Jump to content

Infected - 100% disk usage - request log analysis


clckr

Recommended Posts

My computer is infected with malware.  I keep getting ads from engineadsupply.com and sheknows.com popping up in new windows on both Microsoft Edge and Google Chrome.

 

I have run both Windows Defender and Malwarebytes in safe mode and they show no infection.

 

I ran farbar and am attaching the first.txt and addition.txt files.

 

Would someone please help me get rid of this?

 

Thanks,

 

Donna

Addition.txt

FRST.txt

Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


51a612a8b27e2-Zoek.png Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyclsid;emptyalltemp;ipconfig /flushdns >>"%temp%\log.txt";b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
Link to post
Share on other sites

Thank you so much for your help!  Here is what Zoek said:

 

 
Zoek.exe v5.0.0.0 Updated 27-09-2015
Tool run by donna_000 on Sun 09/27/2015 at 11:38:18.17.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\donna_000\Desktop\zoek.exe [scan all users]   [Quick Scan] [Auto Clean]
 
==== System Restore Info ======================
 
9/27/2015 11:51:23 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\Users\QBDataServiceUser23\AppData\LocalLow deleted successfully
C:\Users\donna_000\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\donna_000\AppData\Local\EmieSiteList deleted successfully
C:\Users\donna_000\AppData\Local\EmieUserList deleted successfully
C:\Users\donna_000\AppData\Local\MediaShow deleted successfully
C:\Users\donna_000\AppData\Local\NetworkTiles deleted successfully
C:\Users\donna_000\AppData\Local\PackageStaging deleted successfully
C:\Users\donna_000\AppData\Local\pinger.com deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B2592692-15CE-4F47-AC80-B7A6ACB51B4E} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Deleting Files \ Folders ======================
 
C:\install.exe deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\donna_000\AppData\Local\{26768782-66EB-49F0-8A7D-A646D1B5852D} deleted
C:\Users\donna_000\AppData\Local\{75B9D29E-0C4B-45C7-81AF-BD5C2387A379} deleted
C:\Users\donna_000\AppData\Local\{A391D62E-D35A-469C-952C-C1EE2052BDAE} deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted
"C:\Users\donna_000\AppData\Local\{7ED936D7-0CD5-4F6F-A7A2-40CC122881DE}" deleted
 
==== Files Recently Created / Modified ======================
 
====== C:\WINDOWS ====
====== C:\Users\DONNA_~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2015-09-27 15:28:10 18581D141079E0116F4D7318B615791D 16148 ----a-w- C:\WINDOWS\Sysnative\DONNA_donna_000_HistoryPrediction.bin
====== C:\WINDOWS\Sysnative\drivers =====
2015-09-17 22:00:17 67AC9F7B3E1A9C8BDB76C1761EA2E20C 4629744 ----a-w- C:\WINDOWS\Sysnative\drivers\rtwlane.sys
2015-08-28 21:19:49 C67A03F54A1EA683F4880A481EE5FF6C 373072 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
====== C:\WINDOWS\Tasks ======
2015-09-21 14:17:44 D2826D8BA265E689CF2544847DDA9965 3742 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineCore
2015-09-21 14:17:44 4E5D513D56415067696785D78027297D 916 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-21 14:17:44 4B15EE883D5275E4A5A1AC0EA813DEF0 912 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-21 14:17:44 0F960AB6391D203613B81AC8EF6FB85F 3974 ----a-w- C:\WINDOWS\Sysnative\Tasks\GoogleUpdateTaskMachineUA
2015-09-02 23:32:36 FE2E8AAC46FDF6A18D6A29307B681D73 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2015-09-15 01:48:24 -------- d-----w- C:\Program Files\iPod
2015-09-15 01:48:16 -------- d-----w- C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2015-09-21 14:17:31 -------- d-----w- C:\PROGRA~2\Google
2015-09-15 01:48:25 -------- d-----w- C:\PROGRA~2\iTunes
2015-09-01 13:40:29 -------- d-----w- C:\PROGRA~2\Citrix
======= C: =====
====== C:\Users\donna_000\AppData\Roaming ======
2015-09-21 14:17:19 -------- d-----w- C:\Users\donna_000\AppData\Local\Google
====== C:\Users\donna_000 ======
2015-09-21 14:18:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-21 14:16:35 FD2048552915F1E001E56BD936D5B3C4 929872 ----a-w- C:\Users\donna_000\Downloads\ChromeSetup (1).exe
2015-09-18 13:11:18 D4DC35D50455CDA1E8BC20E993DE3BDB 1662976 ----a-w- C:\Users\donna_000\Downloads\AdwCleaner.exe
2015-09-17 13:00:29 8F95CEF8F5E14277BE4E9365F268B949 2192384 ----a-w- C:\Users\donna_000\Downloads\FRST64.exe
2015-09-15 01:51:20 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
 
====== C: exe-files ==
=== C: other files ==
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
 
[HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"OneDrive"="C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
 
[HKEY_USERS\S-1-5-21-1922649430-2310944725-4124380653-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouCam Service"="C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s"
"Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup"
"BrStsWnd"="C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun"
"PMSpeed"="C:\Program Files (x86)\NewSoft\Presto PageManager 9.04\PMSpeed.EXE"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"OneDrive"="C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
"Uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"="C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /ANDREA_BF_BYPASS"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"ShipWorksScheduler$0D6950460F08419AAA258995FEA5B023"="C:\Program Files\ShipWorks\ShipWorks.exe /s=Scheduler"
"WrtMon.exe"="C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
 
==== Task Scheduler Jobs ======================
 
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [08/11/2015 06:04 AM]
C:\WINDOWS\tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job --a-------- C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [09/19/2015 01:46 PM]
C:\WINDOWS\tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job --a-------- C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [09/19/2015 01:46 PM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:17 AM]
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [09/21/2015 10:17 AM]
C:\WINDOWS\tasks\HPCeeScheduleFordonna_000.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [06/16/2015 09:51 AM]
C:\WINDOWS\tasks\UKGoods 1406223383.job --ah------- [undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\WINDOWS\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\WINDOWS\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\WINDOWS\SysNative\tasks\CLVDLauncher" [C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe]
"C:\WINDOWS\SysNative\tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001" [C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe]
"C:\WINDOWS\SysNative\tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001" [C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\WINDOWS\SysNative\tasks\HPCeeScheduleFordonna_000" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\WINDOWS\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\WINDOWS\SysNative\tasks\UKGoods 1406223383" [C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{27B263AA-EC1F-4277-B86E-5BD2BD6309A4}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\User_Feed_Synchronization-{8EDABC21-996F-430A-9A78-69EC0D8AD7F6}" [C:\Windows\system32\msfeedssync.exe]
"C:\WINDOWS\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA)" ["C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe"]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater" [C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe]
"C:\WINDOWS\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
 
==== Chromium Look ======================
 
Google Chrome Version: 45.0.2454.101
 
 
Google Slides - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Drive - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
Google Docs Offline - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Hotword Shared Module - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Chrome Web Store Payments - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\7V6NQD37 will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\H8YT734V will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCCEH1PU will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\LPIMM53C will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=152 folders=36 2684046636 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\DONNA_~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\7V6NQD37" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\H8YT734V" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\JCCEH1PU" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\LPIMM53C" not found
 
==== EOF on Sun 09/27/2015 at 13:00:21.48 ======================
 

 

Cheers,

 

Donna

Link to post
Share on other sites

Sorry about that!  I didn't see the part about running the script.  Here are the results of the script:

 

 
Zoek.exe Version 4.0.0.5 Updated 27-09-2015
Tool run by donna_000 on Mon 09/28/2015 at  7:49:02.40.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\donna_000\Desktop\zoek.exe [scan all users] [script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results-old.log 17024 bytes
 
==== System Restore Info ======================
 
9/28/2015 7:58:32 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\QBDataServiceUser23\AppData\LocalLow deleted successfully
C:\Users\Administrator\AppData\Local\Google deleted successfully
C:\Users\donna_000\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
==== Chromium Look ======================
 
Google Chrome Version: 45.0.2454.101
 
 
Chrome Hotword Shared Module - donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\8QX6N9XJ will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\T6Z7XB6H will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\TVWBN9BV will be deleted at reboot
C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\X8QVBIFQ will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\DONNA_~1\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\8QX6N9XJ" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\T6Z7XB6H" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\TVWBN9BV" not found
"C:\Users\donna_000\AppData\Local\Microsoft\Windows\INetCache\IE\X8QVBIFQ" not found
 
==== EOF on Mon 09/28/2015 at  9:28:49.67 ======================
 
Link to post
Share on other sites

I am still getting engine4dsply.com ads coming up in a new windows.  This window also changes to show ads from showme.com and fanduel.com.  Google is using an extremely large amount of CPU (40-60%)  even though the page has already rendered.  There are also 3 instances of chrome showing in my task manager.  I have no extensions or addons.

 

Thanks for all your help!  I really do appreciate it!!!!

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Link to post
Share on other sites

Okay.  I've run farbar.  Here is the first.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015
Ran by donna_000 (administrator) on DONNA (29-09-2015 17:06:48)
Running from C:\Users\donna_000\Downloads
Loaded Profiles: donna_000 & QBDataServiceUser23 (Available Profiles: donna_000 & Admin & QBDataServiceUser23 & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSpeed.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(Atandra) C:\Atandra\T-HUB10\Turbo.THUB.WindowsServicesController.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
() C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbextclr11.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-08-23] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [shipWorksScheduler$0D6950460F08419AAA258995FEA5B023] => C:\Program Files\ShipWorks\ShipWorks.exe [22933136 2015-08-03] (Interapptive®, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-09-01] (CyberLink Corp.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)
HKLM-x32\...\Run: [PMSpeed] => C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSpeed.EXE [116632 2010-07-13] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [smBizcard] => [X]
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [509192 2014-12-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\RunOnce: [uninstall C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\donna_000\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\MountPoints2: {9d1be676-4878-11e4-827e-806e6f6e6963} - "F:\Launch.exe"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2014-05-31]
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2014-05-17]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BulletScan Manager.lnk [2014-08-27]
ShortcutTarget: BulletScan Manager.lnk -> C:\Program Files (x86)\BulletScan\BulletScan Manager\ButtonManager.exe (iVina Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-05-09]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-05-09]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-05-09]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\T-HUB Automator.lnk [2014-05-10]
ShortcutTarget: T-HUB Automator.lnk -> C:\Windows\Installer\{4FDEA7E6-5DA1-49A8-B110-16D45578F4CC}\_9DBB04F494F436382103A4.exe ()
Startup: C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall SafeKey RunOnce.lnk [2014-05-31]
ShortcutTarget: Uninstall SafeKey RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (McAfee)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{36c8226a-4cf0-4b90-8419-a3d2eb5c2454}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{3D191CC1-C3D9-40BA-91A4-8203A4FCBB3D}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{6adbe3fd-848f-4485-93b8-56320d9681c6}: [DhcpNameServer] 192.168.40.4
Tcpip\..\Interfaces\{7d83df18-ab48-47d8-96c2-ab77a8046b73}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{97d53714-613f-48f9-b315-09bed8f0e5d1}: [DhcpNameServer] 10.1.10.1
Tcpip\..\Interfaces\{aa4914be-7bec-474a-be5b-ff783be8eb92}: [DhcpNameServer] 192.168.10.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1005 -> {B2592692-15CE-4F47-AC80-B7A6ACB51B4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1922649430-2310944725-4124380653-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll No File
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-05-06] (Hewlett-Packard)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1922649430-2310944725-4124380653-1001: @citrixonline.com/appdetectorplugin -> C:\Users\donna_000\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-08-27] (Citrix Online)
 
Chrome:
=======
CHR HomePage: Default -> hxxp://hotair.com/
CHR Profile: C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]
CHR Extension: (Google Drive) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-21]
CHR Extension: (YouTube) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-21]
CHR Extension: (Google Search) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-21]
CHR Extension: (Google Sheets) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]
CHR Extension: (Google Docs Offline) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-21]
CHR Extension: (Gmail) - C:\Users\donna_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-21]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R3 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319888 2015-07-11] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSSQL$SHIPWORKS; c:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe [191064 2012-02-11] (Microsoft Corporation)
R2 MSSQL$THUBDBSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\sqlservr.exe [206424 2012-02-11] (Microsoft Corporation)
S3 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
S2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-08-18] (Intuit, Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-08-23] (Realtek Semiconductor)
S2 SQLAgent$SHIPWORKS; c:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\SQLAGENT.EXE [597080 2012-02-11] (Microsoft Corporation)
S2 SQLAgent$THUBDBSERVER; c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.THUBDBSERVER\MSSQL\Binn\SQLAGENT.EXE [438360 2012-02-11] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 CXPLRCAP; C:\Windows\system32\drivers\elvidcap.sys [150896 2012-08-20] (Elgato Systems GmbH)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-17] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2013-09-20] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [87568 2013-07-01] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 17:06 - 2015-09-29 17:08 - 00024004 _____ C:\Users\donna_000\Downloads\FRST.txt
2015-09-29 16:56 - 2015-09-29 16:56 - 00016148 _____ C:\WINDOWS\system32\DONNA_donna_000_HistoryPrediction.bin
2015-09-28 09:29 - 2015-09-28 09:29 - 00000000 ___HD C:\OneDriveTemp
2015-09-28 09:05 - 2015-09-28 07:48 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-09-28 09:02 - 2015-09-28 09:02 - 00000000 ____D C:\Users\donna_000\AppData\Local\NetworkTiles
2015-09-28 07:58 - 2015-09-28 09:28 - 00004678 _____ C:\zoek-results.log
2015-09-28 07:48 - 2015-09-28 07:48 - 00000000 ____D C:\zoek_backup
2015-09-27 13:38 - 2015-09-27 13:38 - 00000140 _____ C:\Users\donna_000\Desktop\RecoverOn.reg
2015-09-27 11:50 - 2015-09-27 13:00 - 00017024 _____ C:\zoek-results-old.log
2015-09-27 09:41 - 2015-09-27 12:35 - 00000000 ____D C:\zoek_backup_old
2015-09-27 09:35 - 2015-09-27 09:41 - 01308672 _____ C:\Users\donna_000\Desktop\zoek.exe
2015-09-27 09:04 - 2015-09-27 09:04 - 00000000 ____D C:\Users\donna_000\Downloads\FRST-OlderVersion
2015-09-22 10:05 - 2015-09-22 10:06 - 00000098 _____ C:\Users\donna_000\Documents\bluecross problem.txt
2015-09-21 10:18 - 2015-09-26 13:18 - 00002227 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-21 10:18 - 2015-09-21 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-21 10:17 - 2015-09-29 09:22 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-21 10:17 - 2015-09-28 11:31 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-21 10:17 - 2015-09-21 12:22 - 00000000 ____D C:\Users\donna_000\AppData\Local\Google
2015-09-21 10:17 - 2015-09-21 10:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-21 10:17 - 2015-09-21 10:17 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-21 10:17 - 2015-09-21 10:17 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-21 10:16 - 2015-09-21 10:17 - 00929872 _____ (Google Inc.) C:\Users\donna_000\Downloads\ChromeSetup (1).exe
2015-09-19 11:31 - 2015-09-19 11:31 - 00024576 _____ C:\Users\donna_000\Documents\budget.xls
2015-09-19 11:13 - 2015-09-19 11:13 - 00040960 _____ C:\Users\donna_000\Downloads\2796_attchmnt.xls
2015-09-19 09:16 - 2015-09-19 09:17 - 00000999 _____ C:\Users\donna_000\Downloads\250016384016693 (1).txt
2015-09-19 08:45 - 2015-09-19 08:45 - 00002145 _____ C:\Users\donna_000\Downloads\242163957016691.txt
2015-09-18 09:12 - 2015-09-22 09:24 - 00000000 ____D C:\AdwCleaner
2015-09-18 09:11 - 2015-09-18 09:11 - 01662976 _____ C:\Users\donna_000\Downloads\AdwCleaner.exe
2015-09-17 18:00 - 2015-09-17 18:00 - 04629744 _____ (Realtek Semiconductor Corporation ) C:\WINDOWS\system32\Drivers\rtwlane.sys
2015-09-17 09:01 - 2015-09-29 17:07 - 00000000 ____D C:\FRST
2015-09-17 09:00 - 2015-09-27 09:04 - 02192384 _____ (Farbar) C:\Users\donna_000\Downloads\FRST64.exe
2015-09-14 21:51 - 2015-09-14 21:51 - 00001829 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-14 21:51 - 2015-09-14 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-14 21:48 - 2015-09-14 21:51 - 00000000 ____D C:\Program Files\iTunes
2015-09-14 21:48 - 2015-09-14 21:48 - 00000000 ____D C:\Program Files\iPod
2015-09-14 21:48 - 2015-09-14 21:48 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-12 12:32 - 2015-09-12 12:32 - 00000108 ____H C:\Users\donna_000\Downloads\.~lock.207862759016681.txt#
2015-09-08 16:15 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-08 16:15 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-08 16:15 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-08 16:15 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 16:15 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-08 16:15 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-08 16:15 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 16:15 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 16:15 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-08 16:15 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 16:15 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 16:15 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 16:15 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 16:15 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 16:15 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 16:15 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 16:15 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 16:15 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-08 16:15 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-08 16:15 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 16:15 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 16:15 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 16:15 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 16:15 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-08 16:15 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 16:15 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 16:15 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 16:15 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 16:15 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 16:15 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 16:15 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 16:15 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-08 11:40 - 2015-09-08 11:41 - 00832968 _____ C:\WINDOWS\Minidump\090815-25296-01.dmp
2015-09-08 11:40 - 2015-09-08 11:40 - 00000000 ____D C:\WINDOWS\Minidump
2015-09-03 17:29 - 2015-09-03 17:29 - 00002227 _____ C:\Users\Public\Desktop\Total Tester.lnk
2015-09-03 08:03 - 2015-07-05 06:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-09-02 19:32 - 2015-09-22 08:15 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-09-01 09:40 - 2015-09-01 09:40 - 00000000 ____D C:\Program Files (x86)\Citrix
2015-09-01 08:39 - 2015-09-01 08:39 - 00004984 _____ C:\Users\donna_000\Downloads\SharpesDevil.odm
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 16:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-29 16:56 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-29 16:56 - 2015-01-15 13:31 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-29 09:25 - 2014-08-27 14:07 - 00000598 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job
2015-09-29 08:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-29 07:53 - 2015-05-31 05:54 - 00000694 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job
2015-09-28 11:42 - 2015-08-05 20:01 - 00000000 ____D C:\Users\QBDataServiceUser23
2015-09-28 11:33 - 2014-08-27 13:24 - 00000000 ____D C:\Users\donna_000\AppData\Roaming\.oit
2015-09-28 11:33 - 2014-05-13 12:17 - 00000467 _____ C:\WINDOWS\Brownie.ini
2015-09-28 11:33 - 2014-05-09 19:31 - 00000000 ___DO C:\Users\donna_000\SkyDrive
2015-09-28 11:31 - 2015-08-05 20:02 - 00000000 ____D C:\Users\donna_000
2015-09-28 11:30 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-28 09:26 - 2015-08-05 19:51 - 00018716 _____ C:\WINDOWS\PFRO.log
2015-09-28 09:26 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-09-27 12:54 - 2014-05-18 11:21 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleFordonna_000.job
2015-09-27 11:34 - 2014-05-18 11:21 - 00003268 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFordonna_000
2015-09-27 11:34 - 2014-05-11 11:44 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-09-26 15:31 - 2014-05-09 20:40 - 00000000 ____D C:\ProgramData\Intuit
2015-09-26 08:01 - 2013-11-09 15:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-26 07:57 - 2014-12-25 12:23 - 00000000 ____D C:\ProgramData\Skype
2015-09-26 07:29 - 2014-05-09 19:28 - 00000000 ____D C:\Users\donna_000\AppData\Local\Packages
2015-09-25 10:12 - 2014-05-10 14:39 - 00000000 ____D C:\Users\donna_000\AppData\Local\Hewlett-Packard
2015-09-23 08:29 - 2014-07-15 13:34 - 00000600 _____ C:\Users\donna_000\AppData\Roaming\winscp.rnd
2015-09-22 10:56 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-19 13:46 - 2015-05-31 05:54 - 00003852 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001
2015-09-19 13:46 - 2014-08-27 14:07 - 00003756 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001
2015-09-18 09:00 - 2015-08-05 19:59 - 01215438 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-15 08:51 - 2015-08-05 21:07 - 00002393 _____ C:\Users\donna_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-14 21:48 - 2014-05-15 18:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-13 11:25 - 2013-08-31 23:49 - 00000000 ____D C:\SWSetup
2015-09-13 11:24 - 2014-04-02 02:45 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2015-09-08 18:52 - 2015-07-10 08:20 - 00249248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-08 18:49 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-08 18:48 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 17:33 - 2014-05-10 14:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-08 11:41 - 2015-07-10 08:20 - 00028557 _____ C:\WINDOWS\setupact.log
2015-09-08 11:40 - 2014-05-12 14:10 - 488276013 _____ C:\WINDOWS\MEMORY.DMP
2015-09-03 18:03 - 2014-04-02 03:12 - 00000000 ____D C:\ProgramData\McAfee
2015-09-03 18:03 - 2014-04-02 03:12 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-03 17:59 - 2015-07-31 11:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-09-03 17:59 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-03 17:59 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-03 17:58 - 2013-11-09 15:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-09-03 17:56 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-09-03 17:56 - 2013-04-11 13:24 - 00000000 ____D C:\Users\Keith
2015-09-03 17:29 - 2015-02-14 14:15 - 00000000 ____D C:\Program Files (x86)\Total Seminars
2015-09-02 17:12 - 2015-02-14 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Seminars
2015-09-02 17:10 - 2014-05-29 12:14 - 00000000 ____D C:\WINDOWS\BulletScan
2015-09-02 08:42 - 2013-11-09 15:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-09-02 08:37 - 2013-11-09 15:41 - 00000000 ____D C:\ProgramData\WildTangent
2015-09-02 08:37 - 2013-11-09 15:41 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2015-09-01 09:38 - 2014-08-27 14:07 - 00000000 ____D C:\Users\donna_000\AppData\Local\Citrix
2015-08-31 14:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-30 19:06 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2014-05-11 08:37 - 2014-05-31 14:45 - 27045552 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-07-15 13:34 - 2015-09-23 08:29 - 0000600 _____ () C:\Users\donna_000\AppData\Roaming\winscp.rnd
2015-03-04 13:22 - 2015-05-11 11:10 - 0000600 _____ () C:\Users\donna_000\AppData\Local\PUTTY.RND
2014-07-23 12:49 - 2015-08-09 18:18 - 0007597 _____ () C:\Users\donna_000\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-09-20 11:35
 
==================== End of FRST.txt ============================
 
Here is addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015
Ran by donna_000 (2015-09-29 17:09:36)
Running from C:\Users\donna_000\Downloads
Windows 10 Home (X64) (2015-08-06 00:55:33)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Admin (S-1-5-21-1922649430-2310944725-4124380653-1004 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-1922649430-2310944725-4124380653-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1922649430-2310944725-4124380653-503 - Limited - Disabled)
donna_000 (S-1-5-21-1922649430-2310944725-4124380653-1001 - Administrator - Enabled) => C:\Users\donna_000
Guest (S-1-5-21-1922649430-2310944725-4124380653-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1922649430-2310944725-4124380653-1003 - Limited - Enabled)
QBDataServiceUser23 (S-1-5-21-1922649430-2310944725-4124380653-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser23
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 2.0 (HKLM-x32\...\Adobe Photoshop Elements 2.0) (Version: 2.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Compatibility Toolkit (Version: 8.59.25584 - Microsoft) Hidden
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Assessments on Client (x32 Version: 8.59.25584 - Microsoft) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2170W (HKLM-x32\...\{65AD8FC4-0450-4921-B752-F207319AE35C}) (Version: 1.00 - Brother)
BulletScan Manager (HKLM-x32\...\{25D30402-0A13-4422-8E57-A37E71A7D880}) (Version: 2.0.34 - iVina)
BulletScan OCR Engine - Powered by ABBYY (HKLM-x32\...\{870E5EB9-E561-4C94-80BF-8A3D4DB46624}) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3228 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3302 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{CCE5C597-03EA-423E-BA80-6FCD280A8465}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7127.4628 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{7A75E042-0D30-43C2-BD2A-684F4BE38FF7}) (Version: 2.3.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3309 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM-x32\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{8CB0713F-CFE0-445D-BCB2-538465860E1A}) (Version: 11.1.3128.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM-x32\...\{CEA86648-87FA-4775-8F3B-A57F720BAE85}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.0.2100.60 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.6.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
Presto! BizCard 6 (HKLM-x32\...\{4F9D15B4-0F57-4B84-94AE-C1286C8D4443}) (Version: 6.10.12 - NewSoft Technology Corporation)
Presto! BizCard 6 (x32 Version: 6.10.12 - NewSoft) Hidden
Presto! PageManager 9.04 SE (HKLM-x32\...\{5B8B1BAA-79B5-4F3A-89CD-B2D6045C82A7}) (Version: 9.04.00 - Newsoft Technology Corporation)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Premier: Mfg and Whsle Edition 2013 (HKLM-x32\...\{3FB9742A-ACE0-4B63-91C2-AD4A77E41554}) (Version: 23.0.4001.2305 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29070 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
S300 (HKLM-x32\...\S300) (Version:  - )
S400 (HKLM-x32\...\S400) (Version:  - )
ShipWorks® 4.2.0.8030 (HKLM\...\{0D695046-0F08-419A-AA25-8995FEA5B023}_is1) (Version: 4.2.0.8030 - Interapptive®, Inc.)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (x32 Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (x32 Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (x32 Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.0.2100.60 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 11.0.2100.60 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
T-HUB (HKLM-x32\...\{4FDEA7E6-5DA1-49A8-B110-16D45578F4CC}) (Version: 10.1.451 - Atandra)
Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden
Total Tester CompTIA Network+ N10-005/6 Premium v6.2 (HKLM-x32\...\{CF562A0E-59E5-41A1-B3FC-28AA97EFE169}) (Version: 12.6.2 - Total Seminars, LLC)
Total Tester Network+ N10-006 Book Demo v6.3 (HKLM-x32\...\{A869BF56-374B-4E18-86F6-D5BBCCD86392}) (Version: 12.6.2 - Total Seminars, LLC)
User State Migration Tool (x32 Version: 8.59.25584 - Microsoft) Hidden
Video Capture v5.09.1202.00 (HKLM-x32\...\Video Capture v5.09.1202.00) (Version: 5.09.1202.00 - Elgato Systems)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinSCP 5.7.2 (HKLM-x32\...\winscp3_is1) (Version: 5.7.2 - Martin Prikryl)
WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1922649430-2310944725-4124380653-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points =========================
 
13-09-2015 11:21:36 HPSF Applying updates
17-09-2015 17:58:44 Windows Update
22-09-2015 10:52:58 Windows Update
26-09-2015 07:43:45 Removed Elgato Video Capture
27-09-2015 11:50:09 zoek.exe restore point
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0719F7F3-B218-4EAE-9095-79180765E749} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0F81C8DA-96DF-4C22-93EE-5A1BE530A6F7} - System32\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001 => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1FC4916D-071C-4BF5-A465-7D09D9D74E69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2E897D90-54BB-44D8-8C08-0D593CF0CAD2} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {30CBE639-EDAC-4DED-95F3-94DBBA10BEA9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4396B92A-6569-4E32-B007-615E61E9D469} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {55DEFF45-75FE-4016-8BE1-362C95F7F82E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-06-24] (Hewlett-Packard)
Task: {5FC80890-87C7-4418-9FF2-7F914F00DF8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {6E6F7398-E468-4506-A5F1-36BF31DE3D9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {737AD365-D6EF-4C26-92CE-E585F31D3FA0} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-17] (Synaptics Incorporated)
Task: {79637A38-46D1-432A-9484-3ABFD92FCB2B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-08] (Hewlett-Packard)
Task: {7C78C346-5AE3-465B-811F-7DCC2194B61E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7CC952DD-A6A4-4670-9600-65F0276FAC0E} - System32\Tasks\UKGoods 1406223383 => C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exe [2014-01-16] (Intuit Inc.)
Task: {85030A51-A15E-4F52-839B-9C8FBEB86804} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8894751C-46C0-404C-A0D7-042A6EB5B13F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8C114998-4DD1-44EE-8036-AF2D5111DD1A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {95BF51D7-63C7-4FBC-B7E5-7CB77B728CFD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
Task: {99254C13-08AE-4C45-A09E-6FF6610CDAB5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9DA4ED1F-8B72-4387-BFA6-CB9E384A5F36} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-09-08] (Hewlett-Packard)
Task: {9FE289B1-9B3A-4A98-A174-922D4B95BCD9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A650AE75-66DE-4945-A2C1-008238160D2F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AA2F9436-7177-48E4-9AAD-01A5B6AC4D1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-21] (Google Inc.)
Task: {B74217D9-16CB-48C3-871D-E9EE2D754FCA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D03BCFF7-24EC-45C6-8606-607829B5108A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3DD1622-D370-4DC0-871C-8ECB5D7AFDC7} - System32\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001 => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E32BF02B-1E58-45CB-974D-9D5876269EA7} - System32\Tasks\HPCeeScheduleFordonna_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {F36B1B85-34EF-45B3-A9CB-A68FDB20EF3F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FDEC091A-90CA-44FF-B4EC-76F8E925B575} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1922649430-2310944725-4124380653-1001.job => C:\Users\donna_000\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFordonna_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\UKGoods 1406223383.job => C:\Program Files (x86)\Intuit\QuickBooks 2013\AutoBackupEXE.exeX/FC:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-05 23:38 - 2015-08-05 23:38 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-18 20:08 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-14 15:23 - 2013-10-14 15:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 15:24 - 2013-10-14 15:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 15:25 - 2013-10-14 15:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 15:22 - 2013-10-14 15:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2015-08-28 17:19 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 17:19 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-10-14 15:30 - 2013-10-14 15:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 15:57 - 2015-08-02 21:30 - 00642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-08-11 15:57 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-18 20:08 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 15:57 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-11-15 15:56 - 2014-08-15 08:43 - 00083768 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEngHost.exe
2013-11-15 15:56 - 2014-08-15 08:43 - 00067896 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IBuEng_x64Vista.dll
2015-09-26 07:28 - 2015-09-26 07:28 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
2014-04-02 03:11 - 2013-08-05 03:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 18:48 - 2013-08-05 18:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-08-27 13:22 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\nsSign.dll
2014-08-27 13:22 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PerformOcr.dll
2014-08-27 13:22 - 2010-03-11 10:48 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMISM.dll
2014-08-27 13:22 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PHooKDlg.dll
2014-08-27 13:22 - 2010-07-01 11:09 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMCommon.dll
2014-08-27 13:22 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\Qem.dll
2014-08-27 13:22 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\NetFun2k.dll
2014-08-27 13:22 - 2010-07-06 15:41 - 00146944 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\ScanModule.dll
2014-08-27 13:22 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMANO.dll
2014-08-27 13:22 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\ComClass.dll
2014-08-27 13:22 - 2010-04-14 16:38 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMTree.dll
2014-08-27 13:22 - 2010-07-02 13:36 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMDB_N.dll
2014-08-27 13:22 - 2010-05-17 10:52 - 00135168 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSet.dll
2014-08-27 13:22 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMProp.dll
2014-08-27 13:22 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMVoice.dll
2014-08-27 13:22 - 2010-07-13 10:50 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\OutlookVBA.dll
2014-08-27 13:22 - 2010-03-17 11:49 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMINSO.dll
2014-08-27 13:22 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\FT.dll
2014-08-27 13:22 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMAppBar.dll
2014-08-27 13:22 - 2010-07-13 10:49 - 04567040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMView.dll
2014-08-27 13:22 - 2010-03-11 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMSave.dll
2014-08-27 13:22 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\NsOEMKey.dll
2014-08-27 13:22 - 2010-03-02 15:10 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMPageVW.dll
2014-08-27 13:22 - 2010-06-10 17:42 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\SlideBarDLL.dll
2014-08-27 13:22 - 2009-11-09 18:35 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMImgVW.dll
2014-08-27 13:22 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMIEVW.dll
2014-08-27 13:22 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMDocVW.dll
2014-08-27 13:22 - 2010-05-17 10:53 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMPDFView.dll
2014-08-27 13:22 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMApSet.dll
2014-08-27 13:22 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMAnoSet.dll
2014-08-27 13:22 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMStatus.dll
2014-08-27 13:22 - 2010-07-30 13:18 - 00266240 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMScnSet.dll
2014-08-27 13:22 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\Import.dll
2014-08-27 13:22 - 2010-05-21 09:42 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\PMImageSplitter.dll
2013-11-15 15:56 - 2014-08-15 08:43 - 00084280 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.XmlSerializers.dll
2012-08-18 18:55 - 2014-05-09 20:53 - 00198992 _____ () C:\Program Files (x86)\Common Files\Intuit\DataProtect\NCalc.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2014-01-16 10:04 - 2014-01-16 10:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2012-08-18 18:54 - 2012-08-18 18:54 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00085832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetBridge.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00096072 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetInterop.dll
2014-01-16 14:05 - 2014-01-16 14:05 - 00471880 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\SyncManagerUtils.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00072520 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QB2WPFBridge.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00125256 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\ReportBridge.dll
2014-01-16 14:05 - 2014-01-16 14:05 - 00113480 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\Webification.dll
2014-01-16 14:04 - 2014-01-16 14:04 - 00058184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\htmlhelper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\donna_000\SkyDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1922649430-2310944725-4124380653-1005\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\StartupFolder: => "Install SafeKey IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BulletScan Manager.lnk"
HKLM\...\StartupApproved\Run: => "ShipWorksScheduler$0D6950460F08419AAA258995FEA5B023"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1922649430-2310944725-4124380653-1001\...\StartupApproved\Run: => "iCloudServices"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A9BCCC4B-96AB-49B7-BDE0-1F3F04224CCB}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{1AB8A039-20C0-4945-9F94-A37BDE141A6F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{EFE77BB9-8D1E-4203-9FF7-BFE1136DDF08}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseMan.exe
FirewallRules: [{848F07AC-1230-4310-95A4-EBD98334D8DD}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseMan.exe
FirewallRules: [{A885B268-D0FE-452A-8DE5-DBD5F6849F3E}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseCheck.exe
FirewallRules: [{4D1A8316-04CC-4240-9CCB-76402DE2536A}] => (Allow) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.04\LicenseCheck.exe
FirewallRules: [{86EF5F9E-BA14-4BB5-BE44-30D6FA8BA32E}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
FirewallRules: [{8CBD827F-1292-4E94-849C-3ED0233006FD}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
FirewallRules: [{DE7812A2-B2AB-4CC3-95B5-CF36664F9566}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
FirewallRules: [{C45AAE4A-8497-4E4F-8DCB-AFD34B04DB4A}] => (Allow) C:\Program Files\Microsoft SQL Server\MSSQL11.SHIPWORKS\MSSQL\Binn\sqlservr.exe
FirewallRules: [{80EF995A-D20C-4367-8904-7FA587E0D2FD}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{BF335D2B-5087-4C9C-84C8-6508D4C55FDE}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{E64C9FEC-4A09-40A6-B71B-007CD4F656B3}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{8367FE85-1FA7-46F7-B5CD-8AFBB740D2A3}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{A538C5A3-0B45-44B7-9E95-07773FCBBBD3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{19BAA4ED-67BD-43E6-9AD1-58E0816454D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{FD065080-BE37-4AD6-A597-7CF213E8DA48}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{793E3DC5-42BD-4C6B-A0F2-47152AC28577}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{00E16661-AF5B-4851-96B2-56D3698570D3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{4CD7BBA7-3C64-4E95-B2D2-C68EFADB1B3E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{DA9E8016-5CD9-4648-9DA2-AC4201DB07C8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{DE6B4284-0BD2-4420-BDA6-D0BB5BA6567F}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2C66F80D-F781-4E02-A927-E9ED897A54FC}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{5819F195-689F-4137-9277-75B43A272E42}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1D73E52E-70E8-4F50-8D79-47290AB54F44}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{84B3CA6B-ABD9-44F5-AB77-F657D51D8EF3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{871FA622-B369-464A-B35C-2037F0555B8B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{86AD6642-1340-4AAD-B77E-1092ACA46EE0}] => (Allow) LPort=1900
FirewallRules: [{E2451CBD-F655-4397-BE29-9120A569E114}] => (Allow) LPort=2869
FirewallRules: [{ED847B0A-BE09-4AAE-A00E-3BCBB799353A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{033C4F2E-47CB-4077-B0BB-7940203E370C}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7C1E0A9F-C9E6-407B-836F-B04AD1C9AC15}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6DB061B8-62B3-43AA-9C3A-7446CDC79FBC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
 
Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=dbb035cb21f24d69bddf0d139f98e182
 
Error: (09/29/2015 07:39:08 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection Error:Invalid user ID or password
 
Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=6aa2028bd3cf4b5a819a0b1908cd52da
 
Error: (09/29/2015 07:39:03 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection Error:Invalid user ID or password
 
Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
 
Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection String:CON=QBConnectionPool-Probe-QB_DONNA_23;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\UKGoods.qbw;CommLinks="ShMem,tcpip(IP=192.168.10.105;TO=5;DOBROADCAST=NONE;port=55353)";ServerName=QB_DONNA_23;DBN=16793435bb6e49a6946a378bd54845ef
 
Error: (09/29/2015 07:37:35 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2013":
Connection Error:Invalid user ID or password
 

System errors:
=============
Error: (09/29/2015 08:02:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SQL Server (SHIPWORKS) service failed to start due to the following error:
%%1053
 
Error: (09/29/2015 08:02:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SHIPWORKS) service to connect.
 
Error: (09/28/2015 04:25:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 04:25:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 04:24:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 02:36:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 12:48:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 12:47:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 12:37:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
 
Error: (09/28/2015 11:35:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 

CodeIntegrity:
===================================
  Date: 2015-09-29 08:47:55.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 08:47:55.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 08:47:55.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 08:47:34.835
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-29 08:47:32.450
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-28 16:25:42.438
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-28 16:25:41.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-28 14:34:34.648
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-28 14:34:34.588
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-28 14:34:34.520
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Pentium® CPU N3520 @ 2.16GHz
Percentage of memory in use: 53%
Total physical RAM: 3992.6 MB
Available physical RAM: 1871.4 MB
Total Virtual: 8040.6 MB
Available Virtual: 5020.61 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:444.87 GB) (Free:332.62 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:19.28 GB) (Free:1.96 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (0-07-184819-3) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1E2AB9DB)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.