\AppData\Roaming\winscp.rnd2015-03-04 13:22 - 2015-05-11 11:10 - 0000600 _____ () C:\Users\donna_000\AppData\Local\PUTTY.RND2014-07-23 12:49 - 2015-08-09 18:18 - 0007597 _____ () C:\Users\donna_000\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signedC:\WINDOWS\system32\wininit.exe => File is digitally signedC:\WINDOWS\explorer.exe => File is digitally signedC:\WINDOWS\SysWOW64\explorer.exe => File is digitally signedC:\WINDOWS\system32\svchost.exe => File is digitally signedC:\WINDOWS\SysWOW64\svchost.exe => File is digitally signedC:\WINDOWS\system32\services.exe => File is digitally signedC:\WINDOWS\system32\User32.dll => File is digitally signedC:\WINDOWS\SysWOW64\User32.dll => File is digitally signedC:\WINDOWS\system32\userinit.exe => File is digitally signedC:\WINDOWS\SysWOW64\userinit.exe => File is digitally signedC:\WINDOWS\system32\rpcss.dll => File is digitally signedC:\WINDOWS\system32\dnsapi.dll => File is digitally signedC:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signedC:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-20 11:35 ==================== End of FRST.txt ============================ Here is addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015Ran by donna_000 (2015-09-29 17:09:36)Running from C:\Users\donna_000\DownloadsWindows 10 Home (X64) (2015-08-06 00:55:33)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-1922649430-2310944725-4124380653-1004 - Administrator - Enabled) => C:\Users\AdminAdministrator (S-1-5-21-1922649430-2310944725-4124380653-500 - Administrator - Disabled) => C:\Users\AdministratorDefaultAccount (S-1-5-21-1922649430-2310944725-4124380653-503 - Limited - Disabled)donna_000 (S-1-5-21-1922649430-2310944725-4124380653-1001 - Administrator - Enabled) => C:\Users\donna_000Guest (S-1-5-21-1922649430-2310944725-4124380653-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1922649430-2310944725-4124380653-1003 - Limited - Enabled)QBDataServiceUser23 (S-1-5-21-1922649430-2310944725-4124380653-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Application Compatibility Toolkit (Version: 8.59.25584 - Microsoft) HiddenAssessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)Assessments on Client (x32 Version: 8.59.25584 - Microsoft) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Brother HL-2170W (HKLM-x32\...\{65AD8FC4-0450-4921-B752-F207319AE35C}) (Version: 1.00 - Brother)BulletScan Manager (HKLM-x32\...\{25D30402-0A13-4422-8E57-A37E71A7D880}) (Version: 2.0.34 - iVina)BulletScan OCR Engine - Powered by ABBYY (HKLM-x32\...\{870E5EB9-E561-4C94-80BF-8A3D4DB46624}) (Version: - )Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) HiddenEnergy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.28.15 - Google Inc.) HiddenGoToMeeting 7.3.0.3499 (HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)Inst5675 (Version: 8.00.57 - Softex Inc.) HiddenInst5676 (Version: 8.00.57 - Softex Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) HiddenMalwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version: - Microsoft Corporation)Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{CEA86648-87FA-4775-8F3B-A57F720BAE85}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.6.0 - Mozilla)Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)Presto! BizCard 6 (HKLM-x32\...\{4F9D15B4-0F57-4B84-94AE-C1286C8D4443}) (Version: 6.10.12 - NewSoft Technology Corporation)Presto! BizCard 6 (x32 Version: 6.10.12 - NewSoft) HiddenPresto! PageManager 9.04 SE (HKLM-x32\...\{5B8B1BAA-79B5-4F3A-89CD-B2D6045C82A7}) (Version: 9.04.00 - Newsoft Technology Corporation)QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) HiddenQuickBooks Premier: Mfg and Whsle Edition 2013 (HKLM-x32\...\{3FB9742A-ACE0-4B63-91C2-AD4A77E41554}) (Version: 23.0.4001.2305 - Intuit Inc.)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)S300 (HKLM-x32\...\S300) (Version: - )S400 (HKLM-x32\...\S400) (Version: - )ShipWorks® 4.2.0.8030 (HKLM\...\{0D695046-0F08-419A-AA25-8995FEA5B023}_is1) (Version: 4.2.0.8030 - Interapptive®, Inc.)SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server 2012 Common Files (x32 Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server 2012 Database Engine Services (x32 Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server 2012 Database Engine Shared (x32 Version: 11.0.2100.60 - Microsoft Corporation) HiddenSQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) HiddenSql Server Customer Experience Improvement Program (x32 Version: 11.0.2100.60 - Microsoft Corporation) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)T-HUB (HKLM-x32\...\{4FDEA7E6-5DA1-49A8-B110-16D45578F4CC}) (Version: 10.1.451 - Atandra)Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) HiddenTotal Tester CompTIA Network+ N10-005/6 Premium v6.2 (HKLM-x32\...\{CF562A0E-59E5-41A1-B3FC-28AA97EFE169}) (Version: 12.6.2 - Total Seminars, LLC)Total Tester Network+ N10-006 Book Demo v6.3 (HKLM-x32\...\{A869BF56-374B-4E18-86F6-D5BBCCD86392}) (Version: 12.6.2 - Total Seminars, LLC)User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) HiddenVideo Capture v5.09.1202.00 (HKLM-x32\...\Video Capture v5.09.1202.00) (Version: 5.09.1202.00 - Elgato Systems)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)WinSCP 5.7.2 (HKLM-x32\...\winscp3_is1) (Version: 5.7.2 - Martin Prikryl)WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) HiddenWPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)CustomCLSID: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 13-09-2015 11:21:36 HPSF Applying updates17-09-2015 17:58:44 Windows Update22-09-2015 10:52:58 Windows Update26-09-2015 07:43:45 Removed Elgato Video Capture27-09-2015 11:50:09 zoek.exe restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0719F7F3-B218-4EAE-9095-79180765E749} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTIONTask: {0F81C8DA-96DF-4C22-93EE-5A1BE530A6F7} - System32\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001 => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)Task: {1FC4916D-071C-4BF5-A465-7D09D9D74E69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTIONTask: {2E897D90-54BB-44D8-8C08-0D593CF0CAD2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)Task: {30CBE639-EDAC-4DED-95F3-94DBBA10BEA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTIONTask: {4396B92A-6569-4E32-B007-615E61E9D469} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {55DEFF45-75FE-4016-8BE1-362C95F7F82E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)Task: {5FC80890-87C7-4418-9FF2-7F914F00DF8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)Task: {6E6F7398-E468-4506-A5F1-36BF31DE3D9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)Task: {737AD365-D6EF-4C26-92CE-E585F31D3FA0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)Task: {79637A38-46D1-432A-9484-3ABFD92FCB2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-08] (Hewlett-Packard)Task: {7C78C346-5AE3-465B-811F-7DCC2194B61E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTIONTask: {7CC952DD-A6A4-4670-9600-65F0276FAC0E} - System32\Tasks\UKGoods 1406223383 => C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exe [2014-01-16] (Intuit Inc.)Task: {85030A51-A15E-4F52-839B-9C8FBEB86804} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTIONTask: {8894751C-46C0-404C-A0D7-042A6EB5B13F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTIONTask: {8C114998-4DD1-44EE-8036-AF2D5111DD1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)Task: {95BF51D7-63C7-4FBC-B7E5-7CB77B728CFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)Task: {99254C13-08AE-4C45-A09E-6FF6610CDAB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)Task: {9DA4ED1F-8B72-4387-BFA6-CB9E384A5F36} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-08] (Hewlett-Packard)Task: {9FE289B1-9B3A-4A98-A174-922D4B95BCD9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTIONTask: {A650AE75-66DE-4945-A2C1-008238160D2F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTIONTask: {AA2F9436-7177-48E4-9AAD-01A5B6AC4D1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)Task: {B74217D9-16CB-48C3-871D-E9EE2D754FCA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTIONTask: {D03BCFF7-24EC-45C6-8606-607829B5108A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTIONTask: {D3DD1622-D370-4DC0-871C-8ECB5D7AFDC7} - System32\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001 => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)Task: {E32BF02B-1E58-45CB-974D-9D5876269EA7} - System32\Tasks\HPCeeScheduleFordonna_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)Task: {F36B1B85-34EF-45B3-A9CB-A68FDB20EF3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTIONTask: {FDEC091A-90CA-44FF-B4EC-76F8E925B575} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exeTask: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exeTask: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\HPCeeScheduleFordonna_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exeTask: C:\WINDOWS\Tasks\UKGoods 1406223383.job => C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exeX/FC:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw ==================== Loaded Modules (Whitelisted) ============== 2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll2015-08-05 23:38 - 2015-08-05 23:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll2015-08-18 20:08 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-10-14 15:23 - 2013-10-14 15:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe2013-10-14 15:24 - 2013-10-14 15:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll2013-10-14 15:25 - 2013-10-14 15:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll2013-10-14 15:22 - 2013-10-14 15:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll2013-10-14 15:22 - 2013-10-14 15:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll2015-08-28 17:19 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll2015-08-28 17:19 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll2013-10-14 15:30 - 2013-10-14 15:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll2015-08-11 15:57 - 2015-08-02 21:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll2015-08-11 15:57 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll2015-08-18 20:08 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll2015-08-11 15:57 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll2013-11-15 15:56 - 2014-08-15 08:43 - 00083768 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe2013-11-15 15:56 - 2014-08-15 08:43 - 00067896 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEng_x64Vista.dll2015-09-26 07:28 - 2015-09-26 07:28 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe2014-04-02 03:11 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2014-08-27 13:22 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\nsSign.dll2014-08-27 13:22 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PerformOcr.dll2014-08-27 13:22 - 2010-03-11 10:48 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMISM.dll2014-08-27 13:22 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PHooKDlg.dll2014-08-27 13:22 - 2010-07-01 11:09 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMCommon.dll2014-08-27 13:22 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\Qem.dll2014-08-27 13:22 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\NetFun2k.dll2014-08-27 13:22 - 2010-07-06 15:41 - 00146944 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\ScanModule.dll2014-08-27 13:22 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMANO.dll2014-08-27 13:22 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\ComClass.dll2014-08-27 13:22 - 2010-04-14 16:38 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMTree.dll2014-08-27 13:22 - 2010-07-02 13:36 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMDB_N.dll2014-08-27 13:22 - 2010-05-17 10:52 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSet.dll2014-08-27 13:22 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMProp.dll2014-08-27 13:22 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMVoice.dll2014-08-27 13:22 - 2010-07-13 10:50 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\OutlookVBA.dll2014-08-27 13:22 - 2010-03-17 11:49 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMINSO.dll2014-08-27 13:22 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\FT.dll2014-08-27 13:22 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMAppBar.dll2014-08-27 13:22 - 2010-07-13 10:49 - 04567040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMView.dll2014-08-27 13:22 - 2010-03-11 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSave.dll2014-08-27 13:22 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\NsOEMKey.dll2014-08-27 13:22 - 2010-03-02 15:10 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMPageVW.dll2014-08-27 13:22 - 2010-06-10 17:42 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\SlideBarDLL.dll2014-08-27 13:22 - 2009-11-09 18:35 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMImgVW.dll2014-08-27 13:22 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMIEVW.dll2014-08-27 13:22 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMDocVW.dll2014-08-27 13:22 - 2010-05-17 10:53 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMPDFView.dll2014-08-27 13:22 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMApSet.dll2014-08-27 13:22 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMAnoSet.dll2014-08-27 13:22 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMStatus.dll2014-08-27 13:22 - 2010-07-30 13:18 - 00266240 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMScnSet.dll2014-08-27 13:22 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\Import.dll2014-08-27 13:22 - 2010-05-21 09:42 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMImageSplitter.dll2013-11-15 15:56 - 2014-08-15 08:43 - 00084280 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll2012-08-18 18:55 - 2014-05-09 20:53 - 00198992 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll2014-01-16 10:04 - 2014-01-16 10:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll2012-08-18 18:54 - 2012-08-18 18:54 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetBridge.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00096072 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetInterop.dll2014-01-16 14:05 - 2014-01-16 14:05 - 00471880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\SyncManagerUtils.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00072520 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QB2WPFBridge.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00125256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\ReportBridge.dll2014-01-16 14:05 - 2014-01-16 14:05 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\Webification.dll2014-01-16 14:04 - 2014-01-16 14:04 - 00058184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\htmlhelper.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\donna_000\SkyDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgHKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Control Panel\Desktop\\Wallpaper ->DNS Servers: 192.168.10.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey IE RunOnce.lnk"HKLM\...\StartupApproved\StartupFolder: => "BulletScan Manager.lnk"HKLM\...\StartupApproved\Run: => "ShipWorksScheduler$0D6950460F08419AAA258995FEA5B023"HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"HKLM\...\StartupApproved\Run32: => "iTunesHelper"HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\StartupApproved\Run: => "ApplePhotoStreams"HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\StartupApproved\Run: => "iCloudServices" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{A9BCCC4B-96AB-49B7-BDE0-1F3F04224CCB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exeFirewallRules: [{1AB8A039-20C0-4945-9F94-A37BDE141A6F}] => (Allow) %systemroot%\system32\alg.exeFirewallRules: [{EFE77BB9-8D1E-4203-9FF7-BFE1136DDF08}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseMan.exeFirewallRules: [{848F07AC-1230-4310-95A4-EBD98334D8DD}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseMan.exeFirewallRules: [{A885B268-D0FE-452A-8DE5-DBD5F6849F3E}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseCheck.exeFirewallRules: [{4D1A8316-04CC-4240-9CCB-76402DE2536A}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseCheck.exeFirewallRules: [{86EF5F9E-BA14-4BB5-BE44-30D6FA8BA32E}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exeFirewallRules: [{8CBD827F-1292-4E94-849C-3ED0233006FD}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exeFirewallRules: [{DE7812A2-B2AB-4CC3-95B5-CF36664F9566}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exeFirewallRules: [{C45AAE4A-8497-4E4F-8DCB-AFD34B04DB4A}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exeFirewallRules: [{80EF995A-D20C-4367-8904-7FA587E0D2FD}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeFirewallRules: [{BF335D2B-5087-4C9C-84C8-6508D4C55FDE}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeFirewallRules: [{E64C9FEC-4A09-40A6-B71B-007CD4F656B3}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeFirewallRules: [{8367FE85-1FA7-46F7-B5CD-8AFBB740D2A3}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeFirewallRules: [{A538C5A3-0B45-44B7-9E95-07773FCBBBD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exeFirewallRules: [{19BAA4ED-67BD-43E6-9AD1-58E0816454D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exeFirewallRules: [{FD065080-BE37-4AD6-A597-7CF213E8DA48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exeFirewallRules: [{793E3DC5-42BD-4C6B-A0F2-47152AC28577}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exeFirewallRules: [{00E16661-AF5B-4851-96B2-56D3698570D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exeFirewallRules: [{4CD7BBA7-3C64-4E95-B2D2-C68EFADB1B3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exeFirewallRules: [{DA9E8016-5CD9-4648-9DA2-AC4201DB07C8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{DE6B4284-0BD2-4420-BDA6-D0BB5BA6567F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{2C66F80D-F781-4E02-A927-E9ED897A54FC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exeFirewallRules: [{5819F195-689F-4137-9277-75B43A272E42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{1D73E52E-70E8-4F50-8D79-47290AB54F44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exeFirewallRules: [{84B3CA6B-ABD9-44F5-AB77-F657D51D8EF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{871FA622-B369-464A-B35C-2037F0555B8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exeFirewallRules: [{86AD6642-1340-4AAD-B77E-1092ACA46EE0}] => (Allow) LPort=1900FirewallRules: [{E2451CBD-F655-4397-BE29-9120A569E114}] => (Allow) LPort=2869FirewallRules: [{ED847B0A-BE09-4AAE-A00E-3BCBB799353A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{033C4F2E-47CB-4077-B0BB-7940203E370C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exeFirewallRules: [{7C1E0A9F-C9E6-407B-836F-B04AD1C9AC15}] => (Allow) C:\Program Files\iTunes\iTunes.exeFirewallRules: [{6DB061B8-62B3-43AA-9C3A-7446CDC79FBC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":DMError Information:-6069Additional Info:An Invalid Id or password was specified. Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init' Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=dbb035cb21f24d69bddf0d139f98e182 Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection Error:Invalid user ID or password Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init' Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=6aa2028bd3cf4b5a819a0b1908cd52da Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection Error:Invalid user ID or password Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init' Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=16793435bb6e49a6946a378bd54845ef Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":Connection Error:Invalid user ID or password System errors:=============Error: (09/29/2015 08:02:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The SQL Server (SHIPWORKS) service failed to start due to the following error:%%1053 Error: (09/29/2015 08:02:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SHIPWORKS) service to connect. Error: (09/28/2015 04:25:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 04:25:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 04:24:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 02:36:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 12:48:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 12:47:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 12:37:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service. Error: (09/28/2015 11:35:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable CodeIntegrity:=================================== Date: 2015-09-29 08:47:55.460 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-29 08:47:55.394 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-29 08:47:55.319 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-29 08:47:34.835 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-29 08:47:32.450 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-28 16:25:42.438 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-28 16:25:41.893 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-28 14:34:34.648 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-28 14:34:34.588 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2015-09-28 14:34:34.520 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Pentium® CPU N3520 @ 2.16GHzPercentage of memory in use: 53%Total physical RAM: 3992.6 MBAvailable physical RAM: 1871.4 MBTotal Virtual: 8040.6 MBAvailable Virtual: 5020.61 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:444.87 GB) (Free:332.62 GB) NTFSDrive d: (RECOVERY) (Fixed) (Total:19.28 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (0-07-184819-3) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 1E2AB9DB) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 29, 2015 ID:992884 Share Posted September 29, 2015 Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools. Link to post Share on other sites More sharing options...
clckr Posted September 30, 2015 Author ID:992909 Share Posted September 30, 2015 Sorry! Files attached.Addition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted September 30, 2015 ID:993057 Share Posted September 30, 2015 Do you have problems only in Google Chrome? Link to post Share on other sites More sharing options...
clckr Posted October 1, 2015 Author ID:993091 Share Posted October 1, 2015 No. I have this with both Chrome and Edge. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted October 1, 2015 ID:993153 Share Posted October 1, 2015 Can you reset Internet Explorer --> http://windows.microsoft.com/en-us/internet-explorer/reset-ie-settings and reinstall Chrome? Link to post Share on other sites More sharing options...
Maurice Naggar Posted October 11, 2015 ID:994852 Share Posted October 11, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts