Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help my desktop has been deleted!?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help my desktop has been deleted!?

Unread postby john2054 » November 29th, 2015, 7:59 pm

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-11-2015
Ran by john (administrator) on JOHN2054 (29-11-2015 23:49:01)
Running from C:\Users\john\Downloads
Loaded Profiles: john (Available Profiles: john & Michelle & Administrator)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3812264 2015-10-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d8766016-3ff0-4478-be0e-2e2acec5c62a}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-11-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-11-01] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL => No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - No File
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-11-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\john\AppData\Roaming\Mozilla\Firefox\Profiles\axx3nzab.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-27] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-27] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-11-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-17] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-17]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-17]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-17]
CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-17]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604712 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1568848 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3792880 2015-10-12] (AVG Technologies CZ, s.r.o.)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [596344 2015-10-12] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2869432 2015-11-01] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S4 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [370064 2015-10-17] (Intel Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4368808 2015-10-14] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312752 2015-09-11] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [293296 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [251312 2015-08-10] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [314800 2015-08-31] (AVG Technologies CZ, s.r.o.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 ElcMouLFlt; C:\Windows\System32\drivers\ElcMouLFlt.sys [28648 2015-10-17] (ELECOM)
R3 ElcMouUFlt; C:\Windows\System32\drivers\ElcMouUFlt.sys [27624 2015-10-17] (ELECOM)
R3 ETDI2C; C:\Windows\System32\drivers\ETDI2C.sys [173384 2014-04-09] (ELAN Microelectronic Corp.)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-02] (Intel Corporation)
S3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-07-22] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [761600 2015-06-24] (Realsil Semiconductor Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-28] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)
R3 t_mouse.sys; C:\Windows\System32\drivers\t_mouse.sys [6144 2013-04-09] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 23:49 - 2015-11-29 23:49 - 00013574 _____ C:\Users\john\Downloads\FRST.txt
2015-11-29 23:48 - 2015-11-29 23:49 - 00000000 ____D C:\FRST
2015-11-29 23:48 - 2015-11-29 23:48 - 02350080 _____ (Farbar) C:\Users\john\Downloads\FRST64.exe
2015-11-29 22:10 - 2015-11-29 22:10 - 00016148 _____ C:\WINDOWS\system32\JOHN2054_john_HistoryPrediction.bin
2015-11-29 17:20 - 2015-11-29 17:20 - 00016148 _____ C:\WINDOWS\system32\JOHN2054_Michelle_HistoryPrediction.bin
2015-11-28 01:42 - 2015-11-28 01:42 - 00000000 ____D C:\Users\john\AppData\Local\Macromedia
2015-11-28 00:41 - 2015-11-28 00:41 - 19746888 _____ C:\Users\john\Downloads\RogueKiller.exe
2015-11-28 00:41 - 2015-11-28 00:41 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-11-28 00:17 - 2015-11-28 00:19 - 00002318 _____ C:\Users\john\Desktop\unhide.txt
2015-11-28 00:17 - 2015-11-28 00:17 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\john\Downloads\unhide.exe
2015-11-27 01:05 - 2015-11-27 01:06 - 00000000 ____D C:\Users\john\AppData\Local\Adobe
2015-11-27 01:04 - 2015-11-27 01:04 - 01190616 _____ (Adobe Systems Incorporated) C:\Users\john\Downloads\flashplayer19_a_install.exe
2015-11-24 12:15 - 2015-11-24 12:15 - 00276712 _____ C:\WINDOWS\Minidump\112415-55234-01.dmp
2015-11-24 12:15 - 2015-11-24 12:15 - 00000000 ____D C:\WINDOWS\Minidump
2015-11-24 12:14 - 2015-11-24 12:14 - 648734500 _____ C:\WINDOWS\MEMORY.DMP
2015-11-22 02:46 - 2015-11-22 02:46 - 00000036 _____ C:\Users\john\Downloads\internet-radio.com.playlist.ram
2015-11-22 02:46 - 2015-11-22 02:46 - 00000036 _____ C:\Users\john\Downloads\internet-radio.com.playlist.m3u
2015-11-18 00:57 - 2015-11-18 01:03 - 495057348 _____ C:\Users\john\Downloads\rnb 2 mega mix.zip
2015-11-11 02:44 - 2015-11-11 03:19 - 00000000 ____D C:\Users\john\AppData\Roaming\ChessBase
2015-11-11 02:44 - 2015-11-11 02:44 - 00002132 _____ C:\Users\john\Desktop\CBReader .lnk
2015-11-11 02:44 - 2015-11-11 02:44 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ChessBase
2015-11-11 02:42 - 2015-11-11 02:44 - 00000000 ____D C:\Users\john\AppData\Local\ChessBase
2015-11-11 02:42 - 2015-11-11 02:44 - 00000000 ____D C:\Program Files (x86)\ChessBase
2015-11-10 20:54 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-10 20:54 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-10 20:54 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-10 20:54 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-10 20:54 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-10 20:54 - 2015-11-05 05:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-10 20:54 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-10 20:54 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-10 20:54 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-10 20:54 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-10 20:54 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-10 20:54 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-10 20:54 - 2015-11-05 04:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-10 20:54 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-10 20:54 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-10 20:54 - 2015-11-05 04:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-10 20:54 - 2015-11-05 04:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-10 20:54 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-10 20:54 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-10 20:54 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-10 20:54 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-10 20:54 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-10 20:54 - 2015-11-05 04:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-10 20:54 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-10 20:54 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-10 20:54 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-10 20:54 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-10 20:54 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-10 20:54 - 2015-11-05 04:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-10 20:54 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-10 20:54 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-10 20:54 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-10 20:54 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-10 20:54 - 2015-11-05 03:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-10 20:54 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-10 20:54 - 2015-11-05 03:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-10 20:54 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-10 20:54 - 2015-11-05 03:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-10 20:54 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-10 20:54 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-10 20:54 - 2015-11-05 03:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-10 20:54 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-10 20:54 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-10 20:54 - 2015-11-05 03:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-10 20:54 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-10 20:54 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 20:54 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-10 20:54 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-10 20:54 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-10 20:54 - 2015-11-05 03:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-10 20:54 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-10 20:54 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-10 20:54 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-09 00:52 - 2015-11-09 00:52 - 00095822 _____ C:\Users\john\Desktop\Troubleshoot HP Installation Failure - Network.hta
2015-11-09 00:36 - 2015-11-09 00:36 - 00000000 ____D C:\Users\john\AppData\Roaming\Hewlett-Packard
2015-11-09 00:33 - 2015-11-09 00:52 - 00000000 ____D C:\Program Files (x86)\HP
2015-11-09 00:33 - 2015-11-09 00:33 - 00002281 _____ C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2015-11-09 00:33 - 2015-11-09 00:33 - 00001233 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8610.lnk
2015-11-09 00:33 - 2015-11-09 00:33 - 00000000 ____D C:\Program Files\HP
2015-11-09 00:33 - 2014-07-21 16:31 - 00763912 ____N (Hewlett-Packard Development Company, LP) C:\WINDOWS\system32\HPDiscoPM7112.dll
2015-11-09 00:32 - 2015-11-09 00:33 - 40247720 _____ C:\Users\john\Downloads\OJ8610_Basicx64_198.exe
2015-11-09 00:30 - 2015-11-09 00:30 - 00002308 _____ C:\Users\john\Desktop\HP Support Assistant.lnk
2015-11-09 00:29 - 2015-11-12 01:08 - 00000000 ____D C:\Users\john\AppData\Roaming\hpqLog
2015-11-09 00:29 - 2015-11-09 00:33 - 00000000 ____D C:\Users\john\AppData\Local\HP
2015-11-09 00:29 - 2015-11-09 00:30 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-11-09 00:29 - 2015-11-09 00:29 - 00000000 ____D C:\System.sav
2015-11-09 00:27 - 2015-11-17 20:54 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2015-11-09 00:27 - 2015-11-09 01:11 - 00000000 ____D C:\Users\john\AppData\Local\Hewlett-Packard
2015-11-09 00:26 - 2015-11-09 00:27 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\john\Downloads\HPSupportSolutionsFramework-12.0.30.81 (2).exe
2015-11-09 00:25 - 2015-11-09 00:25 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\john\Downloads\HPSupportSolutionsFramework-12.0.30.81 (1).exe
2015-11-09 00:24 - 2015-11-09 00:29 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-11-09 00:23 - 2015-11-09 00:24 - 03774136 _____ (Oleg N. Scherbakov) C:\Users\john\Downloads\HPSupportSolutionsFramework-12.0.30.81.exe
2015-11-06 22:40 - 2015-11-06 22:40 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2015-11-01 02:58 - 2015-11-12 01:00 - 00000000 ____D C:\Users\john\Desktop\aiki pics

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-29 23:48 - 2015-10-17 08:26 - 00000000 ____D C:\Windows
2015-11-29 23:35 - 2015-10-17 22:30 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-29 23:35 - 2015-10-17 22:30 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-29 17:28 - 2015-10-28 01:07 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AC924FE6-05FB-474F-9A96-842D3FDD818A}
2015-11-29 17:27 - 2015-10-17 08:44 - 00000000 ____D C:\WINDOWS\INF
2015-11-29 17:27 - 2015-10-17 08:24 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-29 17:22 - 2015-10-17 08:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-29 17:21 - 2015-10-17 08:26 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-11-29 09:03 - 2015-10-17 08:26 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-29 09:01 - 2015-10-17 08:46 - 00000000 ___HD C:\Program Files\WindowsApps
2015-11-29 09:01 - 2015-10-17 08:46 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-24 12:18 - 2015-10-17 08:18 - 00000000 ____D C:\Users\Michelle
2015-11-23 20:21 - 2015-10-17 20:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2015-11-22 03:10 - 2015-03-14 23:40 - 00000000 ____D C:\Users\john\Desktop\Banking
2015-11-18 19:37 - 2015-10-28 01:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-11-18 01:26 - 2015-08-23 03:43 - 00000000 ____D C:\Users\john\Desktop\mp3
2015-11-17 10:40 - 2015-10-17 19:11 - 00000000 ____D C:\Users\Michelle\AppData\Local\Packages
2015-11-15 05:07 - 2015-10-17 08:18 - 00000000 ____D C:\Users\john
2015-11-13 00:55 - 2015-10-17 16:46 - 00000000 ____D C:\Users\john\AppData\Local\Packages
2015-11-12 22:36 - 2015-10-17 22:31 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 19:56 - 2015-08-25 21:53 - 00000000 ____D C:\Users\john\Desktop\ebay images
2015-11-11 19:53 - 2015-10-17 08:04 - 00361976 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-11 19:50 - 2015-10-17 08:46 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-11-11 19:50 - 2015-10-17 08:46 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-11-11 19:50 - 2015-10-17 08:46 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-10 21:18 - 2015-10-17 19:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-10 21:18 - 2015-10-17 08:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 21:12 - 2015-10-17 19:14 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-09 01:09 - 2015-02-04 23:06 - 00000000 ____D C:\Users\john\Desktop\psychiatry
2015-11-09 00:12 - 2015-10-27 00:39 - 00000000 ____D C:\Users\john\AppData\Local\ElevatedDiagnostics
2015-11-08 22:40 - 2015-10-17 08:46 - 00000000 ____D C:\WINDOWS\rescache
2015-11-06 13:16 - 2015-10-17 19:17 - 00002351 _____ C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-06 13:16 - 2015-08-06 09:43 - 00000000 ___RD C:\Users\Michelle\OneDrive
2015-11-04 22:53 - 2015-01-08 07:57 - 00000000 ____D C:\Users\john\Desktop\mywebsite
2015-11-03 18:20 - 2015-10-17 08:48 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 18:20 - 2015-10-17 08:48 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-11-09 00:29 - 2015-11-09 00:29 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-10-17 08:10 - 2015-10-17 08:10 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\john\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Michelle\AppData\Local\Temp\avguirn_081445423918.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-22 19:27

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-11-2015
Ran by john (2015-11-29 23:50:27)
Running from C:\Users\john\Downloads
Windows 10 Home (X64) (2015-10-17 08:20:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1248494375-3095192198-3662275328-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1248494375-3095192198-3662275328-503 - Limited - Disabled)
Guest (S-1-5-21-1248494375-3095192198-3662275328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1248494375-3095192198-3662275328-1005 - Limited - Enabled)
john (S-1-5-21-1248494375-3095192198-3662275328-1001 - Administrator - Enabled) => C:\Users\john
Michelle (S-1-5-21-1248494375-3095192198-3662275328-1004 - Limited - Enabled) => C:\Users\Michelle

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Enabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
AVG (HKLM\...\AvgZen) (Version: 1.13.1.26255 - AVG Technologies)
AVG (Version: 16.4.7163 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4477 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.3.1.24857 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.3.3 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.4.7163 - AVG Technologies)
AVG Zen (Version: 1.13.1 - AVG Technologies) Hidden
CBReader (HKLM-x32\...\CBReader ) (Version: - ChessBase GmbH)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-GB)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2 - Mozilla)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4763.1003 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1038 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-10-2015 01:21:53 Installed AVG 2016
08-11-2015 22:34:39 Scheduled Checkpoint
11-11-2015 02:42:45 Installed Microsoft Visual C++ 2005 Redistributable

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-17 08:46 - 2015-10-17 08:43 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C1FBBAC-0AEE-4BED-846C-7DB89B4D18A7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {2628813F-9E36-4465-889D-A6326E600410} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {430C49A3-B744-4097-9D4D-28371DD68031} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {463ECFC6-2B63-4C3A-9917-5A921379AB42} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {492F568A-7033-4E26-9FFF-3475B27EE13D} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2015-10-14] (AVG Technologies CZ, s.r.o.)
Task: {63EBD6BC-FA37-41E8-A98F-277F461C207E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {6A7DF227-983A-49F1-8F98-DC8212B6F373} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {7A8FB4B0-789B-4ED9-B1A2-00319C831C3F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-11-01] (Microsoft Corporation)
Task: {8039B42B-E6BF-42DE-AE10-505818A532CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-11-01] (Microsoft Corporation)
Task: {8A6B870C-3C3A-455A-B660-511559FFE69C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {921B1AC0-3102-4FB4-85AB-3DE9146925A8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {C2B907E9-E9DB-4BA1-8922-F6393C11644B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {CE0AFA8E-970A-4D91-A123-644F1E180A34} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe
Task: {E413DEE5-2B4E-4090-885B-60E9F45CF5F1} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-10-06] (Oracle Corporation)
Task: {ECBFC41D-86A9-4E34-A886-ABF1D7384E95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-05 19:18 - 2015-08-05 19:18 - 00032768 ____N () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 05:13 - 2015-08-11 09:13 - 00413184 ____N () C:\WINDOWS\System32\diagtrack_win.dll
2015-10-28 01:23 - 2015-11-01 02:11 - 00161448 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-10-03 13:10 - 2015-09-17 06:48 - 02494712 ____N () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-03 13:10 - 2015-09-17 06:48 - 02494712 ____N () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-18 19:35 - 2015-11-01 10:11 - 08901800 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-10-03 13:09 - 2015-09-17 05:48 - 00429056 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-03 13:09 - 2015-09-17 06:04 - 00642048 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-07-10 10:59 - 2015-07-10 10:59 - 00143360 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-11-21 17:21 - 2015-11-21 17:21 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-11-21 17:21 - 2015-11-21 17:21 - 11526656 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 22:07 - 2015-11-19 22:07 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1120.13270.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-03 13:10 - 2015-09-17 05:44 - 06569472 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-03 13:09 - 2015-09-17 05:42 - 00471040 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-03 13:09 - 2015-09-17 05:42 - 01808384 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-03 13:10 - 2015-09-17 05:43 - 02274816 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:00 - 2015-07-10 16:28 - 00210432 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-12 22:36 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 22:36 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-12 22:36 - 2015-11-07 04:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1248494375-3095192198-3662275328-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1248494375-3095192198-3662275328-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{38EF6CC1-176F-4FA7-8FC0-FC23C7918762}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F3EA4E0F-773C-4DCD-AF90-6152C0E72237}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F045D3F7-C346-42BA-9143-AF9044E36FB2}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{635171E1-CADD-4FB2-986D-BC72DC3F45BB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{1FFF9459-A515-431A-A72B-3D94313C37B4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{A250D57E-214E-4B6B-B291-C0FE58ACBBA9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C5D33854-465D-4D0E-A36D-1E4517354485}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{1A7B69E4-7C37-4D02-B44D-1D62839AFCF6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6175F0E0-A76A-4BA1-9225-F9450B5482D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4FC8E9C7-0FF5-4999-B8CE-ACB3EAC88983}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6C6D6048-9936-4C9C-8C40-B166765CB143}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{60A17C5D-5C12-4A21-AA40-F0826B5EE165}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{1E6F3A53-BB13-46DD-8207-F1E2ADBD18C8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{64FA3766-41F0-4892-8B54-5BD72F64C385}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{73B827B6-E32B-40C3-B1CD-C1E565A1F34B}] => (Allow) LPort=5357
FirewallRules: [{CD4AD8CF-CDB0-48CD-B049-D25103F2BEC8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{BFFD5CE8-87B5-4897-AB59-932C72E448FC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5E9B02C5-F4F8-4976-BD25-DF3673F8E075}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/29/2015 11:46:24 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalogue is corrupt. 0xc0041801 (0xc0041801)

Error: (11/29/2015 11:46:21 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - base\appmodel\search\search\ytrip\tripoli\inverted\decodinglayerpages.h (425)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The data is invalid. 0x8007000d (0x8007000d)

Error: (11/29/2015 01:26:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN2054)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/29/2015 00:59:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/28/2015 00:59:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/27/2015 00:59:40 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/27/2015 00:23:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16515, time stamp: 0x55fa599a
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x55fa4b76
Exception code: 0xc0000005
Fault offset: 0x00000000000605ca
Faulting process ID: 0x14d8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (11/26/2015 00:59:39 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (11/25/2015 03:16:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOHN2054)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/25/2015 00:59:41 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220


System errors:
=============
Error: (11/29/2015 06:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/29/2015 06:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/29/2015 06:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/29/2015 06:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/29/2015 05:26:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:26:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:26:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:26:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2015 05:26:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 20%
Total physical RAM: 16307.27 MB
Available physical RAM: 12920.48 MB
Total Virtual: 18739.27 MB
Available Virtual: 15020.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.92 GB) (Free:756.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5FB7B9DB)

Partition: GPT.

==================== End of Addition.txt ============================
john2054
Active Member
 
Posts: 14
Joined: November 29th, 2015, 7:55 pm
Advertisement
Register to Remove

Re: help my desktop has been deleted!?

Unread postby Gary R » November 30th, 2015, 2:00 am

viewtopic.php?f=11&t=64150

This is a Duplicate Post, and has therefore been closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 299 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware