Solved Win 7 7000 tmp files in document folder

desono · Jun 12, 2016

I had a "flash update" popup and the url was bogus, so I ran adwcleaner with nothing major reported, and then ran combofix when the combofix window started showing 1000's of tmp files being created in my documents folder. I killed combofix and deleted the majority of the tmp files, but am now concerned.

here is my farbar report (with addition.txt) below it:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
Ran by Jeff (administrator) on JEFFDELL7 (12-06-2016 13:45:05)
Running from C:\Users\Jeff\Downloads
Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\UCT\HDR Express\HDRExpressService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\ramaint.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\conathst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2009-06-26] (WDC)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [Google Update] => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk [2016-05-01]
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2015-06-03]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 192.168.1.3 Alias.27 # WD SmartWare: uuid:73656761-7465-7375-636b-0090a9bc302f
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84CDE727-683E-4465-9041-FAF78236A7A3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDF0C787-E6F5-492B-A749-D439F1422CBB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://jefpix.smugmug.com/
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.nikoncafe.com/xenf/index.php?threads/new-retouch-of-gm-portrait-using-frequency-separation.278159/
hxxp://www.dpreview.com/
hxxps://500px.com/jeffhall
hxxps://www.facebook.com/
hxxp://nikonrumors.com/page/2/
hxxp://www.foxnews.com/
hxxp://www.foxbusiness.com/index.html
SearchScopes: HKLM -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL =
SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://I.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://jefpix.smugmug.com/
hxxp://www.nikoncafe.com/xenf/index.php
hxxp://www.dpreview.com/
hxxp://www.foxnews.com/
hxxp://www.foxbusiness.com/index.html
hxxps://www.facebook.com/?_rdr=p
hxxps://500px.com/jeffhall
hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=2f057022a06ecb6f5b28627a7038fe48.yrnynmwhrp0a2l1myqooc0eqvbm?__reuse=1439169022981
about

references#
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2010-03-17] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-04-03] (Library Video Company)
FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-03-14] (Library Video Company)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-11-05]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://jefpix.smugmug.com/","hxxp://www.nikoncafe.com/xenf/index.php?forums/formal-portraits-and-weddings.38/","hxxp://www.dpreview.com/?utm_campaign=internal-link&utm_source=logo&utm_medium=image&ref=logo","hxxps://www.facebook.com/","hxxp://www.foxnews.com/","hxxp://www.foxbusiness.com/","hxxps://500px.com/jeffhall","hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=B5183A27A338AB5DA08424C7A045C20E.1y3RKxzw955Myi8IT0QTn_Mr-_4#&ref=!!%26app%3Dio.ox%2Fmail%26folder%3Ddefault0%2F%2FZrdr%26language%3Den_US%26user%3Djeff%2540designscience.com%26user_id%3D8","hxxps://www.pinterest.com/jeffh0297/","hxxps://twitter.com/jefhal"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-08]
CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-01]
CHR Extension: (Porsche) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2014-04-30]
CHR Extension: (Pin It Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
CHR Extension: (Image Properties Context Menu) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2013-07-01]
CHR Extension: (Poppit!) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
CHR Extension: (Norton Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515952 2010-02-08] (Dell Inc.)
R2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [28432 2011-02-24] ()
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-03-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files\LogMeIn\x64\RaMaint.exe [147336 2012-03-20] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2013-04-09] (Hauppauge Computer Works, Inc.)
S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1667328 2013-04-09] (Hauppauge Computer Works, Inc.)
S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1669760 2013-04-09] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160610.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
R2 LMIInfo; C:\Program Files\LogMeIn\x64\RaInfo.sys [15928 2012-03-20] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160611.001\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160611.001\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 13:45 - 2016-06-12 13:45 - 00036863 _____ C:\Users\Jeff\Downloads\FRST.txt
2016-06-12 13:44 - 2016-06-12 13:45 - 00000000 ____D C:\FRST
2016-06-12 13:44 - 2016-06-12 13:44 - 02385408 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2016-06-12 13:34 - 2016-06-12 13:35 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-06-12 13:10 - 2016-06-12 13:19 - 00000000 ___SD C:\ComboFix
2016-06-12 13:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-12 13:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-12 13:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-12 13:09 - 2016-06-12 13:10 - 00000000 ___SD C:\32788R22FWJFW
2016-06-12 13:09 - 2016-06-12 13:10 - 00000000 ____D C:\Qoobox
2016-06-12 13:09 - 2016-06-12 13:09 - 00000000 ____D C:\Windows\erdnt
2016-06-12 09:00 - 2016-06-12 09:00 - 03677248 _____ C:\Users\Jeff\Downloads\AdwCleaner.exe
2016-06-12 08:59 - 2016-06-12 08:59 - 05659224 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2016-06-06 18:07 - 2016-06-06 18:07 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iPod
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-12 13:41 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-12 13:41 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-12 13:38 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-12 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-12 13:32 - 2013-03-30 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-12 13:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 13:27 - 2014-07-12 14:29 - 00000000 ____D C:\Users\Jeff\AppData\OICE_15_974FA576_32C1D314_36C6
2016-06-12 13:27 - 2012-10-27 14:37 - 00000000 ____D C:\Users\Jeff\AppData\Local\Eye-Fi
2016-06-12 13:27 - 2010-11-11 16:58 - 00000000 ___RD C:\Users\Jeff\Documents\My Dropbox
2016-06-12 13:19 - 2010-10-27 21:39 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
2016-06-12 13:15 - 2013-03-30 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-12 13:10 - 2016-02-23 19:02 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
2016-06-12 13:10 - 2015-07-31 06:36 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-06-12 13:09 - 2010-06-10 23:09 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
2016-06-12 13:07 - 2014-02-27 08:28 - 00000000 ____D C:\AdwCleaner
2016-06-12 13:04 - 2013-04-13 12:37 - 00000000 ____D C:\Users\Jeff\Documents\Outlook Files
2016-06-12 13:04 - 2010-06-10 21:56 - 00000000 ____D C:\Users\Jeff\Documents\Outlook
2016-06-12 12:46 - 2014-02-27 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-12 12:24 - 2016-02-23 19:02 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
2016-06-12 02:00 - 2014-07-02 15:59 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2016-06-11 20:19 - 2010-10-27 21:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
2016-06-11 17:59 - 2014-04-11 17:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-11 15:11 - 2011-03-18 17:48 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55487834-CFBF-4D2A-A92E-4F1FD9D6E17A}
2016-06-08 21:21 - 2010-10-27 21:40 - 00002372 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-06 18:07 - 2014-02-11 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 14:56 - 2016-04-05 20:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 16:47 - 2011-02-10 19:12 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
2016-05-27 17:17 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-27 17:16 - 2014-04-06 16:47 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\VMware
2016-05-19 14:09 - 2016-02-23 19:02 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001
2016-05-19 14:09 - 2016-02-23 19:02 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001

==================== Files in the root of some directories =======

2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-24 00:32

==================== End of FRST.txt ============================

desono · Jun 12, 2016

I tried also posting the addition.txt file, but it was larger than allowed.

Broni · Jun 12, 2016

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Split Addition.txt log between couple of replies.

desono · Jun 12, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
Ran by Jeff (2016-06-12 13:45:40)
Running from C:\Users\Jeff\Downloads
Windows 7 Professional Service Pack 1 (X64) (2010-06-10 21:17:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2620986578-484658413-2464296446-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2620986578-484658413-2464296446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2620986578-484658413-2464296446-1002 - Limited - Enabled)
Jeff (S-1-5-21-2620986578-484658413-2464296446-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.4 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Perfect365 (HKLM-x32\...\{5B5E949E-3924-45E3-9229-84E8270BED68}) (Version: 1.8.0.3 - ArcSoft, Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0710.1126 - )
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
AutoIt v3.3.6.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{ADAA0C25-2E61-452B-895D-D2190C4C651D}) (Version: 4.4.2.3442 - Canneverbe Limited)
Chk-Back v2.0 (HKLM-x32\...\{916DBF3C-7AA5-4679-AA58-3D6C166BDAAF}) (Version: 2.1.2 - TRC Data Recovery Ltd)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cogitum Co-Citer (HKLM-x32\...\Cogitum Co-Citer) (Version: - )
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.22 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}) (Version: 1.4.00001 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DriveGLEAM V1.12 (HKLM-x32\...\DriveGLEAM_is1) (Version: - Svein Engelsgjerd)
Dropbox (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.3 - Ashisoft)
DVDFab 8.0.6.4 Beta (25/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
DVDFab 8.1.1.2 (08/08/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EMBASSY Security Center Lite (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version: - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.043 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version: - ) Hidden
ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version: - ) Hidden
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
Family Tree Maker (HKLM-x32\...\FTW) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDR Express (HKLM-x32\...\HDR Express) (Version: 1.1.0.8138 - UCT)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4000 Series (HKLM\...\{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Image Trends' Fisheye-Hemi Plug-In 1.2.4 (HKLM-x32\...\{0004206C-AFF4-472E-9981-B443FAADA1D1}) (Version: 1.2.4 - Image Trends, Inc. )
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.708 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NEC MultiProfiler 1.3.40.00 (HKLM-x32\...\NEC MultiProfiler) (Version: 1.3.40.00 - NEC Display Solutions)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )
Noise Ninja 2 (Standalone Version) (HKLM-x32\...\Noise Ninja (Standalone Version)_is1) (Version: - PictureCode LLC)
Noiseware Professional Edition (HKLM-x32\...\{554EB98C-D995-471F-8874-D2BA7BF5EB3E}) (Version: 2.6.0.1 - Imagenomic)
Noiseware Standard Edition (HKLM-x32\...\{6897145C-B43D-415E-84F0-C273437104DA}) (Version: 2.6.0.1 - Imagenomic)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.1.4 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.4 - HDRsoft Sarl)
Photomatix Pro version 5.0.1 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.1 - HDRsoft Ltd)
PhotoSync (HKLM\...\{DEF45511-0EC2-46C1-97C2-899B8BE26ACF}) (Version: 1.6.0 - touchbyte GmbH)
Photosynth 2.0110.0317.1042 (HKLM-x32\...\{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}) (Version: 2.0110.0317.1042 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
Picasa Uploader (x32 Version: 1.2 - UNKNOWN) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PocketWizard Utility (HKLM-x32\...\{2277B360-CA52-4591-9913-D0E779583621}) (Version: 1.55 - LPA Design)
PortraitPro Studio 15.4 (HKLM\...\PortraitProStudio15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
PTLens (HKLM\...\{0238CC07-3B55-47B6-A159-3C4F2E25FB72}) (Version: 3.0.432 - ePaperPress)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadLab v1.3.5 (HKLM-x32\...\RadLab_is1) (Version: - Totally Rad)
Rainbow Folders (HKLM-x32\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
Raptr (HKLM-x32\...\Raptr) (Version: - )
SAFARI Montage Media Player (HKLM-x32\...\{34BC6823-8AB0-466F-BA80-C4A48E66E343}) (Version: 5.7.2 - Library Video Company)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SciTE4AutoIt3 2/28/2010 (HKLM-x32\...\SciTE4AutoIt3) (Version: 2/28/2010 - Jos van der Zande)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
SEKONIC Data Transfer Software 3.0 (HKLM-x32\...\{6B5298BF-E2AD-495B-AF7F-DDA046F50027}) (Version: 3.0 - SEKONIC Corp.)
SEKONIC Lightmeter L-758Series (Driver Removal) (HKLM-x32\...\SK__COMM&0A41&7001) (Version: - )
Send to SmugMug (HKLM-x32\...\{8D445B72-D4AB-4769-A5AF-5056D9D019BD}) (Version: 1.3.0324 - Omar Shahine)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
skillpipe (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\skillpipe) (Version: 1.06.200140 - arvato hightech EMEA)
Skins (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony DVD Architect Pro 4.5 (HKLM-x32\...\{5E9C5450-8011-41E0-8725-4F0BD66B81AE}) (Version: 4.5.69 - Sony)
Sony Vegas Pro 8.0 (HKLM-x32\...\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}) (Version: 8.0.260 - Sony)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - )
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.2 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Texture Effects (HKLM\...\Topaz Texture Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Vern 3.22 (HKLM-x32\...\Vern_is1) (Version: 3.22 - One Guy Coding)
VGA USB Camera (HKLM-x32\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.2.0.0 - )
Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)
Virtual Machine Manager Self-Service Client (HKLM-x32\...\{0288C02B-0A3A-471A-8200-587620572B58}) (Version: 2.0.4271.0 - Microsoft Corporation)
Vista/XP Virtual Desktops (HKLM-x32\...\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}) (Version: 0.9.1.0 - Z-Systems)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
VMware Horizon View Client (HKLM\...\{EBE23A79-2626-4B4B-86A8-97230F06A5B3}) (Version: 3.0.0.19696 - VMware, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-1 - Wacom Technology Corp.)
Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.040 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version: - ) Hidden
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WD Drive Manager (x64) (HKLM\...\{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}) (Version: 2.115 - Western Digital)
WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
WinDirStat 1.1.2 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\WinDirStat) (Version: - )
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C39499-4A79-4080-BBE6-B51ADA0E9082} - System32\Tasks\{9AF7342A-F42F-42C3-A300-340862FE3194} => C:\FTW\FTW.EXE [1998-09-17] (Brøderbund Software, Inc.
Banner Blue Division)
Task: {1E14F0E6-8E70-41EC-9EAD-2724B0CBF3B6} - System32\Tasks\{56C3B39C-E77D-4081-B455-EBA7EB1CD601} => pcalua.exe -a C:\Users\Jeff\Downloads\cociter.exe -d C:\Users\Jeff\Desktop
Task: {2B1DD010-EA90-4D62-820E-CD012538BCA2} - System32\Tasks\{B8312D1A-4857-42AC-884D-6FB4F2A6C19B} => pcalua.exe -a C:\Users\Jeff\Downloads\dotnetfx35setupSP1.exe -d C:\Users\Jeff\Downloads
Task: {2D666F3B-74AA-4914-9B07-36A9D0403975} - System32\Tasks\{933F148C-5019-491E-A4A0-6BB20FAD0105} => pcalua.exe -a C:\Users\Jeff\Downloads\slideshow_maker_45mb_d_en.exe -d C:\Users\Jeff\Desktop
Task: {313D3312-DFAE-48DC-AD80-4B061D8165BF} - System32\Tasks\{C35DAA89-86DA-4F1A-A3EC-BFC27133A48B} => pcalua.exe -a C:\Users\Jeff\Downloads\hcwsmd01_20032.exe -d C:\Users\Jeff\Desktop
Task: {36E80EDB-BAED-48E9-81A6-DC057588B903} - System32\Tasks\{45697DE5-242D-4D3F-8248-68DF8DB3D912} => pcalua.exe -a "D:\Install Lightroom 4.exe" -d D:\
Task: {399C2003-EA4B-44FA-8BF3-F4526B0B267D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {40A9EEC3-5FEA-4D52-81E3-92AD0E3D6A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {47DF9C11-F9B3-483E-B5BA-719852AE24F0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4BEAD903-61B3-4BEC-9F3A-B4E7023314F1} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Jeff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {57326AAD-50F4-4517-9120-75EF77FCEA74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6383BB6A-1FE0-49B2-B8E7-3AD3BA16CDC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66674A80-4989-46E9-9346-30223B03CFED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {66D9A39F-25AB-429B-8BB8-643834FBE2E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6E39FBF3-95C4-4412-9514-8090C89037A2} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMJJMJLJOMGMLMCNLJLMKJMJCNLMKMMMOJCNHMMJLJOMCNHMKMJMPMOJOJJJGMKMNJNMGMJNJICMIMCNNMCNIMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMOMJNHICMEKMICNJJCKJNBJCMFLKJJJJJJNKJCMJNNICMJNDJCMKJBJ"
Task: {727D097C-E562-4914-8ED8-D9FE563281F8} - System32\Tasks\{46755E17-0DC6-4100-B43C-46AD279088FD} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {7A4B0DDA-8C49-4423-B573-5B0B6BC729FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

desono · Jun 12, 2016

Part 2:

Task: {81FAF140-3A21-4E2C-B466-F023A2D741A7} - System32\Tasks\{08DBF19A-6BC6-490C-9BA5-CD82B7C78F6D} => pcalua.exe -a C:\Users\Jeff\Downloads\wintv6_cd_4.6b.exe -d C:\Users\Jeff\Desktop
Task: {8F33D62C-9BBC-47C1-AE32-824E01A6FE06} - System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {93567D90-0C07-441F-8BEF-CABE1001F101} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9869E0DF-5185-4F13-AA3B-BAAED867B8D3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {9C9E5BAE-F781-4FAC-8F9F-BEBD1E506977} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {A056C3E2-78D8-4300-B60B-9D932BED5AD8} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {AA54BC45-2660-44CA-836C-1C998C688402} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
Task: {AD134080-6506-4168-ADE7-0CFD9BF2FC69} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B59B8B0B-0CEA-40CC-B224-1937361640E3} - System32\Tasks\{643D0E66-A340-4424-B106-695B0B8E3548} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {BAC89225-CF69-4EDA-BBEE-2F90C62E1EBC} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {C238768D-5022-44AE-B6E1-00520D5EC488} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C2E6170F-12B5-42A9-A8FE-506F061E36A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {C5A4B991-CE2D-45C1-A81E-EDC8D5B91ACF} - System32\Tasks\{33985AE6-ABF7-49BD-A6D0-570EF5AAFD87} => pcalua.exe -a C:\Users\Jeff\Downloads\PandoraRecovery2.1.1Setup.exe -d C:\Users\Jeff\Desktop
Task: {D314A4F9-9074-4D09-BB4D-A9FA15B80FF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {E7A12BE7-C61A-4EBA-84FF-6DEF9799E3FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EAFA5FE3-E028-4D8F-8BE6-FD7D2B5EFD42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {EB8F685F-E050-4A48-9B84-55B2754EE24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EC0523FA-F443-4312-9C5E-7CB8E7F2CB0F} - System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EC2CF75D-2D26-4AA6-AA64-16AC4A3F9856} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {F5D0A5B9-C0B2-4061-AE52-2B4B331C2EE4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F7D4E940-3076-413E-81D2-A1D80B63FAF1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {F7F7155E-13BF-4359-BEF7-4AB970ADF416} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FEA7D813-B4A6-4277-A942-20C58EEB3862} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-07-06 10:11 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-24 18:26 - 2011-02-24 18:26 - 00028432 _____ () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
2011-02-24 18:26 - 2011-02-24 18:26 - 02674448 _____ () C:\Program Files\UCT\HDR Express\QtCore4.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-11-07 21:05 - 2015-10-02 18:21 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2010-03-02 14:49 - 2010-03-02 14:49 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00868352 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00266240 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00065536 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2016-06-08 21:21 - 2016-06-03 21:56 - 01745560 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 21:21 - 2016-06-03 21:56 - 00091288 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libegl.dll
2011-06-01 12:42 - 2011-06-01 12:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
2011-06-01 12:46 - 2011-06-01 12:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
2011-06-01 12:16 - 2011-06-01 12:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
2011-06-01 12:16 - 2011-06-01 12:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
2014-10-18 19:28 - 2014-10-18 19:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c946902f86f692c9a47a6bb2905fe4b9\IsdiInterop.ni.dll
2014-10-15 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-06-08 21:21 - 2016-06-03 21:56 - 17565848 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\foxnews.com -> hxxps://login.foxnews.com
IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\insightexpressai.com -> hxxp://core.insightexpressai.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-02-18 08:42 - 00000906 ____N C:\Windows\system32\Drivers\etc\hosts

192.168.1.3 Alias.27 # WD SmartWare: uuid:73656761-7465-7375-636b-0090a9bc302f

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vern 3.2.lnk => C:\Windows\pss\Vern 3.2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
MSCONFIG\startupreg: DellControlPoint => "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7E2642A6-1CBE-4F3E-A165-6C6396A21A0B}] => (Allow) svchost.exe
FirewallRules: [{00D30A03-7981-49C8-A06B-2AC6F557FC85}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{11681934-85B2-40D7-BB61-3657091DDC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{55393ADC-B9F9-4F43-A2F2-C1A85BE27806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{9D1A5D7D-393A-4EC7-994C-EB3371E6989A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E1993CC7-06C4-4A1A-BEC6-8917C93F4B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D9BC1A1E-A474-4226-9E9D-986261E1782E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0BA8FA54-4CF8-474D-8AD3-885679EFB71A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C63C9E8C-B512-4E76-A257-24367759D0D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{55ED4F24-9C21-42E0-A0AE-05C204BE0630}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BED09548-6639-4149-9044-080612191CE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{A1E3EE29-7C69-4880-BDB7-54306AE9FF6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1787F2EF-CF1B-4103-A2DC-CFA5DF57DDB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{21AFD5FA-BF83-4DD0-8193-1564EB9414BD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{53741E3B-26D2-4A68-8661-B87022DDD86E}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2D29BBF8-734C-4F75-895D-BBD40421347F}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{62A6BB35-83D4-4AEE-B66C-2A798B155437}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{80232EF3-2EF6-4177-856D-617E3C15AB5B}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{59BBB991-694F-4D2E-BBAD-5172447ED5F1}] => (Allow) LPort=35722
FirewallRules: [TCP Query User{873E2A4C-7C49-4F15-86F8-08E5ADAD9E7A}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{436C7093-C20C-4508-9A6A-E11A08DC90AE}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{06173391-150C-467F-BE06-507A838F2AE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{167A83A8-0450-47E1-BCF8-2B388F40A0B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{133DCF9E-6621-4177-B06A-D80087DA81F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C2267703-0296-4D11-B3A7-BE9B1E0611D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{53383707-10A5-40AC-9F79-566F2A2DF800}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{5CD1E5D5-53EC-4ECA-B592-1F1DA95F17BC}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{AB34B557-3008-4CE2-92C8-AE4BD1C4834B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{254973CD-663A-41A7-91D3-50024F5DE7B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{6381E03F-B076-4E47-A024-F615199C6056}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{799B85B1-FE2B-4972-96D2-46D6D32F2556}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{EE83AD08-2A21-45D0-9103-33A216016C97}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{CA1F3E3F-201A-4829-AF2D-1F140D7E3476}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{D7799A5D-2444-4F22-A812-976F569DDFA9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A497E7E2-FE5B-4832-BC0B-1A4DB8645101}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1D54B8B1-736C-4F6A-830A-E611D43C60E9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{070FF34B-40F7-47FA-8E35-7ADE0E8C0D1D}] => (Allow) LPort=2869
FirewallRules: [{FADBCB46-0317-4F70-B507-C656C0062EFA}] => (Allow) LPort=1900
FirewallRules: [{9BBFB4C5-0926-4CD1-B6D8-FBE177AAE2F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9602CF13-D0D3-4553-BD71-9C76E0665123}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F71221F7-38F0-448B-9CEE-D6E35D8FA4B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92DB92CE-05FB-4B5E-8E2F-E963A72AC679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C0395E0-8734-46EB-9632-8729466C585E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4C1AF39-741E-41EF-8610-79A33A15D44C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDC5B277-4F44-4BA1-BAF1-A66BB1830996}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C82EE142-2CE3-439D-A784-5F80025BA87A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1F2E9E11-6CD1-4062-8D67-CE0524A9830D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EC03CB22-DC4E-4968-8F9F-707425B679FB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{397E8405-6F3A-48BE-8969-B82E4E055CF6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{13329A22-FA32-4882-BF87-39379D3277E9}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{92A2AD35-E9A6-430D-B3A1-00E5C7F74C96}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{08F3285D-C8E2-42C5-A0B6-56B1023BA095}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2016 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TdmNotify.exe, version: 3.3.3.104, time stamp: 0x4bb10672
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001630000002c
Faulting process id: 0x1500
Faulting application start time: 0xTdmNotify.exe0
Faulting application path: TdmNotify.exe1
Faulting module path: TdmNotify.exe2
Report Id: TdmNotify.exe3

Error: (06/11/2016 10:31:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {57522d9f-dcbc-448b-893c-9755b5437e91}

Error: (06/09/2016 10:28:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/08/2016 10:26:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/07/2016 10:24:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/07/2016 12:13:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program tltextureeffects.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1808

Start Time: 01d1c0724126e1e7

Termination Time: 453

Application Path: C:\Program Files\Topaz Labs\Topaz Texture Effects\tltextureeffects.exe

Report Id: 3db77c2c-2c66-11e6-aecd-b8ac6f83267f

Error: (06/06/2016 10:23:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/06/2016 01:05:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).

Error: (06/05/2016 10:19:54 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/04/2016 10:18:24 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

System errors:
=============
Error: (06/12/2016 01:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (06/12/2016 01:19:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/12/2016 01:16:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/12/2016 01:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (06/12/2016 01:07:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 01:07:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware View USB service terminated unexpectedly. It has done this 1 time(s).

CodeIntegrity:
===================================
Date: 2016-06-12 13:19:31.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-12 13:19:30.905
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-02 20:24:08.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2012-05-23 16:46:11.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-11-13 19:52:46.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5507 @ 2.27GHz
Percentage of memory in use: 25%
Total physical RAM: 18429.59 MB
Available physical RAM: 13802.04 MB
Total Virtual: 34811.79 MB
Available Virtual: 29308.91 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.78 GB) (Free:43.3 GB) NTFS
Drive g: (WD500gbHD001) (Fixed) (Total:465.46 GB) (Free:465.35 GB) NTFS
Drive h: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive I: (Seagate2TB0515) (Fixed) (Total:1863.01 GB) (Free:1101.24 GB) NTFS
Drive p: (NIKON D700) (Removable) (Total:29.8 GB) (Free:24.9 GB) FAT32
Drive r: (500gbSamUSB) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
Drive u: (ClassOf2016) (Fixed) (Total:465.76 GB) (Free:96.35 GB) NTFS
Drive z: (Samsung500GB) (Fixed) (Total:465.76 GB) (Free:135.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 519EEA7C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E7E52D8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 78F30D47)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 305762D3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49C5DE19)
Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C20DCE50)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Jun 12, 2016

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

desono · Jun 13, 2016

RogueKiller found some things. Text below. malwarebytes found nothing at all.

RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jeff [Administrator]
Started from : C:\Users\Jeff\Desktop\VirusStuff\RogueKiller.exe
Mode : Delete -- Date : 06/13/2016 08:20:30

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://jefpix.smugmug.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://jefpix.smugmug.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][CHROME:Addon] Default : Poppit! [mcbkbpnkkkipelfledbfocopglifcfmi] -> Deleted
[PUM.HomePage][FIREFX:Config] uf9kdf5y.default-1437932346253 : user_pref("browser.startup.homepage", "http://jefpix.smugmug.com/|http://w...qvbm?__reuse=1439169022981|about:preferences#"); -> Replaced (about:home)

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
--- User ---
[MBR] 5c7aa8d2b478b047d639e873057ea8dc
[BSP] 30c7620ff47ceb01f9c977aa508bc561 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Samsung SSD 850 EVO 500GB ATA Device +++++
--- User ---
[MBR] 9cc211cc100c7b4db1821c7160af44d8
[BSP] eecb5157a1919d000280e31edc4f6cd4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Samsung SSD 850 EVO 500GB ATA Device +++++
--- User ---
[MBR] 06aaaa031253e7ce3151fed510382667
[BSP] 0c4b4bbaba43b70bd519c331f500ca61 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: ST2000DM001-1ER164 ATA Device +++++
--- User ---
[MBR] b92f86ceac283696b626e13a1ee8f1d2
[BSP] d38c2430610e47217dd9d19af3e4f4fb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive4: WDC WD5000BEKT-75KA9T0 ATA Device +++++
--- User ---
[MBR] 85862f82d9b3eedbcd960316b8832cd7
[BSP] 23540a2d4d4061af8fe6d7e363d85ffe : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 976134144 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive5: ASMT 2115 USB Device +++++
--- User ---
[MBR] 9d2575297f62062007d193b9ff22cb51
[BSP] f9e09db58861551adbb4ec50d1739158 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Lexar CF Multi-Card R USB Device +++++
--- User ---
[MBR] 30bb239b419d20f393c783263dc5b8ef
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 30527 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: Lexar SD Multi-Card R USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive8: Lexar XD Multi-Card R USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive9: Lexar MS Multi-Card R USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive10: Lexar mSD Multi-Card R USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

desono · Jun 13, 2016

Now running adwcleaner...

desono · Jun 13, 2016

ADWcleaner came back with:
---------------------------
- AdwCleaner - Information -
---------------------------
AdwCleaner found no malicious program on your computer !
---------------------------
OK
---------------------------

desono · Jun 13, 2016

Here's the output of JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Professional x64
Ran by Jeff (Administrator) on Mon 06/13/2016 at 12:45:14.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 213

Successfully deleted: C:\Users\Jeff\AppData\Local\{101701C2-2F76-413E-AC2E-31264CB1CCEA} (Empty Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\{4BA3E05D-C72A-44BD-92E3-543FA57CB45B} (Empty Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\{4C826971-6020-4E90-9BEF-F5465FB6C3C0} (Empty Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\{934C83C2-DF73-4CA4-B831-3173D9CB53CC} (Empty Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\{E41A09C6-7D72-40B4-814B-6347F63A947F} (Empty Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File)
Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
Successfully deleted: C:\Users\Jeff\AppData\Roaming\red kawa (Folder)
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Program Files (x86)\red kawa (Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B71V6JD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CGEJFKF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F6Z3KC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QR4RSR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WKN162I (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14WHH1TG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F7UBGRU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FAO7I3A (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OU3P71H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P3VV717 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24GUS04U (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z4Y3L2Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OOFTN64 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RLQHC9H (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XOE3BWB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQ647RS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\665HR2RL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E9V9XXA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WGL4WW3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZRY811Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73W7Q6GV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FRZ0APT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZEHXMWR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NC1P60F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RF2IA1P (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RQ2MTLD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L97H4YC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDZHJ67 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG25F83B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCG3XYO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPSGUUJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ26J0RF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRBZOO3V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C05JJ9GK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLHATXD6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ1Q108B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOWSZYI0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET6TBHD9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD463VW3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO34APH6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVH3QQ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAQRPZUZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHBX3WM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIWGM4B1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HY8XYDIW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3H77XJL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCGGEQOP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLRTHRXZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQW2OSF5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4D5GJNH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR069L29 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L10DRPPF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29QXCX1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDGR435Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEDBWPCP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHX31LH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZQ8ZQHK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZX07L9E (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBMQI4YB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDO41QWO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVK9JZ2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02EV4KK (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N71NFDS8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOK2LBY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPDF2UVI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXCF1MM4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCI1JGTU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIX4AVV1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN5M1BP5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJR3YLB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJGAHU21 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QM0VUKKU (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUJZ3CQN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2IFK1LO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9UB40K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6G97YV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URTD7MN0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE2DIQDJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2TZOIT5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9CI1K2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEBCB4LT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGWFPMM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92D8JGF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9FUVZ7V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2UU2DR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF704GRG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGGOFM5X (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQGMUEPI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWQFFPVZ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5HBOXTG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBSBXOMP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTWXAZIJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOLSZ8FW (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV5LTLAR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZQ9WLK0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\ENABLETOOLBARW32.EXE-535515F7.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B71V6JD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CGEJFKF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F6Z3KC3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QR4RSR8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WKN162I (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14WHH1TG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F7UBGRU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FAO7I3A (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OU3P71H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P3VV717 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24GUS04U (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z4Y3L2Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OOFTN64 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RLQHC9H (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XOE3BWB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQ647RS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\665HR2RL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E9V9XXA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WGL4WW3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZRY811Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73W7Q6GV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FRZ0APT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZEHXMWR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NC1P60F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RF2IA1P (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RQ2MTLD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L97H4YC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDZHJ67 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG25F83B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCG3XYO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPSGUUJJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ26J0RF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRBZOO3V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C05JJ9GK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLHATXD6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ1Q108B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOWSZYI0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET6TBHD9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD463VW3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO34APH6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVH3QQ3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAQRPZUZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHBX3WM1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIWGM4B1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HY8XYDIW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3H77XJL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCGGEQOP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLRTHRXZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQW2OSF5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4D5GJNH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR069L29 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L10DRPPF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29QXCX1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDGR435Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEDBWPCP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHX31LH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZQ8ZQHK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZX07L9E (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBMQI4YB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDO41QWO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVK9JZ2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02EV4KK (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N71NFDS8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOK2LBY2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPDF2UVI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXCF1MM4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCI1JGTU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIX4AVV1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN5M1BP5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJR3YLB (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJGAHU21 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QM0VUKKU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUJZ3CQN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2IFK1LO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9UB40K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6G97YV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URTD7MN0 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE2DIQDJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2TZOIT5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9CI1K2Y (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEBCB4LT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGWFPMM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92D8JGF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9FUVZ7V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2UU2DR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF704GRG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGGOFM5X (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQGMUEPI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWQFFPVZ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5HBOXTG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBSBXOMP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTWXAZIJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOLSZ8FW (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV5LTLAR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZQ9WLK0 (Temporary Internet Files Folder)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8781E387-BF6E-48EE-8B0B-0A887B25AF6C} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9915F447-3FDA-4398-A5A1-380F467B3548} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/13/2016 at 12:48:20.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

desono · Jun 13, 2016

Sorry, missed the Mwb output:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/13/2016
Scan Time: 8:23 AM
Logfile: mwb.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.13.03
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jeff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439723
Time Elapsed: 16 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

desono · Jun 13, 2016

Adwcleaner(s1). txt contents:

# AdwCleaner v3.022 - Report created 30/03/2014 at 22:26:41
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jeff - JEFFDELL7
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\c91xlb4u.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3321 octets] - [27/02/2014 08:54:03]
AdwCleaner[R1].txt - [1004 octets] - [30/03/2014 22:25:27]
AdwCleaner[S0].txt - [3403 octets] - [27/02/2014 08:56:03]
AdwCleaner[S1].txt - [927 octets] - [30/03/2014 22:26:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [986 octets] ##########
# AdwCleaner v5.119 - Logfile created 12/06/2016 at 09:22:44
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Jeff - JEFFDELL7
# Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

File Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\searchplugins\safesearch.xml
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uswhsalcds-a.akamaihd.net_0.localstorage
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uswhsalcds-a.akamaihd.net_0.localstorage-journal
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage-journal
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[R0].txt - [3321 bytes] - [27/02/2014 08:54:03]
C:\AdwCleaner\AdwCleaner[R1].txt - [1004 bytes] - [30/03/2014 22:25:27]
C:\AdwCleaner\AdwCleaner[R2].txt - [3181 bytes] - [02/07/2014 14:59:40]
C:\AdwCleaner\AdwCleaner[R3].txt - [1326 bytes] - [10/07/2014 16:57:47]
C:\AdwCleaner\AdwCleaner[R4].txt - [2122 bytes] - [20/09/2014 15:33:45]
C:\AdwCleaner\AdwCleaner[R5].txt - [3187 bytes] - [31/01/2015 18:45:11]
C:\AdwCleaner\AdwCleaner[R6].txt - [1928 bytes] - [06/04/2015 15:10:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [3403 bytes] - [27/02/2014 08:56:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [3732 bytes] - [30/03/2014 22:26:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [3081 bytes] - [02/07/2014 15:00:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [1387 bytes] - [10/07/2014 16:59:11]
C:\AdwCleaner\AdwCleaner[S4].txt - [2112 bytes] - [20/09/2014 15:39:51]
C:\AdwCleaner\AdwCleaner[S5].txt - [3193 bytes] - [31/01/2015 18:48:44]
C:\AdwCleaner\AdwCleaner[S6].txt - [2000 bytes] - [06/04/2015 16:00:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4170 bytes] ##########

desono · Jun 13, 2016

Wrong Adwcleaner log. Here's the one from today. I don't know why the date at the very beginning is so old. The info from today is further down in this log below:

# AdwCleaner v3.215 - Report created 10/07/2014 at 16:59:11
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Jeff - JEFFDELL7
# Running from : C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17207

-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\mtwvnln3.default-1403266605805\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [3321 octets] - [27/02/2014 08:54:03]
AdwCleaner[R1].txt - [1004 octets] - [30/03/2014 22:25:27]
AdwCleaner[R2].txt - [3181 octets] - [02/07/2014 14:59:40]
AdwCleaner[R3].txt - [1326 octets] - [10/07/2014 16:57:47]
AdwCleaner[S0].txt - [3403 octets] - [27/02/2014 08:56:03]
AdwCleaner[S1].txt - [1065 octets] - [30/03/2014 22:26:41]
AdwCleaner[S2].txt - [3081 octets] - [02/07/2014 15:00:11]
AdwCleaner[S3].txt - [1247 octets] - [10/07/2014 16:59:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1307 octets] ##########
# AdwCleaner v5.119 - Logfile created 13/06/2016 at 12:42:37
# Updated 30/05/2016 by Xplode
# Database : 2016-06-12.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Jeff - JEFFDELL7
# Running from : C:\Users\Jeff\Desktop\VirusStuff\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3592 bytes] - [12/06/2016 13:07:25]
C:\AdwCleaner\AdwCleaner[R0].txt - [3321 bytes] - [27/02/2014 08:54:03]
C:\AdwCleaner\AdwCleaner[R1].txt - [1004 bytes] - [30/03/2014 22:25:27]
C:\AdwCleaner\AdwCleaner[R2].txt - [3181 bytes] - [02/07/2014 14:59:40]
C:\AdwCleaner\AdwCleaner[R3].txt - [1326 bytes] - [10/07/2014 16:57:47]
C:\AdwCleaner\AdwCleaner[R4].txt - [2122 bytes] - [20/09/2014 15:33:45]
C:\AdwCleaner\AdwCleaner[R5].txt - [3187 bytes] - [31/01/2015 18:45:11]
C:\AdwCleaner\AdwCleaner[R6].txt - [1928 bytes] - [06/04/2015 15:10:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [3403 bytes] - [27/02/2014 08:56:03]
C:\AdwCleaner\AdwCleaner[S1].txt - [4249 bytes] - [30/03/2014 22:26:41]
C:\AdwCleaner\AdwCleaner[S2].txt - [6585 bytes] - [02/07/2014 15:00:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [2844 bytes] - [10/07/2014 16:59:11]
C:\AdwCleaner\AdwCleaner[S4].txt - [2112 bytes] - [20/09/2014 15:39:51]
C:\AdwCleaner\AdwCleaner[S5].txt - [3193 bytes] - [31/01/2015 18:48:44]
C:\AdwCleaner\AdwCleaner[S6].txt - [2000 bytes] - [06/04/2015 16:00:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3136 bytes] ##########

Broni · Jun 13, 2016

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

desono · Jun 15, 2016

Combofix ran without problems this time (without making 7000 more empty files). Here is the combofix.txt contents:

ComboFix 16-06-01.01 - Jeff 06/15/2016 7:33.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.18430.14960 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
SP: Norton Security Suite *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - Windows: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeff\AppData\Roaming\1&1
c:\users\Jeff\g2mdlhlpx.exe
c:\windows\SysWow64\test
.
.
((((((((((((((((((((((((( Files Created from 2016-05-15 to 2016-06-15 )))))))))))))))))))))))))))))))
.
.
2016-06-15 11:40 . 2016-06-15 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-06-15 11:40 . 2016-06-15 11:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-06-13 11:40 . 2016-06-13 11:40 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-06-13 11:40 . 2016-06-13 12:22 -------- d-----w- c:\programdata\RogueKiller
2016-06-12 17:44 . 2016-06-12 17:46 -------- d-----w- C:\FRST
2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files (x86)\iTunes
2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files\iTunes
2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files\iPod
2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-13 17:21 . 2015-04-06 18:26 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-06-02 20:36 . 2010-06-13 18:08 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2016-06-02 20:36 . 2010-06-13 18:08 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2016-05-12 21:46 . 2012-04-13 11:58 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-05-12 21:46 . 2011-05-22 14:02 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-21 00:49 . 2016-03-21 00:49 0 ----a-w- c:\windows\invcol.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF"="c:\users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe" [2016-06-04 941720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-04-22 67384]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-03-30 377368]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-20 5564784]
"StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-22 767176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ADFilter.sys [x]
R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ATV.sys [x]
R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72DTV.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS;c:\windows\SYSNATIVE\DRIVERS\NDSPCIIO64.SYS [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160614.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160614.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1606000.08E\SYMNETS.SYS [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 HDRExpressService;HDRExpressService;c:\program files\UCT\HDR Express\HDRExpressService.exe;c:\program files\UCT\HDR Express\HDRExpressService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files\LogMeIn\x64\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x64\RaInfo.sys;c:\program files\LogMeIn\x64\RaInfo.sys [x]
S2 N360;Norton 360;c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vmware-view-usbd;VMware View USB;c:\program files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe;c:\program files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 wsnm;VMware View Client;c:\program files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe;c:\program files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-07 03:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:46]
.
2016-06-15 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
- c:\users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19 18:09]
.
2016-06-15 c:\windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
- c:\users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19 18:09]
.
2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 19:46]
.
2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 19:46]
.
2016-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 16:45]
.
2016-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 16:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-08-06 508240]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-06-01 176952]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
Trusted Zone: dell.com
Trusted Zone: foxnews.com\login
Trusted Zone: foxnews.com\www
Trusted Zone: insightexpressai.com\core
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} - hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\
FF - prefs.js: browser.startup.homepage - about:homeabout:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-Cogitum Co-Citer - c:\windows\system32\msinfhlp.exe
AddRemove-SK__COMM&0A41&7001 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SK__COMM&0A41&7001
AddRemove-Videora iPod Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
AddRemove-{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC} - c:\programdata\{936A92B9-7D0F-45B4-92FF-5D18546D4189}\remask3_setup_ext.exe
AddRemove-{8A1EBF29-7CF8-471E-B90B-95FF36AC8248} - c:\programdata\{0C544878-1DB6-409D-A998-0664599014C4}\simplify3_setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142;c:\program files (x86)\Norton Security Suite\Engine64\22.6.0.142"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bwf"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.caf"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cdda"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cel"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcx"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dng"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.flc"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fli"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.gsm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jfif"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jif"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kar"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kdc"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m15"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m1a"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m2a"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m4b"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m75"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mpv"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcx"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pics"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qtpf"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raw"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sdv"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sfil"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smf"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sml"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.swa"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ulw"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.vfw"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbmp"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xif"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="35-PYM2-S8N6-RFYY-9KYP-7VXH-TPFZTBS"
"Activated"="Y"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSLicensing]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-06-15 07:43:06
ComboFix-quarantined-files.txt 2016-06-15 11:43
.
Pre-Run: 46,057,558,016 bytes free
Post-Run: 46,131,216,384 bytes free
.
- - End Of File - - FB1BCFB9411B708991C06D2F49FDCB12
B1F7D7F6E4FBE98E578562A22A94D02C

Broni · Jun 15, 2016

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

desono · Jun 16, 2016

Here's the latest farbar report:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
Ran by Jeff (administrator) on JEFFDELL7 (16-06-2016 07:28:31)
Running from C:\Users\Jeff\Desktop\VirusStuff
Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\UCT\HDR Express\HDRExpressService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\ramaint.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
(WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkSupport\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\dynamiclinkmediaserver.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\32\Adobe QT32 Server.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2009-06-26] (WDC)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk [2016-05-01]
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2015-06-03]
ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{84CDE727-683E-4465-9041-FAF78236A7A3}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DDF0C787-E6F5-492B-A749-D439F1422CBB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://I.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253
FF DefaultSearchEngine.US: Google
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2010-03-17] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-04-03] (Library Video Company)
FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-03-14] (Library Video Company)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-11-05]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://jefpix.smugmug.com/","hxxp://www.nikoncafe.com/xenf/index.php?forums/formal-portraits-and-weddings.38/","hxxp://www.dpreview.com/?utm_campaign=internal-link&utm_source=logo&utm_medium=image&ref=logo","hxxps://www.facebook.com/","hxxp://www.foxnews.com/","hxxp://www.foxbusiness.com/","hxxps://500px.com/jeffhall","hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=B5183A27A338AB5DA08424C7A045C20E.1y3RKxzw955Myi8IT0QTn_Mr-_4#&ref=!!%26app%3Dio.ox%2Fmail%26folder%3Ddefault0%2F%2FZrdr%26language%3Den_US%26user%3Djeff%2540designscience.com%26user_id%3D8","hxxps://www.pinterest.com/jeffh0297/","hxxps://twitter.com/jefhal"
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
CHR Extension: (Entanglement Web App) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-08]
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-01]
CHR Extension: (Google Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
CHR Extension: (Pin It Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-04]
CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
CHR Extension: (Image Properties Context Menu) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2013-07-01]
CHR Extension: (Norton Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515952 2010-02-08] (Dell Inc.)
R2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [28432 2011-02-24] ()
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-03-20] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files\LogMeIn\x64\RaMaint.exe [147336 2012-03-20] (LogMeIn, Inc.)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2013-04-09] (Hauppauge Computer Works, Inc.)
S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1667328 2013-04-09] (Hauppauge Computer Works, Inc.)
S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1669760 2013-04-09] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160615.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
R2 LMIInfo; C:\Program Files\LogMeIn\x64\RaInfo.sys [15928 2012-03-20] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160615.023\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160615.023\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-13] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 07:27 - 2016-06-16 07:27 - 02385920 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
2016-06-15 07:43 - 2016-06-15 07:43 - 00044702 _____ C:\ComboFix.txt
2016-06-15 07:28 - 2016-06-15 07:28 - 05659224 ____R (Swearware) C:\Users\Jeff\Desktop\ComboFix.exe
2016-06-14 12:13 - 2016-06-14 12:13 - 00386912 _____ (a16) C:\Users\Jeff\Downloads\FlashPlayer.exe
2016-06-13 12:48 - 2016-06-13 12:48 - 00035202 _____ C:\Users\Jeff\Desktop\JRT.txt
2016-06-13 07:40 - 2016-06-13 08:22 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-13 07:40 - 2016-06-13 07:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-13 07:36 - 2016-06-16 07:27 - 00000000 ____D C:\Users\Jeff\Desktop\VirusStuff
2016-06-12 18:23 - 2016-06-12 18:24 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
2016-06-12 16:51 - 2016-06-12 16:51 - 22851472 _____ (Malwarebytes ) C:\Users\Jeff\Downloads\mbam-setup-2.2.1.1043.exe
2016-06-12 13:44 - 2016-06-16 07:28 - 00000000 ____D C:\FRST
2016-06-12 13:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-06-12 13:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-06-12 13:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-06-12 13:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-06-12 13:09 - 2016-06-15 07:43 - 00000000 ____D C:\Qoobox
2016-06-12 13:09 - 2016-06-15 07:41 - 00000000 ____D C:\Windows\erdnt
2016-06-12 09:00 - 2016-06-12 09:00 - 03677248 _____ C:\Users\Jeff\Downloads\AdwCleaner.exe
2016-06-12 08:59 - 2016-06-12 08:59 - 05659224 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
2016-06-06 18:07 - 2016-06-06 18:07 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iTunes
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iPod
2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files (x86)\iTunes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-16 07:28 - 2013-04-13 12:37 - 00000000 ____D C:\Users\Jeff\Documents\Outlook Files
2016-06-16 07:28 - 2010-06-10 21:56 - 00000000 ____D C:\Users\Jeff\Documents\Outlook
2016-06-16 07:19 - 2010-10-27 21:39 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
2016-06-16 07:15 - 2013-03-30 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-16 07:10 - 2016-02-23 19:02 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
2016-06-16 06:46 - 2014-02-27 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-16 06:24 - 2016-02-23 19:02 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
2016-06-16 02:10 - 2011-03-18 17:48 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55487834-CFBF-4D2A-A92E-4F1FD9D6E17A}
2016-06-16 02:00 - 2014-07-02 15:59 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
2016-06-16 01:40 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-16 01:40 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-15 20:19 - 2010-10-27 21:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
2016-06-15 18:15 - 2013-03-30 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-15 07:43 - 2014-04-22 15:29 - 00000000 ____D C:\Users\dub_cm_auto
2016-06-15 07:40 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2016-06-15 07:39 - 2010-06-10 17:17 - 00000000 ____D C:\Users\Jeff
2016-06-15 07:29 - 2015-07-31 06:36 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-06-13 18:41 - 2015-06-07 07:54 - 00000000 ___HD C:\Users\Jeff\Downloads\.picasaoriginals
2016-06-13 18:41 - 2015-04-07 19:26 - 00000213 ____H C:\Users\Jeff\Downloads\.picasa.ini
2016-06-13 13:21 - 2015-04-06 14:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-12 20:05 - 2014-04-11 17:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-06-12 18:27 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-12 18:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-06-12 18:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-12 16:52 - 2015-04-06 14:26 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-06-12 16:52 - 2015-04-06 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-12 16:52 - 2015-04-06 14:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-12 13:27 - 2014-07-12 14:29 - 00000000 ____D C:\Users\Jeff\AppData\OICE_15_974FA576_32C1D314_36C6
2016-06-12 13:27 - 2012-10-27 14:37 - 00000000 ____D C:\Users\Jeff\AppData\Local\Eye-Fi
2016-06-12 13:27 - 2010-11-11 16:58 - 00000000 ___RD C:\Users\Jeff\Documents\My Dropbox
2016-06-12 13:09 - 2010-06-10 23:09 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
2016-06-12 13:07 - 2014-02-27 08:28 - 00000000 ____D C:\AdwCleaner
2016-06-08 21:21 - 2010-10-27 21:40 - 00002372 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-06 18:07 - 2014-02-11 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-03 14:56 - 2016-04-05 20:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-02 16:47 - 2011-02-10 19:12 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
2016-05-27 17:17 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-27 17:16 - 2014-04-06 16:47 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\VMware
2016-05-19 14:09 - 2016-02-23 19:02 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001
2016-05-19 14:09 - 2016-02-23 19:02 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001

==================== Files in the root of some directories =======

2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-24 00:32

==================== End of FRST.txt ============================

desono · Jun 16, 2016

And the first half of the Addition.txt file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Jeff (2016-06-16 07:29:04)
Running from C:\Users\Jeff\Desktop\VirusStuff
Windows 7 Professional Service Pack 1 (X64) (2010-06-10 21:17:32)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2620986578-484658413-2464296446-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2620986578-484658413-2464296446-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2620986578-484658413-2464296446-1002 - Limited - Enabled)
Jeff (S-1-5-21-2620986578-484658413-2464296446-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.4 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ArcSoft Perfect365 (HKLM-x32\...\{5B5E949E-3924-45E3-9229-84E8270BED68}) (Version: 1.8.0.3 - ArcSoft, Inc.)
ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0710.1126 - )
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
AutoIt v3.3.6.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
CDBurnerXP (HKLM-x32\...\{ADAA0C25-2E61-452B-895D-D2190C4C651D}) (Version: 4.4.2.3442 - Canneverbe Limited)
Chk-Back v2.0 (HKLM-x32\...\{916DBF3C-7AA5-4679-AA58-3D6C166BDAAF}) (Version: 2.1.2 - TRC Data Recovery Ltd)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Cogitum Co-Citer (HKLM-x32\...\Cogitum Co-Citer) (Version: - )
CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.22 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
Dell ControlPoint System Manager (HKLM\...\{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}) (Version: 1.4.00001 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell System Detect (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DriveGLEAM V1.12 (HKLM-x32\...\DriveGLEAM_is1) (Version: - Svein Engelsgjerd)
Dropbox (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.3 - Ashisoft)
DVDFab 8.0.6.4 Beta (25/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
DVDFab 8.1.1.2 (08/08/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
EMBASSY Security Center Lite (Version: 04.01.00.044 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version: - ) Hidden
EMBASSY Security Setup (Version: 04.01.00.043 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version: - ) Hidden
ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version: - ) Hidden
Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
Family Tree Maker (HKLM-x32\...\FTW) (Version: - )
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
HDR Express (HKLM-x32\...\HDR Express) (Version: 1.1.0.8138 - UCT)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4000 Series (HKLM\...\{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}) (Version: 13.0 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
Image Trends' Fisheye-Hemi Plug-In 1.2.4 (HKLM-x32\...\{0004206C-AFF4-472E-9981-B443FAADA1D1}) (Version: 1.2.4 - Image Trends, Inc. )
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.708 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
NEC MultiProfiler 1.3.40.00 (HKLM-x32\...\NEC MultiProfiler) (Version: 1.3.40.00 - NEC Display Solutions)
NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )
Noise Ninja 2 (Standalone Version) (HKLM-x32\...\Noise Ninja (Standalone Version)_is1) (Version: - PictureCode LLC)
Noiseware Professional Edition (HKLM-x32\...\{554EB98C-D995-471F-8874-D2BA7BF5EB3E}) (Version: 2.6.0.1 - Imagenomic)
Noiseware Standard Edition (HKLM-x32\...\{6897145C-B43D-415E-84F0-C273437104DA}) (Version: 2.6.0.1 - Imagenomic)
Norton Security Suite (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photomatix Pro version 4.1.4 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.4 - HDRsoft Sarl)
Photomatix Pro version 5.0.1 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.1 - HDRsoft Ltd)
PhotoSync (HKLM\...\{DEF45511-0EC2-46C1-97C2-899B8BE26ACF}) (Version: 1.6.0 - touchbyte GmbH)
Photosynth 2.0110.0317.1042 (HKLM-x32\...\{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}) (Version: 2.0110.0317.1042 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
Picasa Uploader (x32 Version: 1.2 - UNKNOWN) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PocketWizard Utility (HKLM-x32\...\{2277B360-CA52-4591-9913-D0E779583621}) (Version: 1.55 - LPA Design)
PortraitPro Studio 15.4 (HKLM\...\PortraitProStudio15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
PTLens (HKLM\...\{0238CC07-3B55-47B6-A159-3C4F2E25FB72}) (Version: 3.0.432 - ePaperPress)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RadLab v1.3.5 (HKLM-x32\...\RadLab_is1) (Version: - Totally Rad)
Rainbow Folders (HKLM-x32\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
Raptr (HKLM-x32\...\Raptr) (Version: - )
SAFARI Montage Media Player (HKLM-x32\...\{34BC6823-8AB0-466F-BA80-C4A48E66E343}) (Version: 5.7.2 - Library Video Company)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
SciTE4AutoIt3 2/28/2010 (HKLM-x32\...\SciTE4AutoIt3) (Version: 2/28/2010 - Jos van der Zande)
Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
SEKONIC Data Transfer Software 3.0 (HKLM-x32\...\{6B5298BF-E2AD-495B-AF7F-DDA046F50027}) (Version: 3.0 - SEKONIC Corp.)
SEKONIC Lightmeter L-758Series (Driver Removal) (HKLM-x32\...\SK__COMM&0A41&7001) (Version: - )
Send to SmugMug (HKLM-x32\...\{8D445B72-D4AB-4769-A5AF-5056D9D019BD}) (Version: 1.3.0324 - Omar Shahine)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
skillpipe (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\skillpipe) (Version: 1.06.200140 - arvato hightech EMEA)
Skins (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony DVD Architect Pro 4.5 (HKLM-x32\...\{5E9C5450-8011-41E0-8725-4F0BD66B81AE}) (Version: 4.5.69 - Sony)
Sony Vegas Pro 8.0 (HKLM-x32\...\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}) (Version: 8.0.260 - Sony)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - )
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.2 - Topaz Labs, LLC)
Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Texture Effects (HKLM\...\Topaz Texture Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
Vern 3.22 (HKLM-x32\...\Vern_is1) (Version: 3.22 - One Guy Coding)
VGA USB Camera (HKLM-x32\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.2.0.0 - )
Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)
Virtual Machine Manager Self-Service Client (HKLM-x32\...\{0288C02B-0A3A-471A-8200-587620572B58}) (Version: 2.0.4271.0 - Microsoft Corporation)
Vista/XP Virtual Desktops (HKLM-x32\...\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}) (Version: 0.9.1.0 - Z-Systems)
VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
VMware Horizon View Client (HKLM\...\{EBE23A79-2626-4B4B-86A8-97230F06A5B3}) (Version: 3.0.0.19696 - VMware, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-1 - Wacom Technology Corp.)
Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.040 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version: - ) Hidden
WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
WD Drive Manager (x64) (HKLM\...\{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}) (Version: 2.115 - Western Digital)
WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
WinDirStat 1.1.2 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\WinDirStat) (Version: - )
Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {14C39499-4A79-4080-BBE6-B51ADA0E9082} - System32\Tasks\{9AF7342A-F42F-42C3-A300-340862FE3194} => C:\FTW\FTW.EXE [1998-09-17] (Brøderbund Software, Inc.
Banner Blue Division)
Task: {1E14F0E6-8E70-41EC-9EAD-2724B0CBF3B6} - System32\Tasks\{56C3B39C-E77D-4081-B455-EBA7EB1CD601} => pcalua.exe -a C:\Users\Jeff\Downloads\cociter.exe -d C:\Users\Jeff\Desktop
Task: {2B1DD010-EA90-4D62-820E-CD012538BCA2} - System32\Tasks\{B8312D1A-4857-42AC-884D-6FB4F2A6C19B} => pcalua.exe -a C:\Users\Jeff\Downloads\dotnetfx35setupSP1.exe -d C:\Users\Jeff\Downloads
Task: {2D666F3B-74AA-4914-9B07-36A9D0403975} - System32\Tasks\{933F148C-5019-491E-A4A0-6BB20FAD0105} => pcalua.exe -a C:\Users\Jeff\Downloads\slideshow_maker_45mb_d_en.exe -d C:\Users\Jeff\Desktop
Task: {313D3312-DFAE-48DC-AD80-4B061D8165BF} - System32\Tasks\{C35DAA89-86DA-4F1A-A3EC-BFC27133A48B} => pcalua.exe -a C:\Users\Jeff\Downloads\hcwsmd01_20032.exe -d C:\Users\Jeff\Desktop
Task: {36E80EDB-BAED-48E9-81A6-DC057588B903} - System32\Tasks\{45697DE5-242D-4D3F-8248-68DF8DB3D912} => pcalua.exe -a "D:\Install Lightroom 4.exe" -d D:\
Task: {399C2003-EA4B-44FA-8BF3-F4526B0B267D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {40A9EEC3-5FEA-4D52-81E3-92AD0E3D6A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {47DF9C11-F9B3-483E-B5BA-719852AE24F0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4BEAD903-61B3-4BEC-9F3A-B4E7023314F1} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Jeff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {57326AAD-50F4-4517-9120-75EF77FCEA74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6383BB6A-1FE0-49B2-B8E7-3AD3BA16CDC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {66674A80-4989-46E9-9346-30223B03CFED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {66D9A39F-25AB-429B-8BB8-643834FBE2E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {6E39FBF3-95C4-4412-9514-8090C89037A2} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMJJMJLJOMGMLMCNLJLMKJMJCNLMKMMMOJCNHMMJLJOMCNHMKMJMPMOJOJJJGMKMNJNMGMJNJICMIMCNNMCNIMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMOMJNHICMEKMICNJJCKJNBJCMFLKJJJJJJNKJCMJNNICMJNDJCMKJBJ"
Task: {727D097C-E562-4914-8ED8-D9FE563281F8} - System32\Tasks\{46755E17-0DC6-4100-B43C-46AD279088FD} => pcalua.exe -a E:\SETUP.EXE -d E:\
Task: {7A4B0DDA-8C49-4423-B573-5B0B6BC729FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {81FAF140-3A21-4E2C-B466-F023A2D741A7} - System32\Tasks\{08DBF19A-6BC6-490C-9BA5-CD82B7C78F6D} => pcalua.exe -a C:\Users\Jeff\Downloads\wintv6_cd_4.6b.exe -d C:\Users\Jeff\Desktop
Task: {8F33D62C-9BBC-47C1-AE32-824E01A6FE06} - System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {93567D90-0C07-441F-8BEF-CABE1001F101} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9869E0DF-5185-4F13-AA3B-BAAED867B8D3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {9C9E5BAE-F781-4FAC-8F9F-BEBD1E506977} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
Task: {A056C3E2-78D8-4300-B60B-9D932BED5AD8} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {AD134080-6506-4168-ADE7-0CFD9BF2FC69} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {B59B8B0B-0CEA-40CC-B224-1937361640E3} - System32\Tasks\{643D0E66-A340-4424-B106-695B0B8E3548} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {BAC89225-CF69-4EDA-BBEE-2F90C62E1EBC} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {C238768D-5022-44AE-B6E1-00520D5EC488} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {C2E6170F-12B5-42A9-A8FE-506F061E36A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {C5A4B991-CE2D-45C1-A81E-EDC8D5B91ACF} - System32\Tasks\{33985AE6-ABF7-49BD-A6D0-570EF5AAFD87} => pcalua.exe -a C:\Users\Jeff\Downloads\PandoraRecovery2.1.1Setup.exe -d C:\Users\Jeff\Desktop
Task: {D314A4F9-9074-4D09-BB4D-A9FA15B80FF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {D7CAE8B1-32C4-4E46-B059-1669EF7E65F2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {E7A12BE7-C61A-4EBA-84FF-6DEF9799E3FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EAFA5FE3-E028-4D8F-8BE6-FD7D2B5EFD42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {EB8F685F-E050-4A48-9B84-55B2754EE24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {EC0523FA-F443-4312-9C5E-7CB8E7F2CB0F} - System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {EC2CF75D-2D26-4AA6-AA64-16AC4A3F9856} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {F5D0A5B9-C0B2-4061-AE52-2B4B331C2EE4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {F7F7155E-13BF-4359-BEF7-4AB970ADF416} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FEA7D813-B4A6-4277-A942-20C58EEB3862} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

desono · Jun 16, 2016

And the second half:

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-07-06 10:11 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-24 18:26 - 2011-02-24 18:26 - 00028432 _____ () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
2011-02-24 18:26 - 2011-02-24 18:26 - 02674448 _____ () C:\Program Files\UCT\HDR Express\QtCore4.dll
2010-03-02 14:49 - 2010-03-02 14:49 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-06 19:28 - 2016-01-22 20:55 - 00569536 _____ () C:\Program Files\Adobe\Adobe Lightroom\AgKernel.dll
2015-04-06 19:31 - 2016-01-22 20:55 - 53322944 _____ () C:\Program Files\Adobe\Adobe Lightroom\libcef.dll
2015-04-06 19:30 - 2016-01-22 20:55 - 00730816 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFCore.dll
2015-04-06 19:30 - 2016-01-22 20:55 - 00242368 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFSQLite.dll
2015-04-06 19:30 - 2016-01-22 20:55 - 00095424 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFWeb.dll
2015-04-06 19:30 - 2016-01-22 20:55 - 01161408 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFOzClient.dll
2015-04-06 19:30 - 2016-01-22 20:55 - 00024768 _____ () C:\Program Files\Adobe\Adobe Lightroom\LightroomModels.dll
2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-04-06 19:29 - 2016-01-22 20:55 - 03505344 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\DNxHDCodec.dll
2014-10-18 19:28 - 2014-10-18 19:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c946902f86f692c9a47a6bb2905fe4b9\IsdiInterop.ni.dll
2014-10-15 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-08 21:21 - 2016-06-03 21:56 - 01745560 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
2016-06-08 21:21 - 2016-06-03 21:56 - 00091288 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libegl.dll
2012-03-09 16:26 - 2013-04-25 03:50 - 00108128 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\foxnews.com -> hxxps://login.foxnews.com
IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\insightexpressai.com -> hxxp://core.insightexpressai.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-06-15 07:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vern 3.2.lnk => C:\Windows\pss\Vern 3.2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: AdobeBridge =>
MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
MSCONFIG\startupreg: DellControlPoint => "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{7E2642A6-1CBE-4F3E-A165-6C6396A21A0B}] => (Allow) svchost.exe
FirewallRules: [{00D30A03-7981-49C8-A06B-2AC6F557FC85}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{11681934-85B2-40D7-BB61-3657091DDC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{55393ADC-B9F9-4F43-A2F2-C1A85BE27806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{9D1A5D7D-393A-4EC7-994C-EB3371E6989A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E1993CC7-06C4-4A1A-BEC6-8917C93F4B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D9BC1A1E-A474-4226-9E9D-986261E1782E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{0BA8FA54-4CF8-474D-8AD3-885679EFB71A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{C63C9E8C-B512-4E76-A257-24367759D0D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{55ED4F24-9C21-42E0-A0AE-05C204BE0630}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{BED09548-6639-4149-9044-080612191CE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{A1E3EE29-7C69-4880-BDB7-54306AE9FF6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{1787F2EF-CF1B-4103-A2DC-CFA5DF57DDB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{21AFD5FA-BF83-4DD0-8193-1564EB9414BD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{53741E3B-26D2-4A68-8661-B87022DDD86E}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2D29BBF8-734C-4F75-895D-BBD40421347F}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{62A6BB35-83D4-4AEE-B66C-2A798B155437}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{80232EF3-2EF6-4177-856D-617E3C15AB5B}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{59BBB991-694F-4D2E-BBAD-5172447ED5F1}] => (Allow) LPort=35722
FirewallRules: [TCP Query User{873E2A4C-7C49-4F15-86F8-08E5ADAD9E7A}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{436C7093-C20C-4508-9A6A-E11A08DC90AE}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{06173391-150C-467F-BE06-507A838F2AE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{167A83A8-0450-47E1-BCF8-2B388F40A0B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{133DCF9E-6621-4177-B06A-D80087DA81F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C2267703-0296-4D11-B3A7-BE9B1E0611D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{53383707-10A5-40AC-9F79-566F2A2DF800}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [UDP Query User{5CD1E5D5-53EC-4ECA-B592-1F1DA95F17BC}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
FirewallRules: [{AB34B557-3008-4CE2-92C8-AE4BD1C4834B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{254973CD-663A-41A7-91D3-50024F5DE7B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{6381E03F-B076-4E47-A024-F615199C6056}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{799B85B1-FE2B-4972-96D2-46D6D32F2556}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{EE83AD08-2A21-45D0-9103-33A216016C97}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{CA1F3E3F-201A-4829-AF2D-1F140D7E3476}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{D7799A5D-2444-4F22-A812-976F569DDFA9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A497E7E2-FE5B-4832-BC0B-1A4DB8645101}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1D54B8B1-736C-4F6A-830A-E611D43C60E9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{070FF34B-40F7-47FA-8E35-7ADE0E8C0D1D}] => (Allow) LPort=2869
FirewallRules: [{FADBCB46-0317-4F70-B507-C656C0062EFA}] => (Allow) LPort=1900
FirewallRules: [{9BBFB4C5-0926-4CD1-B6D8-FBE177AAE2F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9602CF13-D0D3-4553-BD71-9C76E0665123}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F71221F7-38F0-448B-9CEE-D6E35D8FA4B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{92DB92CE-05FB-4B5E-8E2F-E963A72AC679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C0395E0-8734-46EB-9632-8729466C585E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A4C1AF39-741E-41EF-8610-79A33A15D44C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FDC5B277-4F44-4BA1-BAF1-A66BB1830996}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C82EE142-2CE3-439D-A784-5F80025BA87A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{1F2E9E11-6CD1-4062-8D67-CE0524A9830D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EC03CB22-DC4E-4968-8F9F-707425B679FB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{397E8405-6F3A-48BE-8969-B82E4E055CF6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{13329A22-FA32-4882-BF87-39379D3277E9}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{92A2AD35-E9A6-430D-B3A1-00E5C7F74C96}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{08F3285D-C8E2-42C5-A0B6-56B1023BA095}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2016 10:35:36 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {58b6837a-a4f3-4c23-8b99-c1e6d337f5c3}

Error: (06/13/2016 01:05:59 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).

Error: (06/12/2016 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TdmNotify.exe, version: 3.3.3.104, time stamp: 0x4bb10672
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000001630000002c
Faulting process id: 0x1500
Faulting application start time: 0xTdmNotify.exe0
Faulting application path: TdmNotify.exe1
Faulting module path: TdmNotify.exe2
Report Id: TdmNotify.exe3

Error: (06/11/2016 10:31:08 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {57522d9f-dcbc-448b-893c-9755b5437e91}

Error: (06/09/2016 10:28:16 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/08/2016 10:26:35 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/07/2016 10:24:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/07/2016 12:13:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program tltextureeffects.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1808

Start Time: 01d1c0724126e1e7

Termination Time: 453

Application Path: C:\Program Files\Topaz Labs\Topaz Texture Effects\tltextureeffects.exe

Report Id: 3db77c2c-2c66-11e6-aecd-b8ac6f83267f

Error: (06/06/2016 10:23:21 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

Error: (06/06/2016 01:05:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).

System errors:
=============
Error: (06/15/2016 07:40:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/15/2016 07:39:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2016 07:39:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/15/2016 07:36:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/13/2016 07:40:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/12/2016 06:21:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0 = The operation completed successfully.

Error: (06/12/2016 01:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0 = The operation completed successfully.

Error: (06/12/2016 01:19:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/12/2016 01:16:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/12/2016 01:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0 = The operation completed successfully.

CodeIntegrity:
===================================
Date: 2016-06-15 07:39:43.951
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-15 07:39:43.801
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-15 07:39:43.651
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-15 07:39:43.501
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-12 13:19:31.045
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-06-12 13:19:30.905
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-02 20:24:08.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2012-05-23 16:46:11.268
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2011-11-13 19:52:46.479
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Xeon(R) CPU E5507 @ 2.27GHz
Percentage of memory in use: 22%
Total physical RAM: 18429.59 MB
Available physical RAM: 14213.58 MB
Total Virtual: 34811.79 MB
Available Virtual: 30981.73 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:232.78 GB) (Free:42.83 GB) NTFS
Drive g: (WD500gbHD001) (Fixed) (Total:465.46 GB) (Free:465.35 GB) NTFS
Drive h: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive I: (Seagate2TB0515) (Fixed) (Total:1863.01 GB) (Free:1086.11 GB) NTFS
Drive m: (NIKON D810 ) (Removable) (Total:59.62 GB) (Free:59.52 GB) exFAT
Drive p: (NIKON D700) (Removable) (Total:29.8 GB) (Free:25.84 GB) FAT32
Drive r: (500gbSamUSB) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
Drive u: (ClassOf2016) (Fixed) (Total:465.76 GB) (Free:96.26 GB) NTFS
Drive z: (Samsung500GB) (Fixed) (Total:465.76 GB) (Free:131.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 519EEA7C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E7E52D8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 78F30D47)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 305762D3)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49C5DE19)
Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C20DCE50)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 7 (Size: 59.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Broni · Jun 17, 2016

FRST reports:

ATTENTION: System Restore is disabled

Did you disable system restore for whatever reason?

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

desono · Jun 17, 2016

I have always disabled system restore since the early days of windows when it was a resource and cpu hog,

desono · Jun 17, 2016

Here is the fix log:

Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
Ran by Jeff (2016-06-17 07:29:25) Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully
HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found.
HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@safarimontage.com/smmp" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@safarimontage.com/smmpinfo" => key removed successfully
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn => path removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
catchme => service removed successfully
MSICDSetup => service removed successfully
NDSPCIIO => service removed successfully
NTIOLib_1_0_C => service removed successfully
C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs => moved successfully
C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs => moved successfully
C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs => moved successfully
C:\Users\Jeff\AppData\Roaming\Common => moved successfully
C:\Users\Jeff\AppData\Roaming\Compressor => moved successfully
C:\Users\Jeff\AppData\Roaming\Contextual Menu Items => moved successfully
C:\Users\Jeff\AppData\Roaming\Core Data Application => moved successfully
C:\Users\Jeff\AppData\Roaming\CustomDataViews => moved successfully
C:\Users\Jeff\AppData\Roaming\default.pls => moved successfully
C:\Users\Jeff\AppData\Roaming\Hybrid Morph => moved successfully
C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers => moved successfully
C:\Users\Jeff\AppData\Roaming\inst.exe => moved successfully
C:\Users\Jeff\AppData\Roaming\mbam.context.scan => moved successfully
C:\Users\Jeff\AppData\Roaming\pcouffin.cat => moved successfully
C:\Users\Jeff\AppData\Roaming\pcouffin.inf => moved successfully
C:\Users\Jeff\AppData\Roaming\pcouffin.log => moved successfully
C:\Users\Jeff\AppData\Roaming\pcouffin.sys => moved successfully
C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D} => moved successfully
C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini => moved successfully
C:\ProgramData\Contents => moved successfully
C:\ProgramData\Core Data Application => moved successfully
C:\ProgramData\Database => moved successfully
C:\ProgramData\ezsidmv.dat => moved successfully
C:\ProgramData\hpzinstall.log => moved successfully
C:\ProgramData\Image Units => moved successfully
C:\ProgramData\PKP_DLbw.DAT => moved successfully
C:\ProgramData\PKP_DLbx.DAT => moved successfully
C:\ProgramData\PKP_DLbz.DAT => moved successfully
C:\ProgramData\PKP_DLdu.DAT => moved successfully
C:\ProgramData\PKP_DLdw.DAT => moved successfully
C:\ProgramData\PKP_DLes.DAT => moved successfully
C:\ProgramData\PKP_DLet.DAT => moved successfully
C:\ProgramData\PKP_DLev.DAT => moved successfully
C:\ProgramData\Sci-Fi => moved successfully
"HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
C:\ProgramData\Nalpeiron => ":user.ns1" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns2" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns3" ADS removed successfully.
C:\ProgramData\Nalpeiron => ":user.ns4" ADS removed successfully.
C:\ProgramData\TEMP => ":888AFB86" ADS removed successfully.
C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT => ":4s14T5pQiArj1sPtLU0Wz9ZgIB48F" ADS removed successfully.
C:\Users\Jeff\AppData\Local\EOIjud2Q6cK => ":837Wgcbb9IcjIExsPTiuhc" ADS removed successfully.

==== End of Fixlog 07:29:26 ====

Broni · Jun 17, 2016

I have always disabled system restore since the early days of windows when it was a resource and cpu hog,

Do you keep proper backup then?

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center
Windows Update
Windows Defender
Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run
Click Next
Select I accept the terms in this license agreement, then click Next twice
Click Install
Click Finish to launch the program
Once the virus database has been updated click Start Scanning
If any threats are found click Details, then View log file... (bottom left hand corner)
Copy and paste the results in your reply
Close the Notepad document, close the Threat Details screen, then click Start cleanup
Click Exit to close the program

desono · Jun 18, 2016

SecurityCheck output:

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Security Suite
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Spyder3Elite
Spyder3Pro
Java 8 Update 45
Java version 32-bit out of Date!
Adobe Flash Player 22.0.0.192
Mozilla Firefox 40.0.2 Firefox out of Date!
Google Chrome (51.0.2704.103)
Google Chrome (51.0.2704.84)
Google Chrome (SetupMetrics.pma..)
````````Process Check: objlist.exe by Laurent````````
Jeff Desktop VirusStuff SecurityCheck.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

desono · Jun 18, 2016

Farbar service scanner info:

Farbar Service Scanner Version: 27-01-2016
Ran by Jeff (administrator) on 18-06-2016 at 09:37:47
Running from "C:\Users\Jeff\Desktop\VirusStuff"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

Solved Win 7 7000 tmp files in document folder

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Attachments

Posts: 22 +0

Posts: 22 +0

Posts: 56,041 +516

Posts: 22 +0

Posts: 22 +0

Similar threads