TechSpot

Win 7 7000 tmp files in document folder

By desono
Jun 12, 2016
  1. I had a "flash update" popup and the url was bogus, so I ran adwcleaner with nothing major reported, and then ran combofix when the combofix window started showing 1000's of tmp files being created in my documents folder. I killed combofix and deleted the majority of the tmp files, but am now concerned.

    here is my farbar report (with addition.txt) below it:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-06-2016 01
    Ran by Jeff (administrator) on JEFFDELL7 (12-06-2016 13:45:05)
    Running from C:\Users\Jeff\Downloads
    Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\ramaint.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
    (Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
    (Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
    (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\conathst.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2009-06-26] (WDC)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [Google Update] => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk [2016-05-01]
    ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2015-06-03]
    ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: 192.168.1.3 Alias.27 # WD SmartWare: uuid:73656761-7465-7375-636b-0090a9bc302f
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{84CDE727-683E-4465-9041-FAF78236A7A3}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DDF0C787-E6F5-492B-A749-D439F1422CBB}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://jefpix.smugmug.com/
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.nikoncafe.com/xenf/index.php?threads/new-retouch-of-gm-portrait-using-frequency-separation.278159/
    hxxp://www.dpreview.com/
    hxxps://500px.com/jeffhall
    hxxps://www.facebook.com/
    hxxp://nikonrumors.com/page/2/
    hxxp://www.foxnews.com/
    hxxp://www.foxbusiness.com/index.html
    SearchScopes: HKLM -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL =
    SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL =
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://I.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: HKLM-x32 {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253
    FF DefaultSearchEngine.US: Google
    FF Homepage: hxxp://jefpix.smugmug.com/
    hxxp://www.nikoncafe.com/xenf/index.php
    hxxp://www.dpreview.com/
    hxxp://www.foxnews.com/
    hxxp://www.foxbusiness.com/index.html
    hxxps://www.facebook.com/?_rdr=p
    hxxps://500px.com/jeffhall
    hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=2f057022a06ecb6f5b28627a7038fe48.yrnynmwhrp0a2l1myqooc0eqvbm?__reuse=1439169022981
    about:preferences#
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2010-03-17] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
    FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-04-03] (Library Video Company)
    FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
    FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-03-14] (Library Video Company)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-11-05]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-03-24]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-13] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://jefpix.smugmug.com/","hxxp://www.nikoncafe.com/xenf/index.php?forums/formal-portraits-and-weddings.38/","hxxp://www.dpreview.com/?utm_campaign=internal-link&utm_source=logo&utm_medium=image&ref=logo","hxxps://www.facebook.com/","hxxp://www.foxnews.com/","hxxp://www.foxbusiness.com/","hxxps://500px.com/jeffhall","hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=B5183A27A338AB5DA08424C7A045C20E.1y3RKxzw955Myi8IT0QTn_Mr-_4#&ref=!!%26app%3Dio.ox%2Fmail%26folder%3Ddefault0%2F%2FZrdr%26language%3Den_US%26user%3Djeff%2540designscience.com%26user_id%3D8","hxxps://www.pinterest.com/jeffh0297/","hxxps://twitter.com/jefhal"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll ()
    CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Entanglement Web App) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-08]
    CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-01]
    CHR Extension: (Porsche) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2014-04-30]
    CHR Extension: (Pin It Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-04]
    CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
    CHR Extension: (Image Properties Context Menu) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2013-07-01]
    CHR Extension: (Poppit!) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-08-07]
    CHR Extension: (Norton Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515952 2010-02-08] (Dell Inc.)
    R2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [28432 2011-02-24] ()
    S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
    R2 LMIGuardianSvc; C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-03-20] (LogMeIn, Inc.)
    R2 LMIMaint; C:\Program Files\LogMeIn\x64\RaMaint.exe [147336 2012-03-20] (LogMeIn, Inc.)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
    R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
    R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
    R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
    R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
    S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2013-04-09] (Hauppauge Computer Works, Inc.)
    S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1667328 2013-04-09] (Hauppauge Computer Works, Inc.)
    S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1669760 2013-04-09] (Hauppauge Computer Works, Inc.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160610.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
    R2 LMIInfo; C:\Program Files\LogMeIn\x64\RaInfo.sys [15928 2012-03-20] (LogMeIn, Inc.)
    S4 LMIRfsClientNP; no ImagePath
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
    R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160611.001\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160611.001\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
    S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
    R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
    R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-12 13:45 - 2016-06-12 13:45 - 00036863 _____ C:\Users\Jeff\Downloads\FRST.txt
    2016-06-12 13:44 - 2016-06-12 13:45 - 00000000 ____D C:\FRST
    2016-06-12 13:44 - 2016-06-12 13:44 - 02385408 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
    2016-06-12 13:34 - 2016-06-12 13:35 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2016-06-12 13:10 - 2016-06-12 13:19 - 00000000 ___SD C:\ComboFix
    2016-06-12 13:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-06-12 13:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-06-12 13:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2016-06-12 13:09 - 2016-06-12 13:10 - 00000000 ___SD C:\32788R22FWJFW
    2016-06-12 13:09 - 2016-06-12 13:10 - 00000000 ____D C:\Qoobox
    2016-06-12 13:09 - 2016-06-12 13:09 - 00000000 ____D C:\Windows\erdnt
    2016-06-12 09:00 - 2016-06-12 09:00 - 03677248 _____ C:\Users\Jeff\Downloads\AdwCleaner.exe
    2016-06-12 08:59 - 2016-06-12 08:59 - 05659224 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
    2016-06-06 18:07 - 2016-06-06 18:07 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iTunes
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iPod
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files (x86)\iTunes

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-12 13:41 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-12 13:41 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-12 13:38 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-12 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-06-12 13:32 - 2013-03-30 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-12 13:32 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-12 13:27 - 2014-07-12 14:29 - 00000000 ____D C:\Users\Jeff\AppData\OICE_15_974FA576_32C1D314_36C6
    2016-06-12 13:27 - 2012-10-27 14:37 - 00000000 ____D C:\Users\Jeff\AppData\Local\Eye-Fi
    2016-06-12 13:27 - 2010-11-11 16:58 - 00000000 ___RD C:\Users\Jeff\Documents\My Dropbox
    2016-06-12 13:19 - 2010-10-27 21:39 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
    2016-06-12 13:15 - 2013-03-30 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-12 13:10 - 2016-02-23 19:02 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    2016-06-12 13:10 - 2015-07-31 06:36 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-06-12 13:09 - 2010-06-10 23:09 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
    2016-06-12 13:07 - 2014-02-27 08:28 - 00000000 ____D C:\AdwCleaner
    2016-06-12 13:04 - 2013-04-13 12:37 - 00000000 ____D C:\Users\Jeff\Documents\Outlook Files
    2016-06-12 13:04 - 2010-06-10 21:56 - 00000000 ____D C:\Users\Jeff\Documents\Outlook
    2016-06-12 12:46 - 2014-02-27 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-12 12:24 - 2016-02-23 19:02 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    2016-06-12 02:00 - 2014-07-02 15:59 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
    2016-06-11 20:19 - 2010-10-27 21:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
    2016-06-11 17:59 - 2014-04-11 17:13 - 00000000 ____D C:\ProgramData\boost_interprocess
    2016-06-11 15:11 - 2011-03-18 17:48 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55487834-CFBF-4D2A-A92E-4F1FD9D6E17A}
    2016-06-08 21:21 - 2010-10-27 21:40 - 00002372 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-06 18:07 - 2014-02-11 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-06-03 14:56 - 2016-04-05 20:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-06-02 16:47 - 2011-02-10 19:12 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
    2016-05-27 17:17 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-05-27 17:16 - 2014-04-06 16:47 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\VMware
    2016-05-19 14:09 - 2016-02-23 19:02 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001
    2016-05-19 14:09 - 2016-02-23 19:02 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001

    ==================== Files in the root of some directories =======

    2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
    2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
    2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
    2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
    2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
    2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
    2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
    2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
    2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
    2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
    2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
    2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
    2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
    2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
    2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
    2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
    2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-24 00:32

    ==================== End of FRST.txt ============================
     
  2. desono

    desono TS Rookie Topic Starter Posts: 22

    I tried also posting the addition.txt file, but it was larger than allowed.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Split Addition.txt log between couple of replies.
     
  4. desono

    desono TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-06-2016 01
    Ran by Jeff (2016-06-12 13:45:40)
    Running from C:\Users\Jeff\Downloads
    Windows 7 Professional Service Pack 1 (X64) (2010-06-10 21:17:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2620986578-484658413-2464296446-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2620986578-484658413-2464296446-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2620986578-484658413-2464296446-1002 - Limited - Enabled)
    Jeff (S-1-5-21-2620986578-484658413-2464296446-1001 - Administrator - Enabled) => C:\Users\Jeff

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
    Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.4 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft Perfect365 (HKLM-x32\...\{5B5E949E-3924-45E3-9229-84E8270BED68}) (Version: 1.8.0.3 - ArcSoft, Inc.)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0710.1126 - )
    Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
    AutoIt v3.3.6.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    ccc-core-static (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    CDBurnerXP (HKLM-x32\...\{ADAA0C25-2E61-452B-895D-D2190C4C651D}) (Version: 4.4.2.3442 - Canneverbe Limited)
    Chk-Back v2.0 (HKLM-x32\...\{916DBF3C-7AA5-4679-AA58-3D6C166BDAAF}) (Version: 2.1.2 - TRC Data Recovery Ltd)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Cogitum Co-Citer (HKLM-x32\...\Cogitum Co-Citer) (Version: - )
    CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Lifeguard Diagnostic for Windows 1.22 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
    Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
    Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
    Dell ControlPoint System Manager (HKLM\...\{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}) (Version: 1.4.00001 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
    Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell System Detect (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
    DriveGLEAM V1.12 (HKLM-x32\...\DriveGLEAM_is1) (Version: - Svein Engelsgjerd)
    Dropbox (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
    Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.3 - Ashisoft)
    DVDFab 8.0.6.4 Beta (25/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
    DVDFab 8.1.1.2 (08/08/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
    EMBASSY Security Center Lite (Version: 04.01.00.044 - Wave Systems Corp) Hidden
    EMBASSY Security Center Lite (x32 Version: - ) Hidden
    EMBASSY Security Setup (Version: 04.01.00.043 - Wave Systems Corp) Hidden
    EMBASSY Security Setup (x32 Version: - ) Hidden
    ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
    ESC Home Page Plugin (x32 Version: - ) Hidden
    Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
    Family Tree Maker (HKLM-x32\...\FTW) (Version: - )
    File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
    FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
    Google Chrome (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 7.18.0.4962 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\GoToMeeting) (Version: 7.18.0.4962 - CitrixOnline)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
    HDR Express (HKLM-x32\...\HDR Express) (Version: 1.1.0.8138 - UCT)
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Scanjet G4000 Series (HKLM\...\{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}) (Version: 13.0 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
    Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    Image Trends' Fisheye-Hemi Plug-In 1.2.4 (HKLM-x32\...\{0004206C-AFF4-472E-9981-B443FAADA1D1}) (Version: 1.2.4 - Image Trends, Inc. )
    ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
    Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
    LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
    Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
    Macrium Reflect Free Edition (Version: 6.0.708 - Paramount Software (UK) Ltd.) Hidden
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    NEC MultiProfiler 1.3.40.00 (HKLM-x32\...\NEC MultiProfiler) (Version: 1.3.40.00 - NEC Display Solutions)
    NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
    NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )
    Noise Ninja 2 (Standalone Version) (HKLM-x32\...\Noise Ninja (Standalone Version)_is1) (Version: - PictureCode LLC)
    Noiseware Professional Edition (HKLM-x32\...\{554EB98C-D995-471F-8874-D2BA7BF5EB3E}) (Version: 2.6.0.1 - Imagenomic)
    Noiseware Standard Edition (HKLM-x32\...\{6897145C-B43D-415E-84F0-C273437104DA}) (Version: 2.6.0.1 - Imagenomic)
    Norton Security Suite (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
    NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
    Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Photomatix Pro version 4.1.4 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.4 - HDRsoft Sarl)
    Photomatix Pro version 5.0.1 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.1 - HDRsoft Ltd)
    PhotoSync (HKLM\...\{DEF45511-0EC2-46C1-97C2-899B8BE26ACF}) (Version: 1.6.0 - touchbyte GmbH)
    Photosynth 2.0110.0317.1042 (HKLM-x32\...\{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}) (Version: 2.0110.0317.1042 - Microsoft)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
    Picasa Uploader (x32 Version: 1.2 - UNKNOWN) Hidden
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
    Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
    PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PocketWizard Utility (HKLM-x32\...\{2277B360-CA52-4591-9913-D0E779583621}) (Version: 1.55 - LPA Design)
    PortraitPro Studio 15.4 (HKLM\...\PortraitProStudio15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
    Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
    PTLens (HKLM\...\{0238CC07-3B55-47B6-A159-3C4F2E25FB72}) (Version: 3.0.432 - ePaperPress)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RadLab v1.3.5 (HKLM-x32\...\RadLab_is1) (Version: - Totally Rad)
    Rainbow Folders (HKLM-x32\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    SAFARI Montage Media Player (HKLM-x32\...\{34BC6823-8AB0-466F-BA80-C4A48E66E343}) (Version: 5.7.2 - Library Video Company)
    Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    SciTE4AutoIt3 2/28/2010 (HKLM-x32\...\SciTE4AutoIt3) (Version: 2/28/2010 - Jos van der Zande)
    Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
    Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
    SEKONIC Data Transfer Software 3.0 (HKLM-x32\...\{6B5298BF-E2AD-495B-AF7F-DDA046F50027}) (Version: 3.0 - SEKONIC Corp.)
    SEKONIC Lightmeter L-758Series (Driver Removal) (HKLM-x32\...\SK__COMM&0A41&7001) (Version: - )
    Send to SmugMug (HKLM-x32\...\{8D445B72-D4AB-4769-A5AF-5056D9D019BD}) (Version: 1.3.0324 - Omar Shahine)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
    skillpipe (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\skillpipe) (Version: 1.06.200140 - arvato hightech EMEA)
    Skins (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sony DVD Architect Pro 4.5 (HKLM-x32\...\{5E9C5450-8011-41E0-8725-4F0BD66B81AE}) (Version: 4.5.69 - Sony)
    Sony Vegas Pro 8.0 (HKLM-x32\...\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}) (Version: 8.0.260 - Sony)
    Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - )
    Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
    Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
    Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
    Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
    Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
    Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
    Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.0 - Topaz Labs, LLC)
    Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
    Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.2 - Topaz Labs, LLC)
    Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
    Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
    Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
    Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
    Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
    Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
    Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs)
    Topaz Texture Effects (HKLM\...\Topaz Texture Effects) (Version: 1.1.0 - Topaz Labs, LLC)
    Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
    Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
    UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
    Vern 3.22 (HKLM-x32\...\Vern_is1) (Version: 3.22 - One Guy Coding)
    VGA USB Camera (HKLM-x32\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.2.0.0 - )
    Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)
    Virtual Machine Manager Self-Service Client (HKLM-x32\...\{0288C02B-0A3A-471A-8200-587620572B58}) (Version: 2.0.4271.0 - Microsoft Corporation)
    Vista/XP Virtual Desktops (HKLM-x32\...\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}) (Version: 0.9.1.0 - Z-Systems)
    VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
    VMware Horizon View Client (HKLM\...\{EBE23A79-2626-4B4B-86A8-97230F06A5B3}) (Version: 3.0.0.19696 - VMware, Inc.)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-1 - Wacom Technology Corp.)
    Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
    Wave Support Software (Version: 05.11.00.040 - Wave Systems Corp) Hidden
    Wave Support Software (x32 Version: - ) Hidden
    WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    WD Drive Manager (x64) (HKLM\...\{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}) (Version: 2.115 - Western Digital)
    WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\WinDirStat) (Version: - )
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
    XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {14C39499-4A79-4080-BBE6-B51ADA0E9082} - System32\Tasks\{9AF7342A-F42F-42C3-A300-340862FE3194} => C:\FTW\FTW.EXE [1998-09-17] (Brøderbund Software, Inc.
    Banner Blue Division)
    Task: {1E14F0E6-8E70-41EC-9EAD-2724B0CBF3B6} - System32\Tasks\{56C3B39C-E77D-4081-B455-EBA7EB1CD601} => pcalua.exe -a C:\Users\Jeff\Downloads\cociter.exe -d C:\Users\Jeff\Desktop
    Task: {2B1DD010-EA90-4D62-820E-CD012538BCA2} - System32\Tasks\{B8312D1A-4857-42AC-884D-6FB4F2A6C19B} => pcalua.exe -a C:\Users\Jeff\Downloads\dotnetfx35setupSP1.exe -d C:\Users\Jeff\Downloads
    Task: {2D666F3B-74AA-4914-9B07-36A9D0403975} - System32\Tasks\{933F148C-5019-491E-A4A0-6BB20FAD0105} => pcalua.exe -a C:\Users\Jeff\Downloads\slideshow_maker_45mb_d_en.exe -d C:\Users\Jeff\Desktop
    Task: {313D3312-DFAE-48DC-AD80-4B061D8165BF} - System32\Tasks\{C35DAA89-86DA-4F1A-A3EC-BFC27133A48B} => pcalua.exe -a C:\Users\Jeff\Downloads\hcwsmd01_20032.exe -d C:\Users\Jeff\Desktop
    Task: {36E80EDB-BAED-48E9-81A6-DC057588B903} - System32\Tasks\{45697DE5-242D-4D3F-8248-68DF8DB3D912} => pcalua.exe -a "D:\Install Lightroom 4.exe" -d D:\
    Task: {399C2003-EA4B-44FA-8BF3-F4526B0B267D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {40A9EEC3-5FEA-4D52-81E3-92AD0E3D6A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
    Task: {47DF9C11-F9B3-483E-B5BA-719852AE24F0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {4BEAD903-61B3-4BEC-9F3A-B4E7023314F1} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Jeff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {57326AAD-50F4-4517-9120-75EF77FCEA74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
    Task: {6383BB6A-1FE0-49B2-B8E7-3AD3BA16CDC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {66674A80-4989-46E9-9346-30223B03CFED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {66D9A39F-25AB-429B-8BB8-643834FBE2E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {6E39FBF3-95C4-4412-9514-8090C89037A2} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMJJMJLJOMGMLMCNLJLMKJMJCNLMKMMMOJCNHMMJLJOMCNHMKMJMPMOJOJJJGMKMNJNMGMJNJICMIMCNNMCNIMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMOMJNHICMEKMICNJJCKJNBJCMFLKJJJJJJNKJCMJNNICMJNDJCMKJBJ"
    Task: {727D097C-E562-4914-8ED8-D9FE563281F8} - System32\Tasks\{46755E17-0DC6-4100-B43C-46AD279088FD} => pcalua.exe -a E:\SETUP.EXE -d E:\
    Task: {7A4B0DDA-8C49-4423-B573-5B0B6BC729FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
     
  5. desono

    desono TS Rookie Topic Starter Posts: 22

    Part 2:


    Task: {81FAF140-3A21-4E2C-B466-F023A2D741A7} - System32\Tasks\{08DBF19A-6BC6-490C-9BA5-CD82B7C78F6D} => pcalua.exe -a C:\Users\Jeff\Downloads\wintv6_cd_4.6b.exe -d C:\Users\Jeff\Desktop
    Task: {8F33D62C-9BBC-47C1-AE32-824E01A6FE06} - System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {93567D90-0C07-441F-8BEF-CABE1001F101} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {9869E0DF-5185-4F13-AA3B-BAAED867B8D3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {9C9E5BAE-F781-4FAC-8F9F-BEBD1E506977} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
    Task: {A056C3E2-78D8-4300-B60B-9D932BED5AD8} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
    Task: {AA54BC45-2660-44CA-836C-1C998C688402} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.)
    Task: {AD134080-6506-4168-ADE7-0CFD9BF2FC69} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {B59B8B0B-0CEA-40CC-B224-1937361640E3} - System32\Tasks\{643D0E66-A340-4424-B106-695B0B8E3548} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {BAC89225-CF69-4EDA-BBEE-2F90C62E1EBC} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {C238768D-5022-44AE-B6E1-00520D5EC488} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
    Task: {C2E6170F-12B5-42A9-A8FE-506F061E36A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {C5A4B991-CE2D-45C1-A81E-EDC8D5B91ACF} - System32\Tasks\{33985AE6-ABF7-49BD-A6D0-570EF5AAFD87} => pcalua.exe -a C:\Users\Jeff\Downloads\PandoraRecovery2.1.1Setup.exe -d C:\Users\Jeff\Desktop
    Task: {D314A4F9-9074-4D09-BB4D-A9FA15B80FF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {E7A12BE7-C61A-4EBA-84FF-6DEF9799E3FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {EAFA5FE3-E028-4D8F-8BE6-FD7D2B5EFD42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
    Task: {EB8F685F-E050-4A48-9B84-55B2754EE24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {EC0523FA-F443-4312-9C5E-7CB8E7F2CB0F} - System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {EC2CF75D-2D26-4AA6-AA64-16AC4A3F9856} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
    Task: {F5D0A5B9-C0B2-4061-AE52-2B4B331C2EE4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {F7D4E940-3076-413E-81D2-A1D80B63FAF1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-02-26] (Symantec Corporation)
    Task: {F7F7155E-13BF-4359-BEF7-4AB970ADF416} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {FEA7D813-B4A6-4277-A942-20C58EEB3862} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-06 10:11 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-02-24 18:26 - 2011-02-24 18:26 - 00028432 _____ () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
    2011-02-24 18:26 - 2011-02-24 18:26 - 02674448 _____ () C:\Program Files\UCT\HDR Express\QtCore4.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2015-11-07 21:05 - 2015-10-02 18:21 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
    2010-03-02 14:49 - 2010-03-02 14:49 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
    2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00868352 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00266240 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00065536 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
    2010-07-26 22:17 - 2010-07-07 16:00 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
    2016-06-08 21:21 - 2016-06-03 21:56 - 01745560 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
    2016-06-08 21:21 - 2016-06-03 21:56 - 00091288 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libegl.dll
    2011-06-01 12:42 - 2011-06-01 12:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
    2011-06-01 12:46 - 2011-06-01 12:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
    2011-06-01 12:16 - 2011-06-01 12:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
    2011-06-01 12:16 - 2011-06-01 12:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
    2014-10-18 19:28 - 2014-10-18 19:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c946902f86f692c9a47a6bb2905fe4b9\IsdiInterop.ni.dll
    2014-10-15 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2016-06-08 21:21 - 2016-06-03 21:56 - 17565848 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
    AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\foxnews.com -> hxxps://login.foxnews.com
    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\insightexpressai.com -> hxxp://core.insightexpressai.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2013-02-18 08:42 - 00000906 ____N C:\Windows\system32\Drivers\etc\hosts

    192.168.1.3 Alias.27 # WD SmartWare: uuid:73656761-7465-7375-636b-0090a9bc302f

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vern 3.2.lnk => C:\Windows\pss\Vern 3.2.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    MSCONFIG\startupreg: DellControlPoint => "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{7E2642A6-1CBE-4F3E-A165-6C6396A21A0B}] => (Allow) svchost.exe
    FirewallRules: [{00D30A03-7981-49C8-A06B-2AC6F557FC85}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{11681934-85B2-40D7-BB61-3657091DDC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
    FirewallRules: [{55393ADC-B9F9-4F43-A2F2-C1A85BE27806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    FirewallRules: [{9D1A5D7D-393A-4EC7-994C-EB3371E6989A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{E1993CC7-06C4-4A1A-BEC6-8917C93F4B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{D9BC1A1E-A474-4226-9E9D-986261E1782E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{0BA8FA54-4CF8-474D-8AD3-885679EFB71A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{C63C9E8C-B512-4E76-A257-24367759D0D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{55ED4F24-9C21-42E0-A0AE-05C204BE0630}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{BED09548-6639-4149-9044-080612191CE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{A1E3EE29-7C69-4880-BDB7-54306AE9FF6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{1787F2EF-CF1B-4103-A2DC-CFA5DF57DDB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{21AFD5FA-BF83-4DD0-8193-1564EB9414BD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{53741E3B-26D2-4A68-8661-B87022DDD86E}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{2D29BBF8-734C-4F75-895D-BBD40421347F}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{62A6BB35-83D4-4AEE-B66C-2A798B155437}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{80232EF3-2EF6-4177-856D-617E3C15AB5B}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    FirewallRules: [{59BBB991-694F-4D2E-BBAD-5172447ED5F1}] => (Allow) LPort=35722
    FirewallRules: [TCP Query User{873E2A4C-7C49-4F15-86F8-08E5ADAD9E7A}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [UDP Query User{436C7093-C20C-4508-9A6A-E11A08DC90AE}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [{06173391-150C-467F-BE06-507A838F2AE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{167A83A8-0450-47E1-BCF8-2B388F40A0B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{133DCF9E-6621-4177-B06A-D80087DA81F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{C2267703-0296-4D11-B3A7-BE9B1E0611D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{53383707-10A5-40AC-9F79-566F2A2DF800}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [UDP Query User{5CD1E5D5-53EC-4ECA-B592-1F1DA95F17BC}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [{AB34B557-3008-4CE2-92C8-AE4BD1C4834B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{254973CD-663A-41A7-91D3-50024F5DE7B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{6381E03F-B076-4E47-A024-F615199C6056}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{799B85B1-FE2B-4972-96D2-46D6D32F2556}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{EE83AD08-2A21-45D0-9103-33A216016C97}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{CA1F3E3F-201A-4829-AF2D-1F140D7E3476}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{D7799A5D-2444-4F22-A812-976F569DDFA9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{A497E7E2-FE5B-4832-BC0B-1A4DB8645101}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{1D54B8B1-736C-4F6A-830A-E611D43C60E9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{070FF34B-40F7-47FA-8E35-7ADE0E8C0D1D}] => (Allow) LPort=2869
    FirewallRules: [{FADBCB46-0317-4F70-B507-C656C0062EFA}] => (Allow) LPort=1900
    FirewallRules: [{9BBFB4C5-0926-4CD1-B6D8-FBE177AAE2F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9602CF13-D0D3-4553-BD71-9C76E0665123}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F71221F7-38F0-448B-9CEE-D6E35D8FA4B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{92DB92CE-05FB-4B5E-8E2F-E963A72AC679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8C0395E0-8734-46EB-9632-8729466C585E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4C1AF39-741E-41EF-8610-79A33A15D44C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FDC5B277-4F44-4BA1-BAF1-A66BB1830996}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C82EE142-2CE3-439D-A784-5F80025BA87A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{1F2E9E11-6CD1-4062-8D67-CE0524A9830D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{EC03CB22-DC4E-4968-8F9F-707425B679FB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{397E8405-6F3A-48BE-8969-B82E4E055CF6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [TCP Query User{13329A22-FA32-4882-BF87-39379D3277E9}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{92A2AD35-E9A6-430D-B3A1-00E5C7F74C96}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{08F3285D-C8E2-42C5-A0B6-56B1023BA095}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/12/2016 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TdmNotify.exe, version: 3.3.3.104, time stamp: 0x4bb10672
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000001630000002c
    Faulting process id: 0x1500
    Faulting application start time: 0xTdmNotify.exe0
    Faulting application path: TdmNotify.exe1
    Faulting module path: TdmNotify.exe2
    Report Id: TdmNotify.exe3

    Error: (06/11/2016 10:31:08 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {57522d9f-dcbc-448b-893c-9755b5437e91}

    Error: (06/09/2016 10:28:16 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/08/2016 10:26:35 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/07/2016 10:24:57 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/07/2016 12:13:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program tltextureeffects.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1808

    Start Time: 01d1c0724126e1e7

    Termination Time: 453

    Application Path: C:\Program Files\Topaz Labs\Topaz Texture Effects\tltextureeffects.exe

    Report Id: 3db77c2c-2c66-11e6-aecd-b8ac6f83267f

    Error: (06/06/2016 10:23:21 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/06/2016 01:05:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).

    Error: (06/05/2016 10:19:54 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/04/2016 10:18:24 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}


    System errors:
    =============
    Error: (06/12/2016 01:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (06/12/2016 01:19:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/12/2016 01:16:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/12/2016 01:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0

    Error: (06/12/2016 01:07:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/12/2016 01:07:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

    Error: (06/12/2016 01:07:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VMware View USB service terminated unexpectedly. It has done this 1 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-06-12 13:19:31.045
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-12 13:19:30.905
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-02 20:24:08.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2012-05-23 16:46:11.268
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2011-11-13 19:52:46.479
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Xeon(R) CPU E5507 @ 2.27GHz
    Percentage of memory in use: 25%
    Total physical RAM: 18429.59 MB
    Available physical RAM: 13802.04 MB
    Total Virtual: 34811.79 MB
    Available Virtual: 29308.91 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:232.78 GB) (Free:43.3 GB) NTFS
    Drive g: (WD500gbHD001) (Fixed) (Total:465.46 GB) (Free:465.35 GB) NTFS
    Drive h: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive I: (Seagate2TB0515) (Fixed) (Total:1863.01 GB) (Free:1101.24 GB) NTFS
    Drive p: (NIKON D700) (Removable) (Total:29.8 GB) (Free:24.9 GB) FAT32
    Drive r: (500gbSamUSB) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
    Drive u: (ClassOf2016) (Fixed) (Total:465.76 GB) (Free:96.35 GB) NTFS
    Drive z: (Samsung500GB) (Fixed) (Total:465.76 GB) (Free:135.89 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 519EEA7C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E7E52D8)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 78F30D47)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 305762D3)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49C5DE19)
    Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C20DCE50)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 6 (Size: 29.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. desono

    desono TS Rookie Topic Starter Posts: 22

    RogueKiller found some things. Text below. malwarebytes found nothing at all.

    RogueKiller V12.3.3.0 [Jun 13 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jeff [Administrator]
    Started from : C:\Users\Jeff\Desktop\VirusStuff\RogueKiller.exe
    Mode : Delete -- Date : 06/13/2016 08:20:30

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 12 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://jefpix.smugmug.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://jefpix.smugmug.com/ -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Replaced (http://search.msn.com/spbasic.htm)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Replaced (1)
    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2 -> Replaced (1)

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 2 ¤¤¤
    [PUP][CHROME:Addon] Default : Poppit! [mcbkbpnkkkipelfledbfocopglifcfmi] -> Deleted
    [PUM.HomePage][FIREFX:Config] uf9kdf5y.default-1437932346253 : user_pref("browser.startup.homepage", "http://jefpix.smugmug.com/|http://w...qvbm?__reuse=1439169022981|about:preferences#"); -> Replaced (about:home)

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: Samsung SSD 840 Series ATA Device +++++
    --- User ---
    [MBR] 5c7aa8d2b478b047d639e873057ea8dc
    [BSP] 30c7620ff47ceb01f9c977aa508bc561 : HP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238371 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Samsung SSD 850 EVO 500GB ATA Device +++++
    --- User ---
    [MBR] 9cc211cc100c7b4db1821c7160af44d8
    [BSP] eecb5157a1919d000280e31edc4f6cd4 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Samsung SSD 850 EVO 500GB ATA Device +++++
    --- User ---
    [MBR] 06aaaa031253e7ce3151fed510382667
    [BSP] 0c4b4bbaba43b70bd519c331f500ca61 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive3: ST2000DM001-1ER164 ATA Device +++++
    --- User ---
    [MBR] b92f86ceac283696b626e13a1ee8f1d2
    [BSP] d38c2430610e47217dd9d19af3e4f4fb : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive4: WDC WD5000BEKT-75KA9T0 ATA Device +++++
    --- User ---
    [MBR] 85862f82d9b3eedbcd960316b8832cd7
    [BSP] 23540a2d4d4061af8fe6d7e363d85ffe : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476627 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 976134144 | Size: 300 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive5: ASMT 2115 USB Device +++++
    --- User ---
    [MBR] 9d2575297f62062007d193b9ff22cb51
    [BSP] f9e09db58861551adbb4ec50d1739158 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive6: Lexar CF Multi-Card R USB Device +++++
    --- User ---
    [MBR] 30bb239b419d20f393c783263dc5b8ef
    [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 30527 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive7: Lexar SD Multi-Card R USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive8: Lexar XD Multi-Card R USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive9: Lexar MS Multi-Card R USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive10: Lexar mSD Multi-Card R USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )
     
  8. desono

    desono TS Rookie Topic Starter Posts: 22

    Now running adwcleaner...
     
  9. desono

    desono TS Rookie Topic Starter Posts: 22

    ADWcleaner came back with:
    ---------------------------
    - AdwCleaner - Information -
    ---------------------------
    AdwCleaner found no malicious program on your computer !
    ---------------------------
    OK
    ---------------------------
     
  10. desono

    desono TS Rookie Topic Starter Posts: 22

    Here's the output of JRT:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 7 Professional x64
    Ran by Jeff (Administrator) on Mon 06/13/2016 at 12:45:14.03
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 213

    Successfully deleted: C:\Users\Jeff\AppData\Local\{101701C2-2F76-413E-AC2E-31264CB1CCEA} (Empty Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\{4BA3E05D-C72A-44BD-92E3-543FA57CB45B} (Empty Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\{4C826971-6020-4E90-9BEF-F5465FB6C3C0} (Empty Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\{934C83C2-DF73-4CA4-B831-3173D9CB53CC} (Empty Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\{E41A09C6-7D72-40B4-814B-6347F63A947F} (Empty Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal (File)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage (File)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File)
    Successfully deleted: C:\Users\Jeff\AppData\Roaming\red kawa (Folder)
    Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\Program Files (x86)\red kawa (Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B71V6JD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CGEJFKF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F6Z3KC3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QR4RSR8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WKN162I (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14WHH1TG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F7UBGRU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FAO7I3A (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OU3P71H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P3VV717 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24GUS04U (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z4Y3L2Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OOFTN64 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RLQHC9H (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XOE3BWB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQ647RS (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\665HR2RL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E9V9XXA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WGL4WW3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZRY811Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73W7Q6GV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FRZ0APT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZEHXMWR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NC1P60F (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RF2IA1P (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RQ2MTLD (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L97H4YC (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDZHJ67 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG25F83B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCG3XYO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPSGUUJJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ26J0RF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRBZOO3V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C05JJ9GK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLHATXD6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ1Q108B (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOWSZYI0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET6TBHD9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD463VW3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO34APH6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVH3QQ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAQRPZUZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHBX3WM1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIWGM4B1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HY8XYDIW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3H77XJL (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCGGEQOP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLRTHRXZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQW2OSF5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4D5GJNH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR069L29 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L10DRPPF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29QXCX1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDGR435Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEDBWPCP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHX31LH (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZQ8ZQHK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZX07L9E (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBMQI4YB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDO41QWO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVK9JZ2Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02EV4KK (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N71NFDS8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOK2LBY2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPDF2UVI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXCF1MM4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCI1JGTU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIX4AVV1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN5M1BP5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJR3YLB (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJGAHU21 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QM0VUKKU (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUJZ3CQN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2IFK1LO (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9UB40K (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6G97YV (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URTD7MN0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE2DIQDJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2TZOIT5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9CI1K2Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEBCB4LT (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGWFPMM (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92D8JGF (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9FUVZ7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2UU2DR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF704GRG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGGOFM5X (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQGMUEPI (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWQFFPVZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5HBOXTG (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBSBXOMP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTWXAZIJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOLSZ8FW (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV5LTLAR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZQ9WLK0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\prefetch\ENABLETOOLBARW32.EXE-535515F7.pf (File)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0B71V6JD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0CGEJFKF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0F6Z3KC3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0QR4RSR8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WKN162I (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\14WHH1TG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1F7UBGRU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FAO7I3A (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OU3P71H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P3VV717 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\24GUS04U (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2Z4Y3L2Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OOFTN64 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RLQHC9H (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3XOE3BWB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4EQ647RS (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\665HR2RL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6E9V9XXA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WGL4WW3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZRY811Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73W7Q6GV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FRZ0APT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ZEHXMWR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8NC1P60F (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RF2IA1P (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8RQ2MTLD (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9L97H4YC (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MDZHJ67 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AG25F83B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXCG3XYO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BPSGUUJJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BQ26J0RF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRBZOO3V (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C05JJ9GK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLHATXD6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CZ1Q108B (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOWSZYI0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET6TBHD9 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FD463VW3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FO34APH6 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FYVH3QQ3 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GAQRPZUZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHBX3WM1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HIWGM4B1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HY8XYDIW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3H77XJL (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JCGGEQOP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLRTHRXZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQW2OSF5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K4D5GJNH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR069L29 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L10DRPPF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L29QXCX1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDGR435Z (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEDBWPCP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LEHX31LH (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZQ8ZQHK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZX07L9E (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBMQI4YB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MDO41QWO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MVK9JZ2Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N02EV4KK (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N71NFDS8 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOK2LBY2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPDF2UVI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXCF1MM4 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCI1JGTU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIX4AVV1 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PN5M1BP5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEJR3YLB (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QJGAHU21 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QM0VUKKU (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QUJZ3CQN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S2IFK1LO (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF9UB40K (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO6G97YV (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\URTD7MN0 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VE2DIQDJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W2TZOIT5 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W9CI1K2Y (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEBCB4LT (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYGWFPMM (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X92D8JGF (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9FUVZ7V (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XC2UU2DR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF704GRG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGGOFM5X (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQGMUEPI (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XWQFFPVZ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y5HBOXTG (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YBSBXOMP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YTWXAZIJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZOLSZ8FW (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV5LTLAR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZQ9WLK0 (Temporary Internet Files Folder)



    Registry: 4

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8781E387-BF6E-48EE-8B0B-0A887B25AF6C} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9915F447-3FDA-4398-A5A1-380F467B3548} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 06/13/2016 at 12:48:20.09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  11. desono

    desono TS Rookie Topic Starter Posts: 22

    Sorry, missed the Mwb output:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 6/13/2016
    Scan Time: 8:23 AM
    Logfile: mwb.txt
    Administrator: Yes

    Version: 2.2.1.1043
    Malware Database: v2016.06.13.03
    Rootkit Database: v2016.05.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Jeff

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 439723
    Time Elapsed: 16 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  12. desono

    desono TS Rookie Topic Starter Posts: 22

    Adwcleaner(s1). txt contents:

    # AdwCleaner v3.022 - Report created 30/03/2014 at 22:26:41
    # Updated 13/03/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Jeff - JEFFDELL7
    # Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\c91xlb4u.default\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3321 octets] - [27/02/2014 08:54:03]
    AdwCleaner[R1].txt - [1004 octets] - [30/03/2014 22:25:27]
    AdwCleaner[S0].txt - [3403 octets] - [27/02/2014 08:56:03]
    AdwCleaner[S1].txt - [927 octets] - [30/03/2014 22:26:41]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [986 octets] ##########
    # AdwCleaner v5.119 - Logfile created 12/06/2016 at 09:22:44
    # Updated 30/05/2016 by Xplode
    # Database : 2016-06-12.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (X64)
    # Username : Jeff - JEFFDELL7
    # Running from : C:\Users\Jeff\Downloads\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****

    File Found : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\searchplugins\safesearch.xml
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uswhsalcds-a.akamaihd.net_0.localstorage
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_uswhsalcds-a.akamaihd.net_0.localstorage-journal
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_translation.babylon.com_0.localstorage-journal
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
    File Found : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
    Key Found : HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[R0].txt - [3321 bytes] - [27/02/2014 08:54:03]
    C:\AdwCleaner\AdwCleaner[R1].txt - [1004 bytes] - [30/03/2014 22:25:27]
    C:\AdwCleaner\AdwCleaner[R2].txt - [3181 bytes] - [02/07/2014 14:59:40]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1326 bytes] - [10/07/2014 16:57:47]
    C:\AdwCleaner\AdwCleaner[R4].txt - [2122 bytes] - [20/09/2014 15:33:45]
    C:\AdwCleaner\AdwCleaner[R5].txt - [3187 bytes] - [31/01/2015 18:45:11]
    C:\AdwCleaner\AdwCleaner[R6].txt - [1928 bytes] - [06/04/2015 15:10:56]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3403 bytes] - [27/02/2014 08:56:03]
    C:\AdwCleaner\AdwCleaner[S1].txt - [3732 bytes] - [30/03/2014 22:26:41]
    C:\AdwCleaner\AdwCleaner[S2].txt - [3081 bytes] - [02/07/2014 15:00:11]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1387 bytes] - [10/07/2014 16:59:11]
    C:\AdwCleaner\AdwCleaner[S4].txt - [2112 bytes] - [20/09/2014 15:39:51]
    C:\AdwCleaner\AdwCleaner[S5].txt - [3193 bytes] - [31/01/2015 18:48:44]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2000 bytes] - [06/04/2015 16:00:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4170 bytes] ##########
     
  13. desono

    desono TS Rookie Topic Starter Posts: 22

    Wrong Adwcleaner log. Here's the one from today. I don't know why the date at the very beginning is so old. The info from today is further down in this log below:


    # AdwCleaner v3.215 - Report created 10/07/2014 at 16:59:11
    # Updated 09/07/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : Jeff - JEFFDELL7
    # Running from : C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GRVHRS7\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17207


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\mtwvnln3.default-1403266605805\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [3321 octets] - [27/02/2014 08:54:03]
    AdwCleaner[R1].txt - [1004 octets] - [30/03/2014 22:25:27]
    AdwCleaner[R2].txt - [3181 octets] - [02/07/2014 14:59:40]
    AdwCleaner[R3].txt - [1326 octets] - [10/07/2014 16:57:47]
    AdwCleaner[S0].txt - [3403 octets] - [27/02/2014 08:56:03]
    AdwCleaner[S1].txt - [1065 octets] - [30/03/2014 22:26:41]
    AdwCleaner[S2].txt - [3081 octets] - [02/07/2014 15:00:11]
    AdwCleaner[S3].txt - [1247 octets] - [10/07/2014 16:59:11]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1307 octets] ##########
    # AdwCleaner v5.119 - Logfile created 13/06/2016 at 12:42:37
    # Updated 30/05/2016 by Xplode
    # Database : 2016-06-12.1 [Server]
    # Operating system : Windows 7 Professional Service Pack 1 (X64)
    # Username : Jeff - JEFFDELL7
    # Running from : C:\Users\Jeff\Desktop\VirusStuff\adwcleaner_5.119.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ WMI ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [3592 bytes] - [12/06/2016 13:07:25]
    C:\AdwCleaner\AdwCleaner[R0].txt - [3321 bytes] - [27/02/2014 08:54:03]
    C:\AdwCleaner\AdwCleaner[R1].txt - [1004 bytes] - [30/03/2014 22:25:27]
    C:\AdwCleaner\AdwCleaner[R2].txt - [3181 bytes] - [02/07/2014 14:59:40]
    C:\AdwCleaner\AdwCleaner[R3].txt - [1326 bytes] - [10/07/2014 16:57:47]
    C:\AdwCleaner\AdwCleaner[R4].txt - [2122 bytes] - [20/09/2014 15:33:45]
    C:\AdwCleaner\AdwCleaner[R5].txt - [3187 bytes] - [31/01/2015 18:45:11]
    C:\AdwCleaner\AdwCleaner[R6].txt - [1928 bytes] - [06/04/2015 15:10:56]
    C:\AdwCleaner\AdwCleaner[S0].txt - [3403 bytes] - [27/02/2014 08:56:03]
    C:\AdwCleaner\AdwCleaner[S1].txt - [4249 bytes] - [30/03/2014 22:26:41]
    C:\AdwCleaner\AdwCleaner[S2].txt - [6585 bytes] - [02/07/2014 15:00:11]
    C:\AdwCleaner\AdwCleaner[S3].txt - [2844 bytes] - [10/07/2014 16:59:11]
    C:\AdwCleaner\AdwCleaner[S4].txt - [2112 bytes] - [20/09/2014 15:39:51]
    C:\AdwCleaner\AdwCleaner[S5].txt - [3193 bytes] - [31/01/2015 18:48:44]
    C:\AdwCleaner\AdwCleaner[S6].txt - [2000 bytes] - [06/04/2015 16:00:18]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [3136 bytes] ##########
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. desono

    desono TS Rookie Topic Starter Posts: 22

    Combofix ran without problems this time (without making 7000 more empty files). Here is the combofix.txt contents:

    ComboFix 16-06-01.01 - Jeff 06/15/2016 7:33.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.18430.14960 [GMT -4:00]
    Running from: c:\users\Jeff\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    FW: Norton Security Suite *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
    SP: Norton Security Suite *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    ADS - Windows: deleted 0 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jeff\AppData\Roaming\1&1
    c:\users\Jeff\g2mdlhlpx.exe
    c:\windows\SysWow64\test
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-05-15 to 2016-06-15 )))))))))))))))))))))))))))))))
    .
    .
    2016-06-15 11:40 . 2016-06-15 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-06-15 11:40 . 2016-06-15 11:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2016-06-13 11:40 . 2016-06-13 11:40 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2016-06-13 11:40 . 2016-06-13 12:22 -------- d-----w- c:\programdata\RogueKiller
    2016-06-12 17:44 . 2016-06-12 17:46 -------- d-----w- C:\FRST
    2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files (x86)\iTunes
    2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files\iTunes
    2016-06-06 22:07 . 2016-06-06 22:07 -------- d-----w- c:\program files\iPod
    2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2016-05-27 19:19 . 2016-05-27 19:19 225976 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-06-13 17:21 . 2015-04-06 18:26 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2016-06-02 20:36 . 2010-06-13 18:08 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2016-06-02 20:36 . 2010-06-13 18:08 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2016-05-12 21:46 . 2012-04-13 11:58 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-05-12 21:46 . 2011-05-22 14:02 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-03-21 00:49 . 2016-03-21 00:49 0 ----a-w- c:\windows\invcol.tmp
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-07-14 16:57 1729752 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 130736 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF"="c:\users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe" [2016-06-04 941720]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
    "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2016-04-22 67384]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-03-30 377368]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2015-07-20 5564784]
    "StartCCC"="c:\program files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2015-08-22 767176]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Spyder3Utility.lnk - c:\program files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe [2010-7-26 7667970]
    TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 185192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u wsauth livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ADFilter.sys [x]
    R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ATV.sys [x]
    R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72DTV.sys [x]
    R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
    R3 NDSPCIIO;NDSPCIIO;c:\windows\system32\DRIVERS\NDSPCIIO64.SYS;c:\windows\SYSNATIVE\DRIVERS\NDSPCIIO64.SYS [x]
    R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
    R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    S0 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\system32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [x]
    S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\ccSetx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160614.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160614.001\IDSvia64.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1606000.08E\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1606000.08E\SYMNETS.SYS [x]
    S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
    S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
    S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 HDRExpressService;HDRExpressService;c:\program files\UCT\HDR Express\HDRExpressService.exe;c:\program files\UCT\HDR Express\HDRExpressService.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files\LogMeIn\x64\LMIGuardianSvc.exe [x]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x64\RaInfo.sys;c:\program files\LogMeIn\x64\RaInfo.sys [x]
    S2 N360;Norton 360;c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [x]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe;c:\windows\SysWOW64\nlssrv32.exe [x]
    S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
    S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    S2 vmware-view-usbd;VMware View USB;c:\program files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe;c:\program files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [x]
    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
    S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [x]
    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
    S2 wsnm;VMware View Client;c:\program files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe;c:\program files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [x]
    S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
    S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys;c:\windows\SYSNATIVE\DRIVERS\Spyder3.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-12-07 03:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:46]
    .
    2016-06-15 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    - c:\users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19 18:09]
    .
    2016-06-15 c:\windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    - c:\users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19 18:09]
    .
    2016-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 19:46]
    .
    2016-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-30 19:46]
    .
    2016-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
    - c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 16:45]
    .
    2016-06-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
    - c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 16:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2015-07-14 17:03 2335960 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2013-05-25 00:36 164016 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2010-03-29 17:00 60784 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2015-08-06 508240]
    "USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-06-01 176952]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office15\EXCEL.EXE/3000
    IE: Locate Spot on Map by GPS - c:\program files (x86)\Opanda\IExif 2.3\IExifMap.htm
    IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office15\ONBttnIE.dll/105
    IE: View Exif/GPS/IPTC with IExif - c:\program files (x86)\Opanda\IExif 2.3\IExifCom.htm
    Trusted Zone: dell.com
    Trusted Zone: foxnews.com\login
    Trusted Zone: foxnews.com\www
    Trusted Zone: insightexpressai.com\core
    TCP: DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    DPF: {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} - hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
    FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\
    FF - prefs.js: browser.startup.homepage - about:homeabout:home
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-ATIModeChange - Ati2mdxx.exe
    AddRemove-Cogitum Co-Citer - c:\windows\system32\msinfhlp.exe
    AddRemove-SK__COMM&0A41&7001 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SK__COMM&0A41&7001
    AddRemove-Videora iPod Converter - c:\program files (x86)\Red Kawa\Video Converter App\uninstaller.exe
    AddRemove-{1CDE9DB9-7D47-46F8-83DC-9DD9899BBBFC} - c:\programdata\{936A92B9-7D0F-45B4-92FF-5D18546D4189}\remask3_setup_ext.exe
    AddRemove-{8A1EBF29-7CF8-471E-B90B-95FF36AC8248} - c:\programdata\{0C544878-1DB6-409D-A998-0664599014C4}\simplify3_setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142\diMaster.dll\" /prefetch:1"
    "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS"
    "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\22.6.0.142;c:\program files (x86)\Norton Security Suite\Engine64\22.6.0.142"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.032"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.apd"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.bay"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.bw"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.bwf"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.caf"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.cdda"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.cel"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.cs1"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.dcx"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.djv"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.djvu"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.dng"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.fff"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.flc"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.fli"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.fpx"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.gsm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.icn"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.iff"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.ilbm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.int"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.inta"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.iw4"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.j2c"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.j2k"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jbr"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jfif"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jif"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    @Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
    "Progid"="ACDSee 14.jp2"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jpc"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jpk"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.jpx"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.kar"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.kdc"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.lbm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.m15"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.m1a"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.m2a"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.m4b"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.m75"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.mos"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.mpv"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pbr"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pcx"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pgm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pics"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pix"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.ppm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.psp"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.pspimage"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.qtpf"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.ras"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.raw"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.rgb"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.rgba"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.rsb"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.sdv"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.sfil"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.sgi"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.smf"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.sml"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.srw"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.swa"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.thm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Tiff"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (S-1-5-21-2620986578-484658413-2464296446-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="PhotoViewer.FileAssoc.Tiff"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.ulw"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.vfw"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.wbm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.wbmp"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.xbm"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.xif"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.xmp"
    .
    [HKEY_USERS\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 14.xpm"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_242_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.21"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_242.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
    "v5Licence0"="35-PYM2-S8N6-RFYY-9KYP-7VXH-TPFZTBS"
    "Activated"="Y"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\MSLicensing]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-06-15 07:43:06
    ComboFix-quarantined-files.txt 2016-06-15 11:43
    .
    Pre-Run: 46,057,558,016 bytes free
    Post-Run: 46,131,216,384 bytes free
    .
    - - End Of File - - FB1BCFB9411B708991C06D2F49FDCB12
    B1F7D7F6E4FBE98E578562A22A94D02C
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  17. desono

    desono TS Rookie Topic Starter Posts: 22

    Here's the latest farbar report:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-06-2016
    Ran by Jeff (administrator) on JEFFDELL7 (16-06-2016 07:28:31)
    Running from C:\Users\Jeff\Desktop\VirusStuff
    Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
    (Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    (ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x64\ramaint.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
    (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
    (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    (WDC) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
    (Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\n360.exe
    (Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\nacl64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
    (Google Inc.) C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe
    (Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkSupport\dynamiclink\CS6\dynamiclinkmanager.exe
    (Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\dynamiclinkmediaserver.exe
    (Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\32\Adobe QT32 Server.exe
    (Microsoft Corporation) C:\Windows\System32\wisptis.exe
    (Adobe Systems Incorporated ) C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS6\dynamiclinkmanager.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [ATIModeChange] => Ati2mdxx.exe
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [USCService] => C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-06-22] (Broadcom Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
    HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
    HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
    HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [WD Drive Manager] => C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [480768 2009-06-26] (WDC)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
    HKLM-x32\...\Run: [Seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2014-03-30] (Power Software Ltd)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
    HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
    HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe [941720 2016-06-03] (Google Inc.)
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\GPhotos.scr
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll [2010-03-29] (Wave Systems Corp.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk [2016-05-01]
    ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TdmNotify.lnk [2015-06-03]
    ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{84CDE727-683E-4465-9041-FAF78236A7A3}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DDF0C787-E6F5-492B-A749-D439F1422CBB}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> {8781E387-BF6E-48EE-8B0B-0A887B25AF6C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {9915F447-3FDA-4398-A5A1-380F467B3548} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1122&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
    BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-22] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-22] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} hxxp://I.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: HKLM-x32 {AA2FCC44-64E5-437A-AEDE-8854387EB9F4} hxxps://lod.ttsc.net/ActiveX/vmmctlax_i386.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253
    FF DefaultSearchEngine.US: Google
    FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
    FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
    FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-02] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-22] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-22] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-06-25] (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll [2010-03-17] ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
    FF Plugin-x32: @safarimontage.com/smmp64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [2013-04-03] (Library Video Company)
    FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
    FF Plugin-x32: @safarimontage.com/smmpinfo64 -> C:\Program Files (x86)\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [2013-03-14] (Library Video Company)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
    FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
    FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-23] (Citrix Online)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2620986578-484658413-2464296446-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-06-25] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
    FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
    FF Extension: Download YouTube Videos as MP4 - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\uf9kdf5y.default-1437932346253\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-11-05]
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon
    FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-03-24]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-02-13] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://jefpix.smugmug.com/","hxxp://www.nikoncafe.com/xenf/index.php?forums/formal-portraits-and-weddings.38/","hxxp://www.dpreview.com/?utm_campaign=internal-link&utm_source=logo&utm_medium=image&ref=logo","hxxps://www.facebook.com/","hxxp://www.foxnews.com/","hxxp://www.foxbusiness.com/","hxxps://500px.com/jeffhall","hxxps://webmailcluster.perfora.net/webmaillogin-us/;jsessionid=B5183A27A338AB5DA08424C7A045C20E.1y3RKxzw955Myi8IT0QTn_Mr-_4#&ref=!!%26app%3Dio.ox%2Fmail%26folder%3Ddefault0%2F%2FZrdr%26language%3Den_US%26user%3Djeff%2540designscience.com%26user_id%3D8","hxxps://www.pinterest.com/jeffh0297/","hxxps://twitter.com/jefhal"
    CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-13]
    CHR Extension: (Entanglement Web App) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-12-08]
    CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-13]
    CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-13]
    CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-13]
    CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
    CHR Extension: (Norton Security Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-01]
    CHR Extension: (Google Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-13]
    CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-13]
    CHR Extension: (Pin It Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-11-04]
    CHR Extension: (Norton Identity Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-29]
    CHR Extension: (Image Properties Context Menu) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khagclindddokccfbmfmckaflngbmpon [2013-07-01]
    CHR Extension: (Norton Safe) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
    CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-13]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-24]
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    StartMenuInternet: Google Chrome - C:\Users\Jeff\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [43072 2012-03-19] (ArcSoft, Inc.)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [515952 2010-02-08] (Dell Inc.)
    R2 HDRExpressService; C:\Program Files\UCT\HDR Express\HDRExpressService.exe [28432 2011-02-24] ()
    S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2008-12-06] (Hewlett-Packard Company) [File not signed]
    R2 LMIGuardianSvc; C:\Program Files\LogMeIn\x64\LMIGuardianSvc.exe [375176 2012-03-20] (LogMeIn, Inc.)
    R2 LMIMaint; C:\Program Files\LogMeIn\x64\RaMaint.exe [147336 2012-03-20] (LogMeIn, Inc.)
    R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
    R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed]
    R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3446224 2015-02-23] (Paramount Software UK Ltd)
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1558016 2010-02-03] (Wave Systems Corp.) [File not signed]
    S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () [File not signed]
    R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.)
    R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.)
    R2 WDBtnMgrSvc.exe; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [119296 2009-06-26] (WDC) [File not signed]
    R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.)
    S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.)
    R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-10-02] (Wacom Technology, Corp.)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-05-12] (Symantec Corporation)
    R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
    S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2013-04-09] (Hauppauge Computer Works, Inc.)
    S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1667328 2013-04-09] (Hauppauge Computer Works, Inc.)
    S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1669760 2013-04-09] (Hauppauge Computer Works, Inc.)
    R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\IPSDefs\20160615.001\IDSvia64.sys [876248 2016-05-24] (Symantec Corporation)
    R2 LMIInfo; C:\Program Files\LogMeIn\x64\RaInfo.sys [15928 2012-03-20] (LogMeIn, Inc.)
    S4 LMIRfsClientNP; no ImagePath
    R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160615.023\ENG64.SYS [138456 2016-05-16] (Symantec Corporation)
    R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\22.5.2.15\Definitions\VirusDefs\20160615.023\EX64.SYS [2148056 2016-05-16] (Symantec Corporation)
    S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
    R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
    R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-08] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-06-13] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-16 07:27 - 2016-06-16 07:27 - 02385920 _____ (Farbar) C:\Users\Jeff\Downloads\FRST64.exe
    2016-06-15 07:43 - 2016-06-15 07:43 - 00044702 _____ C:\ComboFix.txt
    2016-06-15 07:28 - 2016-06-15 07:28 - 05659224 ____R (Swearware) C:\Users\Jeff\Desktop\ComboFix.exe
    2016-06-14 12:13 - 2016-06-14 12:13 - 00386912 _____ (a16) C:\Users\Jeff\Downloads\FlashPlayer.exe
    2016-06-13 12:48 - 2016-06-13 12:48 - 00035202 _____ C:\Users\Jeff\Desktop\JRT.txt
    2016-06-13 07:40 - 2016-06-13 08:22 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-06-13 07:40 - 2016-06-13 07:40 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2016-06-13 07:36 - 2016-06-16 07:27 - 00000000 ____D C:\Users\Jeff\Desktop\VirusStuff
    2016-06-12 18:23 - 2016-06-12 18:24 - 00008192 _____ C:\Windows\SysWOW64\WDPABKP.dat
    2016-06-12 16:51 - 2016-06-12 16:51 - 22851472 _____ (Malwarebytes ) C:\Users\Jeff\Downloads\mbam-setup-2.2.1.1043.exe
    2016-06-12 13:44 - 2016-06-16 07:28 - 00000000 ____D C:\FRST
    2016-06-12 13:10 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-06-12 13:10 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-06-12 13:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
    2016-06-12 13:10 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
    2016-06-12 13:09 - 2016-06-15 07:43 - 00000000 ____D C:\Qoobox
    2016-06-12 13:09 - 2016-06-15 07:41 - 00000000 ____D C:\Windows\erdnt
    2016-06-12 09:00 - 2016-06-12 09:00 - 03677248 _____ C:\Users\Jeff\Downloads\AdwCleaner.exe
    2016-06-12 08:59 - 2016-06-12 08:59 - 05659224 ____R (Swearware) C:\Users\Jeff\Downloads\ComboFix.exe
    2016-06-06 18:07 - 2016-06-06 18:07 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iTunes
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files\iPod
    2016-06-06 18:07 - 2016-06-06 18:07 - 00000000 ____D C:\Program Files (x86)\iTunes

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-06-16 07:28 - 2013-04-13 12:37 - 00000000 ____D C:\Users\Jeff\Documents\Outlook Files
    2016-06-16 07:28 - 2010-06-10 21:56 - 00000000 ____D C:\Users\Jeff\Documents\Outlook
    2016-06-16 07:19 - 2010-10-27 21:39 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job
    2016-06-16 07:15 - 2013-03-30 14:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2016-06-16 07:10 - 2016-02-23 19:02 - 00000556 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    2016-06-16 06:46 - 2014-02-27 08:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2016-06-16 06:24 - 2016-02-23 19:02 - 00000652 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job
    2016-06-16 02:10 - 2011-03-18 17:48 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{55487834-CFBF-4D2A-A92E-4F1FD9D6E17A}
    2016-06-16 02:00 - 2014-07-02 15:59 - 00000000 ____D C:\Users\Jeff\AppData\Local\Adobe
    2016-06-16 01:40 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2016-06-16 01:40 - 2009-07-14 00:45 - 00025424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2016-06-15 20:19 - 2010-10-27 21:39 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job
    2016-06-15 18:15 - 2013-03-30 14:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2016-06-15 07:43 - 2014-04-22 15:29 - 00000000 ____D C:\Users\dub_cm_auto
    2016-06-15 07:40 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
    2016-06-15 07:39 - 2010-06-10 17:17 - 00000000 ____D C:\Users\Jeff
    2016-06-15 07:29 - 2015-07-31 06:36 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
    2016-06-13 18:41 - 2015-06-07 07:54 - 00000000 ___HD C:\Users\Jeff\Downloads\.picasaoriginals
    2016-06-13 18:41 - 2015-04-07 19:26 - 00000213 ____H C:\Users\Jeff\Downloads\.picasa.ini
    2016-06-13 13:21 - 2015-04-06 14:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2016-06-12 20:05 - 2014-04-11 17:13 - 00000000 ____D C:\ProgramData\boost_interprocess
    2016-06-12 18:27 - 2009-07-14 01:13 - 00786538 _____ C:\Windows\system32\PerfStringBackup.INI
    2016-06-12 18:27 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
    2016-06-12 18:21 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2016-06-12 16:52 - 2015-04-06 14:26 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-06-12 16:52 - 2015-04-06 14:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-06-12 16:52 - 2015-04-06 14:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-06-12 13:27 - 2014-07-12 14:29 - 00000000 ____D C:\Users\Jeff\AppData\OICE_15_974FA576_32C1D314_36C6
    2016-06-12 13:27 - 2012-10-27 14:37 - 00000000 ____D C:\Users\Jeff\AppData\Local\Eye-Fi
    2016-06-12 13:27 - 2010-11-11 16:58 - 00000000 ___RD C:\Users\Jeff\Documents\My Dropbox
    2016-06-12 13:09 - 2010-06-10 23:09 - 00000000 ____D C:\Users\Jeff\AppData\Local\CrashDumps
    2016-06-12 13:07 - 2014-02-27 08:28 - 00000000 ____D C:\AdwCleaner
    2016-06-08 21:21 - 2010-10-27 21:40 - 00002372 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-06-06 18:07 - 2014-02-11 19:55 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-06-03 14:56 - 2016-04-05 20:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-06-02 16:47 - 2011-02-10 19:12 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\vlc
    2016-05-27 17:17 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
    2016-05-27 17:16 - 2014-04-06 16:47 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\VMware
    2016-05-19 14:09 - 2016-02-23 19:02 - 00003678 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001
    2016-05-19 14:09 - 2016-02-23 19:02 - 00003582 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001

    ==================== Files in the root of some directories =======

    2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
    2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
    2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
    2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
    2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
    2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
    2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
    2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
    2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
    2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
    2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
    2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
    2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
    2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
    2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
    2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
    2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-04-24 00:32

    ==================== End of FRST.txt ============================
     
  18. desono

    desono TS Rookie Topic Starter Posts: 22

    And the first half of the Addition.txt file:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
    Ran by Jeff (2016-06-16 07:29:04)
    Running from C:\Users\Jeff\Desktop\VirusStuff
    Windows 7 Professional Service Pack 1 (X64) (2010-06-10 21:17:32)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2620986578-484658413-2464296446-500 - Administrator - Enabled) => C:\Users\Administrator
    Guest (S-1-5-21-2620986578-484658413-2464296446-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2620986578-484658413-2464296446-1002 - Limited - Enabled)
    Jeff (S-1-5-21-2620986578-484658413-2464296446-1001 - Administrator - Enabled) => C:\Users\Jeff

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton Security Suite (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton Security Suite (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
    FW: Norton Security Suite (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
    Adobe Color Common Settings (HKLM-x32\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
    Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
    Adobe ExtendScript Toolkit 2 (HKLM-x32\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
    Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
    Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.4 - Adobe Systems Incorporated)
    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
    Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    ArcSoft Perfect365 (HKLM-x32\...\{5B5E949E-3924-45E3-9229-84E8270BED68}) (Version: 1.8.0.3 - ArcSoft, Inc.)
    ASUS Ai Charger (HKLM-x32\...\{7FB64E72-9B0E-4460-A821-040C341E414A}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0710.1126 - )
    Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
    AutoIt v3.3.6.1 (HKLM-x32\...\AutoItv3) (Version: - AutoIt Team)
    AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
    BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
    BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
    ccc-core-static (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    CDBurnerXP (HKLM-x32\...\{ADAA0C25-2E61-452B-895D-D2190C4C651D}) (Version: 4.4.2.3442 - Canneverbe Limited)
    Chk-Back v2.0 (HKLM-x32\...\{916DBF3C-7AA5-4679-AA58-3D6C166BDAAF}) (Version: 2.1.2 - TRC Data Recovery Ltd)
    Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
    Cogitum Co-Citer (HKLM-x32\...\Cogitum Co-Citer) (Version: - )
    CPUID CPU-Z 1.72.1 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Data Lifeguard Diagnostic for Windows 1.22 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
    Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
    Dell Control Point 64 (Version: 1.6.468.86 - Broadcom Corporation) Hidden
    Dell ControlPoint Security Manager (HKLM-x32\...\{F4487649-7368-4217-AEA3-1E04DB3E2C5C}) (Version: 1.6.468.86 - Dell Inc.)
    Dell ControlPoint System Manager (HKLM\...\{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}) (Version: 1.4.00001 - Dell Inc.)
    Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
    Dell Embassy Trust Suite by Wave Systems (Version: 02.05.04.001 - Wave Systems Corp) Hidden
    Dell Security Device Driver Pack (HKLM-x32\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.056 - Dell Inc.)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
    Dell System Detect (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\73f463568823ebbe) (Version: 6.4.0.7 - Dell)
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
    DriveGLEAM V1.12 (HKLM-x32\...\DriveGLEAM_is1) (Version: - Svein Engelsgjerd)
    Dropbox (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
    Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.3 - Ashisoft)
    DVDFab 8.0.6.4 Beta (25/12/2010) (HKLM-x32\...\DVDFab 8_is1) (Version: - Fengtao Software Inc.)
    DVDFab 8.1.1.2 (08/08/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
    EMBASSY Security Center Lite (Version: 04.01.00.044 - Wave Systems Corp) Hidden
    EMBASSY Security Center Lite (x32 Version: - ) Hidden
    EMBASSY Security Setup (Version: 04.01.00.043 - Wave Systems Corp) Hidden
    EMBASSY Security Setup (x32 Version: - ) Hidden
    ESC Home Page Plugin (Version: 04.01.00.010 - Wave Systems Corp) Hidden
    ESC Home Page Plugin (x32 Version: - ) Hidden
    Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)
    Family Tree Maker (HKLM-x32\...\FTW) (Version: - )
    File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
    FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
    Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
    Google Chrome (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\Google Chrome) (Version: 51.0.2704.84 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
    GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
    GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
    HDR Express (HKLM-x32\...\HDR Express) (Version: 1.1.0.8138 - UCT)
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
    HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
    HP Scanjet G4000 Series (HKLM\...\{10297E58-2DFE-478B-9A1D-4B14E4E79CDF}) (Version: 13.0 - HP)
    HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    hpg4000 (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
    HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
    ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
    Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    Image Trends' Fisheye-Hemi Plug-In 1.2.4 (HKLM-x32\...\{0004206C-AFF4-472E-9981-B443FAADA1D1}) (Version: 1.2.4 - Image Trends, Inc. )
    ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
    Imagenomic Portraiture 2.3.3 Plug-in (build 2330) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - )
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
    Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
    IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
    iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.)
    Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0 - Millennia Corporation)
    LightScribe System Software 1.17.90.1 (HKLM-x32\...\{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}) (Version: 1.17.90.1 - LightScribe)
    Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
    Macrium Reflect Free Edition (Version: 6.0.708 - Paramount Software (UK) Ltd.) Hidden
    Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version: - MiniTool Solution Ltd.)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
    NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
    NEC MultiProfiler 1.3.40.00 (HKLM-x32\...\NEC MultiProfiler) (Version: 1.3.40.00 - NEC Display Solutions)
    NEF Codec (HKLM-x32\...\{D6506521-0959-4FA3-875F-E2E28830B0D2}) (Version: 1.00.0000 - Nikon)
    Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
    NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )
    Noise Ninja 2 (Standalone Version) (HKLM-x32\...\Noise Ninja (Standalone Version)_is1) (Version: - PictureCode LLC)
    Noiseware Professional Edition (HKLM-x32\...\{554EB98C-D995-471F-8874-D2BA7BF5EB3E}) (Version: 2.6.0.1 - Imagenomic)
    Noiseware Standard Edition (HKLM-x32\...\{6897145C-B43D-415E-84F0-C273437104DA}) (Version: 2.6.0.1 - Imagenomic)
    Norton Security Suite (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
    NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
    Opanda IExif 2.3 (HKLM-x32\...\Opanda IExif_is1) (Version: 2.3 - Opanda Studio)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    Photomatix Pro version 4.1.4 (HKLM\...\PhotomatixPro41x64_is1) (Version: 4.1.4 - HDRsoft Sarl)
    Photomatix Pro version 5.0.1 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.1 - HDRsoft Ltd)
    PhotoSync (HKLM\...\{DEF45511-0EC2-46C1-97C2-899B8BE26ACF}) (Version: 1.6.0 - touchbyte GmbH)
    Photosynth 2.0110.0317.1042 (HKLM-x32\...\{E14D6A39-96CA-44DF-9FC7-EB17BC9E2F73}) (Version: 2.0110.0317.1042 - Microsoft)
    Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Picasa Uploader (HKLM-x32\...\com.webkinesis.PicasaUploaderDesktop) (Version: 1.2 - UNKNOWN)
    Picasa Uploader (x32 Version: 1.2 - UNKNOWN) Hidden
    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)
    Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.0 - Nikon)
    PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PocketWizard Utility (HKLM-x32\...\{2277B360-CA52-4591-9913-D0E779583621}) (Version: 1.55 - LPA Design)
    PortraitPro Studio 15.4 (HKLM\...\PortraitProStudio15_is1) (Version: 15.4 - Anthropics Technology Ltd.)
    PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 5.9 - Power Software Ltd)
    Preboot Manager (Version: 03.01.00.084 - Wave Systems Corp.) Hidden
    PTLens (HKLM\...\{0238CC07-3B55-47B6-A159-3C4F2E25FB72}) (Version: 3.0.432 - ePaperPress)
    QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RadLab v1.3.5 (HKLM-x32\...\RadLab_is1) (Version: - Totally Rad)
    Rainbow Folders (HKLM-x32\...\{2AEA17BA-FAB3-49D2-BB85-0669D14DC9BC}_is1) (Version: 2.05 - Piotr Chodzinski)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    SAFARI Montage Media Player (HKLM-x32\...\{34BC6823-8AB0-466F-BA80-C4A48E66E343}) (Version: 5.7.2 - Library Video Company)
    Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.5 - Samsung)
    Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
    SciTE4AutoIt3 2/28/2010 (HKLM-x32\...\SciTE4AutoIt3) (Version: 2/28/2010 - Jos van der Zande)
    Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
    Seagate File Recovery for Windows 2.0 (HKLM-x32\...\Seagate File Recovery for WindowsNSIS) (Version: 2.0.9835 - Seagate)
    SEKONIC Data Transfer Software 3.0 (HKLM-x32\...\{6B5298BF-E2AD-495B-AF7F-DDA046F50027}) (Version: 3.0 - SEKONIC Corp.)
    SEKONIC Lightmeter L-758Series (Driver Removal) (HKLM-x32\...\SK__COMM&0A41&7001) (Version: - )
    Send to SmugMug (HKLM-x32\...\{8D445B72-D4AB-4769-A5AF-5056D9D019BD}) (Version: 1.3.0324 - Omar Shahine)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
    skillpipe (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\skillpipe) (Version: 1.06.200140 - arvato hightech EMEA)
    Skins (x32 Version: 2009.0710.1127.18698 - ATI) Hidden
    Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
    Sony DVD Architect Pro 4.5 (HKLM-x32\...\{5E9C5450-8011-41E0-8725-4F0BD66B81AE}) (Version: 4.5.69 - Sony)
    Sony Vegas Pro 8.0 (HKLM-x32\...\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}) (Version: 8.0.260 - Sony)
    Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - )
    Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
    Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
    Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
    Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
    Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
    Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.1.0 - Topaz Labs, LLC)
    Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.0 - Topaz Labs, LLC)
    Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
    Topaz Impression (HKLM\...\Topaz Impression) (Version: 1.1.2 - Topaz Labs, LLC)
    Topaz ReMask 4 (HKLM-x32\...\Topaz ReMask 4) (Version: 4.0.0 - Topaz Labs, LLC)
    Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.0 - Topaz Labs, LLC)
    Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
    Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
    Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
    Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
    Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs)
    Topaz Texture Effects (HKLM\...\Topaz Texture Effects) (Version: 1.1.0 - Topaz Labs, LLC)
    Trusted Drive Manager (Version: 3.3.3.104 - Wave Systems Corp.) Hidden
    Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version: - Microsoft)
    UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden
    Vern 3.22 (HKLM-x32\...\Vern_is1) (Version: 3.22 - One Guy Coding)
    VGA USB Camera (HKLM-x32\...\{F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}) (Version: 1.2.0.0 - )
    Videora iPod Converter 6 (HKLM-x32\...\Videora iPod Converter) (Version: 6 - Red Kawa)
    Virtual Machine Manager Self-Service Client (HKLM-x32\...\{0288C02B-0A3A-471A-8200-587620572B58}) (Version: 2.0.4271.0 - Microsoft Corporation)
    Vista/XP Virtual Desktops (HKLM-x32\...\{F4735C64-9A74-4E48-894B-1CA5D83B99C8}) (Version: 0.9.1.0 - Z-Systems)
    VLC media player 1.1.5 (HKLM-x32\...\VLC media player) (Version: 1.1.5 - VideoLAN)
    VMware Horizon View Client (HKLM\...\{EBE23A79-2626-4B4B-86A8-97230F06A5B3}) (Version: 3.0.0.19696 - VMware, Inc.)
    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-1 - Wacom Technology Corp.)
    Wave Infrastructure Installer (Version: 07.65.31.0000 - Wave Systems Corp) Hidden
    Wave Support Software (Version: 05.11.00.040 - Wave Systems Corp) Hidden
    Wave Support Software (x32 Version: - ) Hidden
    WD Diagnostics (HKLM-x32\...\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}) (Version: 1.09.0002 - Western Digital Technologies)
    WD Drive Manager (x64) (HKLM\...\{D2CBDAE4-0D71-4A61-A565-CA8A26026C6C}) (Version: 2.115 - Western Digital)
    WD Quick View (HKLM-x32\...\{5AEBFB66-61FE-4833-ACE3-E966980E40D5}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare (HKLM\...\{739778ED-D095-4725-BF78-ADFF96004C52}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WD SmartWare Installer (HKLM-x32\...\{e72369b3-306a-4d10-a766-3433a65e8dc2}) (Version: 2.4.14.13 - Western Digital Technologies, Inc.)
    WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
    WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
    WinDFT (HKLM-x32\...\{065F384A-5C64-4532-814A-A24BA5374503}) (Version: 1.0.0 - HGST)
    WinDirStat 1.1.2 (HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\WinDirStat) (Version: - )
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
    WinZip 14.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}) (Version: 14.5.9095 - WinZip Computing, S.L. )
    XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4419\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {14C39499-4A79-4080-BBE6-B51ADA0E9082} - System32\Tasks\{9AF7342A-F42F-42C3-A300-340862FE3194} => C:\FTW\FTW.EXE [1998-09-17] (Brøderbund Software, Inc.
    Banner Blue Division)
    Task: {1E14F0E6-8E70-41EC-9EAD-2724B0CBF3B6} - System32\Tasks\{56C3B39C-E77D-4081-B455-EBA7EB1CD601} => pcalua.exe -a C:\Users\Jeff\Downloads\cociter.exe -d C:\Users\Jeff\Desktop
    Task: {2B1DD010-EA90-4D62-820E-CD012538BCA2} - System32\Tasks\{B8312D1A-4857-42AC-884D-6FB4F2A6C19B} => pcalua.exe -a C:\Users\Jeff\Downloads\dotnetfx35setupSP1.exe -d C:\Users\Jeff\Downloads
    Task: {2D666F3B-74AA-4914-9B07-36A9D0403975} - System32\Tasks\{933F148C-5019-491E-A4A0-6BB20FAD0105} => pcalua.exe -a C:\Users\Jeff\Downloads\slideshow_maker_45mb_d_en.exe -d C:\Users\Jeff\Desktop
    Task: {313D3312-DFAE-48DC-AD80-4B061D8165BF} - System32\Tasks\{C35DAA89-86DA-4F1A-A3EC-BFC27133A48B} => pcalua.exe -a C:\Users\Jeff\Downloads\hcwsmd01_20032.exe -d C:\Users\Jeff\Desktop
    Task: {36E80EDB-BAED-48E9-81A6-DC057588B903} - System32\Tasks\{45697DE5-242D-4D3F-8248-68DF8DB3D912} => pcalua.exe -a "D:\Install Lightroom 4.exe" -d D:\
    Task: {399C2003-EA4B-44FA-8BF3-F4526B0B267D} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    Task: {40A9EEC3-5FEA-4D52-81E3-92AD0E3D6A90} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
    Task: {47DF9C11-F9B3-483E-B5BA-719852AE24F0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {4BEAD903-61B3-4BEC-9F3A-B4E7023314F1} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Jeff => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {57326AAD-50F4-4517-9120-75EF77FCEA74} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
    Task: {6383BB6A-1FE0-49B2-B8E7-3AD3BA16CDC8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {66674A80-4989-46E9-9346-30223B03CFED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {66D9A39F-25AB-429B-8BB8-643834FBE2E9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {6E39FBF3-95C4-4412-9514-8090C89037A2} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMMMMMJJMJLJOMGMLMCNLJLMKJMJCNLMKMMMOJCNHMMJLJOMCNHMKMJMPMOJOJJJGMKMNJNMGMJNJICMIMCNNMCNIMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMOMJNHICMEKMICNJJCKJNBJCMFLKJJJJJJNKJCMJNNICMJNDJCMKJBJ"
    Task: {727D097C-E562-4914-8ED8-D9FE563281F8} - System32\Tasks\{46755E17-0DC6-4100-B43C-46AD279088FD} => pcalua.exe -a E:\SETUP.EXE -d E:\
    Task: {7A4B0DDA-8C49-4423-B573-5B0B6BC729FD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {81FAF140-3A21-4E2C-B466-F023A2D741A7} - System32\Tasks\{08DBF19A-6BC6-490C-9BA5-CD82B7C78F6D} => pcalua.exe -a C:\Users\Jeff\Downloads\wintv6_cd_4.6b.exe -d C:\Users\Jeff\Desktop
    Task: {8F33D62C-9BBC-47C1-AE32-824E01A6FE06} - System32\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {93567D90-0C07-441F-8BEF-CABE1001F101} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {9869E0DF-5185-4F13-AA3B-BAAED867B8D3} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    Task: {9C9E5BAE-F781-4FAC-8F9F-BEBD1E506977} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
    Task: {A056C3E2-78D8-4300-B60B-9D932BED5AD8} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
    Task: {AD134080-6506-4168-ADE7-0CFD9BF2FC69} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {B59B8B0B-0CEA-40CC-B224-1937361640E3} - System32\Tasks\{643D0E66-A340-4424-B106-695B0B8E3548} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {BAC89225-CF69-4EDA-BBEE-2F90C62E1EBC} - System32\Tasks\AdobeAAMUpdater-1.0-JeffDell7-Administrator => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
    Task: {C238768D-5022-44AE-B6E1-00520D5EC488} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
    Task: {C2E6170F-12B5-42A9-A8FE-506F061E36A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {C5A4B991-CE2D-45C1-A81E-EDC8D5B91ACF} - System32\Tasks\{33985AE6-ABF7-49BD-A6D0-570EF5AAFD87} => pcalua.exe -a C:\Users\Jeff\Downloads\PandoraRecovery2.1.1Setup.exe -d C:\Users\Jeff\Desktop
    Task: {D314A4F9-9074-4D09-BB4D-A9FA15B80FF3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {D7CAE8B1-32C4-4E46-B059-1669EF7E65F2} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security Suite\Upgrade.exe [2016-02-26] (Symantec Corporation)
    Task: {E7A12BE7-C61A-4EBA-84FF-6DEF9799E3FB} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {EAFA5FE3-E028-4D8F-8BE6-FD7D2B5EFD42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
    Task: {EB8F685F-E050-4A48-9B84-55B2754EE24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
    Task: {EC0523FA-F443-4312-9C5E-7CB8E7F2CB0F} - System32\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe [2016-05-19] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {EC2CF75D-2D26-4AA6-AA64-16AC4A3F9856} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
    Task: {F5D0A5B9-C0B2-4061-AE52-2B4B331C2EE4} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2620986578-484658413-2464296446-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
    Task: {F7F7155E-13BF-4359-BEF7-4AB970ADF416} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {FEA7D813-B4A6-4277-A942-20C58EEB3862} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\22.6.0.142\SymErr.exe [2016-02-10] (Symantec Corporation)
     
  19. desono

    desono TS Rookie Topic Starter Posts: 22

    And the second half:

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupdate.exe
    Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2620986578-484658413-2464296446-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4962\g2mupload.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001Core.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2620986578-484658413-2464296446-1001UA.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-06 10:11 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
    2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2011-02-24 18:26 - 2011-02-24 18:26 - 00028432 _____ () C:\Program Files\UCT\HDR Express\HDRExpressService.exe
    2011-02-24 18:26 - 2011-02-24 18:26 - 02674448 _____ () C:\Program Files\UCT\HDR Express\QtCore4.dll
    2010-03-02 14:49 - 2010-03-02 14:49 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
    2008-11-12 13:24 - 2008-11-12 13:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2015-04-06 19:28 - 2016-01-22 20:55 - 00569536 _____ () C:\Program Files\Adobe\Adobe Lightroom\AgKernel.dll
    2015-04-06 19:31 - 2016-01-22 20:55 - 53322944 _____ () C:\Program Files\Adobe\Adobe Lightroom\libcef.dll
    2015-04-06 19:30 - 2016-01-22 20:55 - 00730816 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFCore.dll
    2015-04-06 19:30 - 2016-01-22 20:55 - 00242368 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFSQLite.dll
    2015-04-06 19:30 - 2016-01-22 20:55 - 00095424 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFWeb.dll
    2015-04-06 19:30 - 2016-01-22 20:55 - 01161408 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFOzClient.dll
    2015-04-06 19:30 - 2016-01-22 20:55 - 00024768 _____ () C:\Program Files\Adobe\Adobe Lightroom\LightroomModels.dll
    2010-01-02 10:42 - 2010-01-02 10:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
    2015-04-06 19:29 - 2016-01-22 20:55 - 03505344 _____ () C:\Program Files\Adobe\Adobe Lightroom\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver\1.0\DNxHDCodec.dll
    2014-10-18 19:28 - 2014-10-18 19:28 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\c946902f86f692c9a47a6bb2905fe4b9\IsdiInterop.ni.dll
    2014-10-15 18:47 - 2010-11-05 23:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-06-08 21:21 - 2016-06-03 21:56 - 01745560 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libglesv2.dll
    2016-06-08 21:21 - 2016-06-03 21:56 - 00091288 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\Application\51.0.2704.84\libegl.dll
    2012-03-09 16:26 - 2013-04-25 03:50 - 00108128 _____ () C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
    2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
    AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\dell.com -> dell.com
    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\foxnews.com -> hxxps://login.foxnews.com
    IE trusted site: HKU\S-1-5-21-2620986578-484658413-2464296446-1001\...\insightexpressai.com -> hxxp://core.insightexpressai.com

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2016-06-15 07:40 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk => C:\Windows\pss\AutoStart IR.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Vern 3.2.lnk => C:\Windows\pss\Vern 3.2.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Jeff^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
    MSCONFIG\startupreg: AdobeBridge =>
    MSCONFIG\startupreg: ASUS Ai Charger => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
    MSCONFIG\startupreg: DellControlPoint => "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
    MSCONFIG\startupreg: Google Update => "C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x64\LogMeInSystray.exe"
    MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    MSCONFIG\startupreg: Nikon Transfer Monitor => C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
    MSCONFIG\startupreg: PAC7302_Monitor => C:\Windows\PixArt\PAC7302\Monitor.exe
    MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
    MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Jeff\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\realplayer\update\realsched.exe" -osboot

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
    FirewallRules: [{7E2642A6-1CBE-4F3E-A165-6C6396A21A0B}] => (Allow) svchost.exe
    FirewallRules: [{00D30A03-7981-49C8-A06B-2AC6F557FC85}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
    FirewallRules: [{11681934-85B2-40D7-BB61-3657091DDC85}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
    FirewallRules: [{55393ADC-B9F9-4F43-A2F2-C1A85BE27806}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    FirewallRules: [{9D1A5D7D-393A-4EC7-994C-EB3371E6989A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{E1993CC7-06C4-4A1A-BEC6-8917C93F4B97}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{D9BC1A1E-A474-4226-9E9D-986261E1782E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{0BA8FA54-4CF8-474D-8AD3-885679EFB71A}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
    FirewallRules: [{C63C9E8C-B512-4E76-A257-24367759D0D6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{55ED4F24-9C21-42E0-A0AE-05C204BE0630}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{BED09548-6639-4149-9044-080612191CE7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{A1E3EE29-7C69-4880-BDB7-54306AE9FF6A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{1787F2EF-CF1B-4103-A2DC-CFA5DF57DDB8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{21AFD5FA-BF83-4DD0-8193-1564EB9414BD}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{53741E3B-26D2-4A68-8661-B87022DDD86E}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{2D29BBF8-734C-4F75-895D-BBD40421347F}] => (Allow) C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe
    FirewallRules: [{62A6BB35-83D4-4AEE-B66C-2A798B155437}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{80232EF3-2EF6-4177-856D-617E3C15AB5B}] => (Allow) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    FirewallRules: [{59BBB991-694F-4D2E-BBAD-5172447ED5F1}] => (Allow) LPort=35722
    FirewallRules: [TCP Query User{873E2A4C-7C49-4F15-86F8-08E5ADAD9E7A}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [UDP Query User{436C7093-C20C-4508-9A6A-E11A08DC90AE}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [{06173391-150C-467F-BE06-507A838F2AE0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{167A83A8-0450-47E1-BCF8-2B388F40A0B4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{133DCF9E-6621-4177-B06A-D80087DA81F2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{C2267703-0296-4D11-B3A7-BE9B1E0611D8}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [TCP Query User{53383707-10A5-40AC-9F79-566F2A2DF800}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [UDP Query User{5CD1E5D5-53EC-4ECA-B592-1F1DA95F17BC}C:\program files (x86)\eye-fi\helper\eyefihelper.exe] => (Allow) C:\program files (x86)\eye-fi\helper\eyefihelper.exe
    FirewallRules: [{AB34B557-3008-4CE2-92C8-AE4BD1C4834B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{254973CD-663A-41A7-91D3-50024F5DE7B4}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{6381E03F-B076-4E47-A024-F615199C6056}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{799B85B1-FE2B-4972-96D2-46D6D32F2556}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
    FirewallRules: [{EE83AD08-2A21-45D0-9103-33A216016C97}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{CA1F3E3F-201A-4829-AF2D-1F140D7E3476}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{D7799A5D-2444-4F22-A812-976F569DDFA9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{A497E7E2-FE5B-4832-BC0B-1A4DB8645101}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
    FirewallRules: [{1D54B8B1-736C-4F6A-830A-E611D43C60E9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{070FF34B-40F7-47FA-8E35-7ADE0E8C0D1D}] => (Allow) LPort=2869
    FirewallRules: [{FADBCB46-0317-4F70-B507-C656C0062EFA}] => (Allow) LPort=1900
    FirewallRules: [{9BBFB4C5-0926-4CD1-B6D8-FBE177AAE2F9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{9602CF13-D0D3-4553-BD71-9C76E0665123}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{F71221F7-38F0-448B-9CEE-D6E35D8FA4B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{92DB92CE-05FB-4B5E-8E2F-E963A72AC679}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{8C0395E0-8734-46EB-9632-8729466C585E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{A4C1AF39-741E-41EF-8610-79A33A15D44C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{FDC5B277-4F44-4BA1-BAF1-A66BB1830996}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{C82EE142-2CE3-439D-A784-5F80025BA87A}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{1F2E9E11-6CD1-4062-8D67-CE0524A9830D}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{EC03CB22-DC4E-4968-8F9F-707425B679FB}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{397E8405-6F3A-48BE-8969-B82E4E055CF6}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [TCP Query User{13329A22-FA32-4882-BF87-39379D3277E9}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [UDP Query User{92A2AD35-E9A6-430D-B3A1-00E5C7F74C96}C:\users\jeff\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\jeff\appdata\local\google\chrome\application\chrome.exe
    FirewallRules: [{08F3285D-C8E2-42C5-A0B6-56B1023BA095}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Restore Points =========================

    ATTENTION: System Restore is disabled

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/14/2016 10:35:36 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {58b6837a-a4f3-4c23-8b99-c1e6d337f5c3}

    Error: (06/13/2016 01:05:59 AM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).

    Error: (06/12/2016 01:09:47 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: TdmNotify.exe, version: 3.3.3.104, time stamp: 0x4bb10672
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x000001630000002c
    Faulting process id: 0x1500
    Faulting application start time: 0xTdmNotify.exe0
    Faulting application path: TdmNotify.exe1
    Faulting module path: TdmNotify.exe2
    Report Id: TdmNotify.exe3

    Error: (06/11/2016 10:31:08 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {57522d9f-dcbc-448b-893c-9755b5437e91}

    Error: (06/09/2016 10:28:16 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/08/2016 10:26:35 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/07/2016 10:24:57 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/07/2016 12:13:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program tltextureeffects.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1808

    Start Time: 01d1c0724126e1e7

    Termination Time: 453

    Application Path: C:\Program Files\Topaz Labs\Topaz Texture Effects\tltextureeffects.exe

    Report Id: 3db77c2c-2c66-11e6-aecd-b8ac6f83267f

    Error: (06/06/2016 10:23:21 AM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {72b631a9-a994-42bd-9231-a0188ac33948}

    Error: (06/06/2016 01:05:54 AM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: The process cannot access the file because it is being used by another process. (0x80070020).


    System errors:
    =============
    Error: (06/15/2016 07:40:15 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/15/2016 07:39:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/15/2016 07:39:43 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/15/2016 07:36:55 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/13/2016 07:40:59 AM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/12/2016 06:21:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0 = The operation completed successfully.


    Error: (06/12/2016 01:32:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0 = The operation completed successfully.


    Error: (06/12/2016 01:19:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
    Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

    Error: (06/12/2016 01:16:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/12/2016 01:08:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
    %%0 = The operation completed successfully.



    CodeIntegrity:
    ===================================
    Date: 2016-06-15 07:39:43.951
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-15 07:39:43.801
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-15 07:39:43.651
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-15 07:39:43.501
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-12 13:19:31.045
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2016-06-12 13:19:30.905
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-12-02 20:24:08.395
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2012-05-23 16:46:11.268
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2011-11-13 19:52:46.479
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Xeon(R) CPU E5507 @ 2.27GHz
    Percentage of memory in use: 22%
    Total physical RAM: 18429.59 MB
    Available physical RAM: 14213.58 MB
    Total Virtual: 34811.79 MB
    Available Virtual: 30981.73 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:232.78 GB) (Free:42.83 GB) NTFS
    Drive g: (WD500gbHD001) (Fixed) (Total:465.46 GB) (Free:465.35 GB) NTFS
    Drive h: (BDEDrive) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive I: (Seagate2TB0515) (Fixed) (Total:1863.01 GB) (Free:1086.11 GB) NTFS
    Drive m: (NIKON D810 ) (Removable) (Total:59.62 GB) (Free:59.52 GB) exFAT
    Drive p: (NIKON D700) (Removable) (Total:29.8 GB) (Free:25.84 GB) FAT32
    Drive r: (500gbSamUSB) (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS
    Drive u: (ClassOf2016) (Fixed) (Total:465.76 GB) (Free:96.26 GB) NTFS
    Drive z: (Samsung500GB) (Fixed) (Total:465.76 GB) (Free:131.13 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 232.9 GB) (Disk ID: 519EEA7C)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 2E7E52D8)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 78F30D47)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 305762D3)
    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 4 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 49C5DE19)
    Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

    ========================================================
    Disk: 5 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C20DCE50)
    Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 6 (Size: 29.8 GB) (Disk ID: 00000000)

    Partition: GPT.

    ========================================================
    Disk: 7 (Size: 59.7 GB) (Disk ID: 00000000)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] FRST reports:
    Did you disable system restore for whatever reason?

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. desono

    desono TS Rookie Topic Starter Posts: 22

    I have always disabled system restore since the early days of windows when it was a resource and cpu hog,
     
  22. desono

    desono TS Rookie Topic Starter Posts: 22

    Here is the fix log:

    Fix result of Farbar Recovery Scan Tool (x64) Version:15-06-2016
    Ran by Jeff (2016-06-17 07:29:25) Run:1
    Running from C:\Users\Jeff\Desktop
    Loaded Profiles: Jeff (Available Profiles: Jeff & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    Toolbar: HKU\S-1-5-21-2620986578-484658413-2464296446-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    FF Plugin-x32: @safarimontage.com/smmp -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontagePlayer.dll [No File]
    FF Plugin-x32: @safarimontage.com/smmpinfo -> C:\Program Files\SAFARI Montage\SAFARI Montage Media Player\npSAFARIMontageInfo.dll [No File]
    FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [not found]
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 MSICDSetup; \??\D:\CDriver64.sys [X]
    S3 NDSPCIIO; \??\C:\Windows\system32\DRIVERS\NDSPCIIO64.SYS [X]
    S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
    2012-12-06 23:18 - 2013-03-11 21:11 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs
    2016-04-30 17:01 - 2016-04-30 17:05 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs
    2013-06-13 18:28 - 2013-06-13 18:33 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2014-03-21 23:58 - 2016-02-13 14:34 - 0000132 _____ () C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Common
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Compressor
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Contextual Menu Items
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Core Data Application
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\CustomDataViews
    2010-06-22 22:22 - 2012-02-16 11:51 - 0000121 _____ () C:\Users\Jeff\AppData\Roaming\default.pls
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\Hybrid Morph
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers
    2010-06-22 20:52 - 2011-06-30 20:32 - 0099384 _____ () C:\Users\Jeff\AppData\Roaming\inst.exe
    2015-01-14 18:43 - 2015-01-14 18:43 - 0000074 _____ () C:\Users\Jeff\AppData\Roaming\mbam.context.scan
    2010-06-22 20:52 - 2011-06-30 20:32 - 0007859 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.cat
    2010-06-22 20:52 - 2011-06-30 20:32 - 0001167 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.inf
    2010-06-22 20:52 - 2011-06-30 20:32 - 0000055 _____ () C:\Users\Jeff\AppData\Roaming\pcouffin.log
    2010-06-22 20:52 - 2011-06-30 20:32 - 0082816 _____ (VSO Software) C:\Users\Jeff\AppData\Roaming\pcouffin.sys
    2012-02-04 00:32 - 2012-04-15 15:44 - 0001456 _____ () C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs
    2010-06-30 00:18 - 2013-01-30 23:36 - 0032256 _____ () C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2010-06-20 13:22 - 2015-05-03 01:35 - 0007622 _____ () C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
    2014-10-27 16:42 - 2014-10-27 16:42 - 0000000 _____ () C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D}
    2011-05-12 15:05 - 2011-07-04 09:09 - 0001940 _____ () C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    2014-07-13 18:34 - 2014-07-13 18:34 - 0000000 _____ () C:\ProgramData\Contents
    2012-06-09 21:29 - 2012-06-09 21:29 - 0000000 _____ () C:\ProgramData\Core Data Application
    2012-06-09 21:28 - 2012-06-09 21:28 - 0000000 _____ () C:\ProgramData\Database
    2011-04-26 10:11 - 2011-04-26 10:11 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2010-06-20 19:20 - 2015-08-09 19:54 - 0001342 _____ () C:\ProgramData\hpzinstall.log
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000268 ___RH () C:\ProgramData\Image Units
    2010-06-10 18:04 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbw.DAT
    2010-06-10 17:55 - 2015-08-09 19:53 - 0000000 ____H () C:\ProgramData\PKP_DLbx.DAT
    2010-06-10 18:00 - 2014-04-17 17:56 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
    2010-06-10 18:12 - 2011-06-30 20:26 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
    2010-06-10 18:31 - 2014-07-13 18:34 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
    2011-11-30 20:23 - 2012-06-09 21:28 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
    2011-11-30 20:22 - 2012-06-09 21:29 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
    2010-06-10 18:04 - 2010-06-10 18:04 - 0000012 ___RH () C:\ProgramData\Sci-Fi
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.2\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 [5]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 [4]
    AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 [5]
    AlternateDataStreams: C:\ProgramData\TEMP:888AFB86 [110]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT:4s14T5pQiArj1sPtLU0Wz9ZgIB48F [2116]
    AlternateDataStreams: C:\Users\Jeff\AppData\Local\EOIjud2Q6cK:837Wgcbb9IcjIExsPTiuhc [2478]

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-2620986578-484658413-2464296446-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => key not found.
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} => value removed successfully
    HKCR\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A} => key not found.
    HKU\S-1-5-21-2620986578-484658413-2464296446-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@safarimontage.com/smmp" => key removed successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@safarimontage.com/smmpinfo" => key removed successfully
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn => path removed successfully
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value removed successfully
    catchme => service removed successfully
    MSICDSetup => service removed successfully
    NDSPCIIO => service removed successfully
    NTIOLib_1_0_C => service removed successfully
    C:\Users\Jeff\AppData\Roaming\Adobe BMP Format CS5 Prefs => moved successfully
    C:\Users\Jeff\AppData\Roaming\Adobe GIF Format CS6 Prefs => moved successfully
    C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
    C:\Users\Jeff\AppData\Roaming\Adobe PNG Format CS6 Prefs => moved successfully
    C:\Users\Jeff\AppData\Roaming\Common => moved successfully
    C:\Users\Jeff\AppData\Roaming\Compressor => moved successfully
    C:\Users\Jeff\AppData\Roaming\Contextual Menu Items => moved successfully
    C:\Users\Jeff\AppData\Roaming\Core Data Application => moved successfully
    C:\Users\Jeff\AppData\Roaming\CustomDataViews => moved successfully
    C:\Users\Jeff\AppData\Roaming\default.pls => moved successfully
    C:\Users\Jeff\AppData\Roaming\Hybrid Morph => moved successfully
    C:\Users\Jeff\AppData\Roaming\Hybrid Synthesizers => moved successfully
    C:\Users\Jeff\AppData\Roaming\inst.exe => moved successfully
    C:\Users\Jeff\AppData\Roaming\mbam.context.scan => moved successfully
    C:\Users\Jeff\AppData\Roaming\pcouffin.cat => moved successfully
    C:\Users\Jeff\AppData\Roaming\pcouffin.inf => moved successfully
    C:\Users\Jeff\AppData\Roaming\pcouffin.log => moved successfully
    C:\Users\Jeff\AppData\Roaming\pcouffin.sys => moved successfully
    C:\Users\Jeff\AppData\Local\Adobe Save for Web 12.0 Prefs => moved successfully
    C:\Users\Jeff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg => moved successfully
    C:\Users\Jeff\AppData\Local\{5AC1E52D-43C4-42CB-B417-746ADB93354D} => moved successfully
    C:\Users\Jeff\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini => moved successfully
    C:\ProgramData\Contents => moved successfully
    C:\ProgramData\Core Data Application => moved successfully
    C:\ProgramData\Database => moved successfully
    C:\ProgramData\ezsidmv.dat => moved successfully
    C:\ProgramData\hpzinstall.log => moved successfully
    C:\ProgramData\Image Units => moved successfully
    C:\ProgramData\PKP_DLbw.DAT => moved successfully
    C:\ProgramData\PKP_DLbx.DAT => moved successfully
    C:\ProgramData\PKP_DLbz.DAT => moved successfully
    C:\ProgramData\PKP_DLdu.DAT => moved successfully
    C:\ProgramData\PKP_DLdw.DAT => moved successfully
    C:\ProgramData\PKP_DLes.DAT => moved successfully
    C:\ProgramData\PKP_DLet.DAT => moved successfully
    C:\ProgramData\PKP_DLev.DAT => moved successfully
    C:\ProgramData\Sci-Fi => moved successfully
    "HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
    "HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
    "HKU\S-1-5-21-2620986578-484658413-2464296446-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
    C:\ProgramData\Nalpeiron => ":user.ns1" ADS removed successfully.
    C:\ProgramData\Nalpeiron => ":user.ns2" ADS removed successfully.
    C:\ProgramData\Nalpeiron => ":user.ns3" ADS removed successfully.
    C:\ProgramData\Nalpeiron => ":user.ns4" ADS removed successfully.
    C:\ProgramData\TEMP => ":888AFB86" ADS removed successfully.
    C:\Users\Jeff\AppData\Local\DZ8SAz7ss62XumT => ":4s14T5pQiArj1sPtLU0Wz9ZgIB48F" ADS removed successfully.
    C:\Users\Jeff\AppData\Local\EOIjud2Q6cK => ":837Wgcbb9IcjIExsPTiuhc" ADS removed successfully.

    ==== End of Fixlog 07:29:26 ====
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Do you keep proper backup then?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  24. desono

    desono TS Rookie Topic Starter Posts: 22

    SecurityCheck output:

    Results of screen317's Security Check version 1.014 --- 12/23/15
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Norton Security Suite
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Spyder3Elite
    Spyder3Pro
    Java 8 Update 45
    Java version 32-bit out of Date!
    Adobe Flash Player 22.0.0.192
    Mozilla Firefox 40.0.2 Firefox out of Date!
    Google Chrome (51.0.2704.103)
    Google Chrome (51.0.2704.84)
    Google Chrome (SetupMetrics.pma..)
    ````````Process Check: objlist.exe by Laurent````````
    Jeff Desktop VirusStuff SecurityCheck.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 5%
    ````````````````````End of Log``````````````````````
     
  25. desono

    desono TS Rookie Topic Starter Posts: 22

    Farbar service scanner info:

    Farbar Service Scanner Version: 27-01-2016
    Ran by Jeff (administrator) on 18-06-2016 at 09:37:47
    Running from "C:\Users\Jeff\Desktop\VirusStuff"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...