Scotty Barking over "Z@Rxxxx.TMP" files

[jebirr]

Have received 15 barks related to program named "Z@Rxxxx.TMP" where "xxxx" is various letters and numbers.  Program description same as file prefix.  No Company and listed as hidden file.  Located in "C:\users\<user>\APPDATA\LOCAL\TEMP\ACRORD32_SBX\" directory.

Appears to be associated with "FLASHUTIL32_20_0_0_0_270_ACTIVEX.EXE, Adobe flash player installer/uninstaller as it logged events at same time. 

Is this just a nuisance event or issue?

[satrow]

Welcome!

Reads like a scam to install an infected 'version' of Flash - an issue!

It's probably best if you carefully read and follow the instructions here: http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/

[Corrine]

Hi, jebirr.

Satrow is correct.  Scotty is properly warning you.  Please do as he suggested and post the requested logs.

[Corrine]

DonnaB found interesting information!  See Locked files : Z@xxx.tmp files left behind in A... | Adobe Community.  Following various links, led to this Adobe enterprise product blog post:  Acrobat/Reader: Z@xxx.tmp files left behind in Temp folder after printing.

[jebirr]

Have received 15 barks related to program named "Z@Rxxxx.TMP" where "xxxx" is various letters and numbers.  Program description same as file prefix.  No Company and listed as hidden file.  Located in "C:\users\<user>\APPDATA\LOCAL\TEMP\ACRORD32_SBX\" directory.

Appears to be associated with "FLASHUTIL32_20_0_0_0_270_ACTIVEX.EXE, Adobe flash player installer/uninstaller as it logged events at same time.   Have not taken any steps other than collecting logs (below):

Thanks,

Security Check Log:
-----------------------
Results of screen317's Security Check version 1.014 --- 12/23/15 
Windows 7 Service Pack 1 x86 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
WinPatrol
WinPatrol  2009 (Outdated! Latest version is WinPatrol 2012)[/b]
Java 8 Update 66 
Adobe Flash Player    20.0.0.267 
Adobe Reader XI 
Mozilla Firefox (42.0)
Google Chrome (47.0.2526.106)
Google Chrome (47.0.2526.80)
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
MediaMall MediaMallServer.exe   
BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]


FRST Logs:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-12-2015
Ran by Birr (administrator) on OFFICE-VISTA-PC (04-01-2016 22:28:18)
Running from C:\Users\Birr\Desktop\Tools
Loaded Profiles: Birr (Available Profiles: Birr & Limited Guest & Mcx2 & Mcx3-OFFICE-VISTA-PC)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
(Garmin Ltd. or its subsidiaries) C:\Program Files\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files\MediaMonkey\MediaMonkeyService.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe
() C:\Program Files\Macrium\Reflect\ReflectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(Ventis Media Inc.) C:\Program Files\MediaMonkey\MediaMonkey.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(X10) C:\Program Files\Common Files\X10\Common\X10nets.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
() C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Creative Technology Ltd) C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Cyber Power Systems, Inc.) C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe
() C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
(SmartLabs) C:\Program Files\SmartLabs\HouseLinc\HouseLinc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(TeraTerm Project, Shinpei Hayakawa) C:\Program Files\teraterm\ttpmenu.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SourceForge.net) C:\Program Files\Password Safe\pwsafe.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(MediaMall Technologies, Inc.) C:\Program Files\MediaMall\MediaMallServer.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-05-06] (SigmaTel, Inc.)
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [Adobe Photo Downloader] => C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [MediaFace Integration] => C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe [53248 2003-08-18] (Fellowes, Inc.)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [VolPanel] => C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [477600 2013-01-24] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [IndexSearch] => C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] => "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
HKLM\...\Run: [PDFHook] => C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] => C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [WinPatrol] => C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [320832 2009-10-10] (BillP Studios)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-29] (Microsoft Corporation)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-07-20] (Western Digital Technologies, Inc.)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe [362896 2014-05-12] (Cyber Power Systems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM\...\Run: [VerizonCloud] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [Google Update] => C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [PhotoshopElements8SyncAgent] => C:\Program Files\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe [1945536 2010-09-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [HouseLinc2] => C:\Program Files\SmartLabs\HouseLinc\HouseLinc.exe [8570480 2013-12-11] (SmartLabs)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-26] (Google Inc.)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [AirDroid 3] => C:\Program Files\AirDroid\AirDroid.exe [7119872 2015-10-03] (Sand Studio)
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\tray.exe"
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Run: [SynchronossPC] => C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe [2136728 2015-12-03] ()
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1403304 2015-10-29] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\VerizonCloud\x86\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\VerizonCloud\x86\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\VerizonCloud\x86\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\VerizonCloud\x86\Sncr.Overlays.dll [2015-12-03] (Synchronoss Technologies Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2008-09-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Birr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-08-14]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Birr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk [2015-11-14]
ShortcutTarget: Password Safe.lnk -> C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
Startup: C:\Users\Birr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Media Check Tool.lnk [2009-12-20]
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\Birr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeraTerm Menu.lnk [2015-08-30]
ShortcutTarget: TeraTerm Menu.lnk -> C:\Program Files\teraterm\ttpmenu.exe (TeraTerm Project, Shinpei Hayakawa)
GroupPolicyUsers\S-1-5-21-2627120174-714410872-1873172258-1005\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{979DD02F-D0D9-4910-97E9-9E76497F52C0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F6EDF163-49F4-4168-8352-F5F993F0F353}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO: PodcastBHO Class -> {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} -> C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll [2012-05-01] (doubleTwist Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: PlayOn -> {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} -> C:\Program Files\MediaMall\toolbar\pobho.dll [2015-10-29] (MediaMall Technologies, Inc.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-27] (Oracle Corporation)
Toolbar: HKLM - PlayOn - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - C:\Program Files\MediaMall\toolbar\pobho.dll [2015-10-29] (MediaMall Technologies, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-2627120174-714410872-1873172258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {62AEFF80-16AD-4AC4-B812-E70EB5F37301} hxxp://www.zenfolio.com/zf/code/upload-ie-win-x86.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://photo.samsclub.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-11-28] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Birr\AppData\Roaming\Mozilla\Firefox\Profiles\4zkp40mt.default-1424647218886
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-27] (Oracle Corporation)
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2008-11-13] (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll [2009-11-07] (Move Networks)
FF Plugin: @playon.tv/PlayOnToolbar -> C:\Program Files\MediaMall\toolbar\npVT.dll [2015-08-27] (MediaMall Technologies, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2013-01-25] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Birr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @doubletwist.com/NPPodcast -> C:\Program Files\Common Files\doubleTwist\NPPodcast.dll [2012-05-01] (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll [2009-11-07] (Move Networks)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @talk.google.com/O1DPlugin -> C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2627120174-714410872-1873172258-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-02] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll [2009-02-06] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-03-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Birr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Birr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2013-09-22]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Birr\AppData\Roaming\Mozilla\Firefox\Profiles\4zkp40mt.default-1424647218886\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2015-12-01]
FF Extension: Skype extension - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-01] [not signed]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-12-01] [not signed]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-01-02] [not signed]
FF HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Birr\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Birr\AppData\Roaming\Move Networks [2012-01-02] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll => No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2008-08-26] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-22] (Dropbox, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-13] (Macrovision Corporation) [File not signed]
R2 MediaMall Server; C:\Program Files\MediaMall\MediaMallServer.exe [6545008 2015-12-30] (MediaMall Technologies, Inc.)
R2 MediaMonkeyService; C:\Program Files\MediaMonkey\MediaMonkeyService.exe [1394688 2013-12-05] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 ppped; C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe [1034640 2014-05-12] (Cyber Power Systems, Inc.)
R2 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [220824 2011-10-31] ()
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2008-05-14] (Sonic Solutions)
S3 rpcapd; C:\Program Files\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-05-06] (SigmaTel, Inc.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [71344 2013-10-05] (Microsoft Corporation)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-07-20] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-07-20] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14216 2010-02-23] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [8456 2010-02-23] () [File not signed]
R3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [63152 2012-11-30] (FTDI Ltd.)
R2 iPodDrv; C:\Windows\system32\drivers\iPodDrv.sys [6656 2011-07-27] (Windows (R) Codename Longhorn DDK provider) [File not signed]
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [23920 2013-03-05] (MediaMall Technologies, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35088 2010-06-25] (CACE Technologies, Inc.)
S3 PcaSp60; C:\Windows\System32\DRIVERS\PcaSp60.sys [28672 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [45208 2011-10-31] (Macrium Software)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16024 2011-10-31] (Macrium Software)
S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [12952 2011-10-31] (Paramount Software UK Ltd)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2010-04-09] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2010-04-09] ()
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2008-07-21] (Samsung Electronics) [File not signed]
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-05-06] (SigmaTel, Inc.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\DRIVERS\lgusbgps.sys [19968 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-11] (LG Electronics Inc.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27160 2008-10-28] (X10 Wireless Technology, Inc.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-04 22:27 - 2016-01-04 22:28 - 00000000 ____D C:\Users\Birr\Desktop\Tools
2016-01-04 22:26 - 2016-01-04 22:28 - 00000000 ____D C:\FRST
2016-01-02 12:44 - 2016-01-02 12:45 - 00000000 ____D C:\Users\Birr\Desktop\Tax and Financial
2015-12-30 10:57 - 2015-12-30 10:57 - 00000000 ____D C:\Users\Birr\Downloads\FEMA
2015-12-27 22:51 - 2015-12-27 23:08 - 00000000 ____D C:\Users\Public\Documents\Temp_Walgreens_Print
2015-12-27 21:19 - 2015-12-27 21:19 - 00000000 ____D C:\Program Files\Common Files\Java
2015-12-27 20:52 - 2015-12-27 22:52 - 00000000 ____D C:\Users\Public\Documents\Temp_Church
2015-12-22 09:06 - 2015-12-22 09:06 - 00086917 _____ C:\Users\Birr\Downloads\PGRDeclarationsPage (6).html
2015-12-22 09:06 - 2015-12-22 09:06 - 00086917 _____ C:\Users\Birr\Downloads\PGRDeclarationsPage (5).html
2015-12-11 21:14 - 2015-12-11 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-09 09:20 - 2015-12-09 09:23 - 00008192 _____ C:\Windows\system32\WDPABKP.dat
2015-12-08 13:19 - 2015-11-20 12:34 - 02956800 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-08 13:19 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-08 13:19 - 2015-11-20 12:33 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-08 13:19 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-08 13:19 - 2015-11-20 12:33 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 13:19 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-08 13:19 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-08 13:19 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-08 13:19 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-08 13:19 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-08 13:19 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-08 13:19 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-08 13:19 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-08 13:19 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-08 13:19 - 2015-11-10 12:39 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-08 13:19 - 2015-11-10 12:39 - 00811520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-08 13:19 - 2015-11-10 11:40 - 02386944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-08 13:19 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-08 13:19 - 2015-11-09 18:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 13:19 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-08 13:19 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-08 13:19 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-08 13:19 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-08 13:19 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-08 13:19 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-08 13:19 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-08 13:19 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-08 13:19 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-08 13:19 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-08 13:19 - 2015-11-09 18:03 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-08 13:19 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-08 13:19 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-08 13:19 - 2015-11-09 17:57 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 13:19 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 13:19 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-08 13:19 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-08 13:19 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-08 13:19 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-08 13:19 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-08 13:19 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-08 13:19 - 2015-11-09 17:36 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-08 13:19 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-08 13:19 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-08 13:19 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-08 13:19 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-08 13:19 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-08 13:19 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-08 13:18 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-08 13:18 - 2015-11-05 03:48 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-08 13:18 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-08 13:18 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-08 13:18 - 2015-10-08 17:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-08 13:18 - 2015-10-08 17:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-08 13:18 - 2015-10-08 17:13 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-08 13:18 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\system32\locale.nls

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-04 22:29 - 2011-12-23 19:59 - 00000000 ____D C:\Users\Birr\Documents\Outlook Files
2016-01-04 22:27 - 2009-07-13 20:37 - 00000000 ____D C:\Windows
2016-01-04 22:22 - 2010-10-02 22:33 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000UA.job
2016-01-04 22:12 - 2015-11-22 21:07 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-04 21:54 - 2009-10-30 16:08 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 21:33 - 2012-06-22 18:35 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-04 21:21 - 2015-11-22 21:07 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-04 16:02 - 2014-02-16 17:42 - 00000000 ____D C:\ProgramData\MediaMall
2016-01-04 15:22 - 2010-10-02 22:33 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000Core.job
2016-01-04 13:34 - 2012-01-02 01:38 - 00018864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-04 13:34 - 2012-01-02 01:38 - 00018864 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-04 05:54 - 2015-08-16 13:06 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d856b3054c2e.job
2016-01-04 02:00 - 2008-09-14 00:23 - 00000000 ____D C:\Users\Birr\AppData\Local\Adobe
2016-01-04 00:00 - 2015-08-16 15:28 - 00000000 ____D C:\Program Files\CyberPower PowerPanel Personal Edition
2016-01-02 23:55 - 2008-09-13 23:11 - 00000000 ____D C:\Users\Birr\Downloads\Adobe
2016-01-02 23:41 - 2011-12-12 19:52 - 00000000 ____D C:\Users\Birr\AppData\Roaming\FileZilla
2016-01-02 19:17 - 2014-02-25 20:06 - 00000000 ____D C:\Users\Birr\AppData\Roaming\MediaMonkey
2016-01-02 18:57 - 2012-08-19 20:56 - 00000632 __RSH C:\Users\Mcx2\ntuser.pol
2016-01-02 18:57 - 2012-01-02 01:41 - 00000000 ____D C:\Users\Mcx2
2016-01-02 13:30 - 2012-09-25 18:24 - 00000000 ____D C:\Users\Birr\Documents\EasyRotatorPreview
2016-01-01 20:33 - 2012-06-22 18:35 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-01 20:33 - 2011-06-11 17:46 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-01 19:20 - 2008-09-13 21:04 - 00000000 ____D C:\Users\Birr\AppData\Local\Google
2015-12-30 17:15 - 2014-02-16 17:43 - 00000000 ____D C:\Program Files\MediaMall
2015-12-30 11:41 - 2015-11-14 20:01 - 00000000 ____D C:\Users\Birr\AppData\Local\PasswordSafe
2015-12-28 10:14 - 2015-07-06 19:16 - 00000000 ____D C:\Users\Birr\AppData\Local\CrashDumps
2015-12-27 21:19 - 2015-06-12 19:42 - 00000000 ____D C:\ProgramData\Oracle
2015-12-27 21:17 - 2015-06-12 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-27 21:17 - 2012-08-05 19:00 - 00002255 _____ C:\Users\Birr\Desktop\Kies Air Discovery Service.lnk
2015-12-27 21:17 - 2008-08-26 10:36 - 00000000 ____D C:\Program Files\Java
2015-12-27 21:14 - 2015-09-21 20:07 - 00000000 ____D C:\Users\Birr\.oracle_jre_usage
2015-12-27 21:13 - 2015-06-12 19:44 - 00095840 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-12-18 03:00 - 2015-04-04 02:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-16 16:23 - 2008-09-13 23:10 - 00000000 ____D C:\Users\Birr\AppData\Roaming\Mozilla
2015-12-11 21:15 - 2015-11-22 21:07 - 00000000 ____D C:\Program Files\Dropbox
2015-12-11 21:15 - 2012-07-13 22:02 - 00000000 ___RD C:\Users\Birr\Dropbox
2015-12-11 21:15 - 2012-07-13 21:51 - 00000000 ____D C:\Users\Birr\AppData\Roaming\Dropbox
2015-12-09 11:22 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2015-12-09 09:15 - 2015-11-15 16:44 - 00000000 ___RD C:\Users\Birr\Verizon Cloud Sync
2015-12-09 09:10 - 2012-01-02 03:42 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-09 09:10 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2015-12-09 09:04 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-09 09:04 - 2009-07-13 22:33 - 00473024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-09 09:03 - 2015-12-01 12:36 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-12-09 09:03 - 2012-06-22 18:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-12-09 09:03 - 2008-12-17 20:27 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-09 03:25 - 2008-09-13 21:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 03:24 - 2010-06-04 02:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 03:15 - 2013-07-22 02:00 - 00000000 ____D C:\Windows\system32\MRT
2015-12-09 03:01 - 2012-01-02 10:50 - 137798368 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 21:39 - 2009-10-02 17:47 - 00247976 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-07 19:56 - 2015-11-15 16:44 - 00001137 _____ C:\Users\Birr\Desktop\Verizon Cloud.lnk
2015-12-07 19:55 - 2015-11-15 16:44 - 00000000 ____D C:\Users\Birr\AppData\Local\Verizon

==================== Files in the root of some directories =======

2015-08-16 12:51 - 2015-08-16 12:51 - 6420480 _____ () C:\Program Files\GUT69CA.tmp
2012-11-17 22:22 - 2014-02-26 22:48 - 0033792 ___SH () C:\Users\Birr\AppData\Roaming\Thumbs.db
2008-09-14 22:34 - 2008-09-14 22:34 - 0026340 _____ () C:\Users\Birr\AppData\Roaming\UserTile.png
2009-03-12 17:47 - 2013-06-04 08:36 - 0001144 _____ () C:\Users\Birr\AppData\Roaming\wklnhst.dat
2012-01-31 19:36 - 2012-12-31 22:48 - 0123392 _____ () C:\Users\Birr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-11 21:02 - 2015-02-22 17:22 - 0008248 _____ () C:\Users\Birr\AppData\Local\en.ini
2012-01-19 22:05 - 2012-01-19 22:05 - 0001314 _____ () C:\Users\Birr\AppData\Local\error.log
2012-01-19 22:05 - 2012-01-19 22:05 - 0003426 _____ () C:\Users\Birr\AppData\Local\process.log
2012-01-19 19:48 - 2014-02-26 22:38 - 0007604 _____ () C:\Users\Birr\AppData\Local\Resmon.ResmonCfg
2014-03-02 21:50 - 2014-03-02 21:50 - 0002108 _____ () C:\Users\Birr\AppData\Local\rx_audio.Cache
2014-03-02 21:50 - 2014-03-02 21:50 - 0000072 _____ () C:\Users\Birr\AppData\Local\rx_image32.Cache
2012-01-24 21:20 - 2014-03-01 18:43 - 0000899 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Files to move or delete:
====================
C:\Users\Public\installer_eml_to_pst_converter.exe


Some files in TEMP:
====================
C:\Users\Birr\AppData\Local\Temp\0.9706121193666732.exe
C:\Users\Birr\AppData\Local\Temp\7z.dll
C:\Users\Birr\AppData\Local\Temp\7z.exe
C:\Users\Birr\AppData\Local\Temp\8.0.30.1-EasyShrx.Dll
C:\Users\Birr\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfas1l2.dll
C:\Users\Birr\AppData\Local\Temp\dtkill.exe
C:\Users\Birr\AppData\Local\Temp\EasyLogin_setup_US.exe
C:\Users\Birr\AppData\Local\Temp\Executor.exe
C:\Users\Birr\AppData\Local\Temp\i4jdel0.exe
C:\Users\Birr\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Birr\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe
C:\Users\Birr\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Birr\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Birr\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Birr\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Birr\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Birr\AppData\Local\Temp\nsy74BF.tmp.exe
C:\Users\Birr\AppData\Local\Temp\optprosetup.exe
C:\Users\Birr\AppData\Local\Temp\sbwcrv.exe
C:\Users\Birr\AppData\Local\Temp\SDAPPUP.exe
C:\Users\Birr\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Birr\AppData\Local\Temp\sqlite3.dll
C:\Users\Birr\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Birr\AppData\Local\Temp\VistaLib32_1.dll
C:\Users\Birr\AppData\Local\Temp\_is3A5C.exe
C:\Users\Birr\AppData\Local\Temp\_is4D11.exe
C:\Users\Birr\AppData\Local\Temp\_is555B.exe
C:\Users\Birr\AppData\Local\Temp\_is814A.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-30 00:34

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by Birr (2016-01-04 22:29:40)
Running from C:\Users\Birr\Desktop\Tools
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2012-01-02 16:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2627120174-714410872-1873172258-500 - Administrator - Disabled)
Birr (S-1-5-21-2627120174-714410872-1873172258-1000 - Administrator - Enabled) => C:\Users\Birr
Guest (S-1-5-21-2627120174-714410872-1873172258-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2627120174-714410872-1873172258-1008 - Limited - Enabled)
Limited Guest (S-1-5-21-2627120174-714410872-1873172258-1005 - Limited - Enabled) => C:\Users\Limited Guest
Mcx2 (S-1-5-21-2627120174-714410872-1873172258-1006 - Administrator - Enabled) => C:\Users\Mcx2
Mcx3-OFFICE-VISTA-PC (S-1-5-21-2627120174-714410872-1873172258-1009 - Limited - Enabled) => C:\Users\Mcx3-OFFICE-VISTA-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 EasyLogin (HKLM\...\1&1 EasyLogin) (Version:  - )
3D Home Architect 4 (HKLM\...\3D Home Architect 4) (Version:  - )
ActiveHome Pro (HKLM\...\ActiveHomePro) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 9 (HKLM\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Uploader (HKLM\...\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 0.13.0.661440 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 Content (HKLM\...\Adobe Premiere Elements 9 Content) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AirDroid 3.0.1 (HKLM\...\AirDroid) (Version: 3.0.1 - Sand Studio)
Album Art Fixer (HKLM\...\{7EB94EB2-9A5E-4FCC-B940-9E11AB8AF933}) (Version: 2.0.0 - AV Soft NL)
Amazon Kindle (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Amazon Kindle) (Version:  - Amazon)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N66U Wireless Router Utilities (HKLM\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.3.9 - ASUS)
ASUS Wireless Router RT-N66U Manuals (HKLM\...\{70B823FE-0CBB-4B7B-B828-3352A65DB7F1}) (Version: 1.00.000 - ASUS)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.2.563 - DsNET Corp)
AudioShell 2.0 beta 1 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 1 - Softpointer Inc)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Beyond Compare Version 3.3.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
CameraHelperMsi (Version: 13.30.1395.0 - Logitech)

[DonnaB]

Hi jebirr,

Thank you for the logs! :)

Looks like the Addition.txt log was a wee bit too long to include in the same post with the FRST.txt  and the Security Check log. Since it got cut off about half way through, could you please post the Addition.txt log in it's own post. No need to post the other two logs again.

Thank you,
Donna :)

[jebirr]

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by Birr (2016-01-04 22:29:40)
Running from C:\Users\Birr\Desktop\Tools
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2012-01-02 16:21:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2627120174-714410872-1873172258-500 - Administrator - Disabled)
Birr (S-1-5-21-2627120174-714410872-1873172258-1000 - Administrator - Enabled) => C:\Users\Birr
Guest (S-1-5-21-2627120174-714410872-1873172258-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2627120174-714410872-1873172258-1008 - Limited - Enabled)
Limited Guest (S-1-5-21-2627120174-714410872-1873172258-1005 - Limited - Enabled) => C:\Users\Limited Guest
Mcx2 (S-1-5-21-2627120174-714410872-1873172258-1006 - Administrator - Enabled) => C:\Users\Mcx2
Mcx3-OFFICE-VISTA-PC (S-1-5-21-2627120174-714410872-1873172258-1009 - Limited - Enabled) => C:\Users\Mcx3-OFFICE-VISTA-PC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1&1 EasyLogin (HKLM\...\1&1 EasyLogin) (Version:  - )
3D Home Architect 4 (HKLM\...\3D Home Architect 4) (Version:  - )
ActiveHome Pro (HKLM\...\ActiveHomePro) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Dreamweaver CS5.5 (HKLM\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop Elements 5.0 (HKLM\...\Adobe Photoshop Elements 5) (Version: 5.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 9 (HKLM\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Photoshop.com Uploader (HKLM\...\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 0.13.0.661440 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 Content (HKLM\...\Adobe Premiere Elements 9 Content) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AirDroid 3.0.1 (HKLM\...\AirDroid) (Version: 3.0.1 - Sand Studio)
Album Art Fixer (HKLM\...\{7EB94EB2-9A5E-4FCC-B940-9E11AB8AF933}) (Version: 2.0.0 - AV Soft NL)
Amazon Kindle (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Amazon Kindle) (Version:  - Amazon)
Android SDK Tools (HKLM\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
AnswerWorks 4.0 Runtime - English (HKLM\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS RT-N66U Wireless Router Utilities (HKLM\...\{88CA8932-7987-4D7A-BEE3-227BDB3CA888}) (Version: 4.2.3.9 - ASUS)
ASUS Wireless Router RT-N66U Manuals (HKLM\...\{70B823FE-0CBB-4B7B-B828-3352A65DB7F1}) (Version: 1.00.000 - ASUS)
aTube Catcher (HKLM\...\aTube Catcher) (Version: 2.2.563 - DsNET Corp)
AudioShell 2.0 beta 1 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 1 - Softpointer Inc)
AviSynth 2.5 (HKLM\...\AviSynth) (Version:  - )
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Beyond Compare Version 3.3.4 (HKLM\...\BeyondCompare3_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7460DN (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Build Tools - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (Version: 12.0.21005 - Microsoft Corporation) Hidden
CameraHelperMsi (Version: 13.30.1395.0 - Logitech) Hidden
ChromecastApp (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
CyberPower PowerPanel Personal Edition 1.4.3 (HKLM\...\{DEC7E1CD-31A2-4F2F-BEE5-CF80E8E58C2A}) (Version: 1.4.3 - Cyber Power Systems, Inc.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAO 3.5 (HKLM\...\DAO 3.5) (Version:  - )
Data Lifeguard Diagnostic for Windows 1.28 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DeductionPro 2008 (HKLM\...\{61100673-2546-42E1-BF92-467B5CB2AC6D}) (Version: 16.04 - )
Dell Driver Download Manager - 1  (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\309a46b1dc89b774) (Version: 1.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5907.16 - Dell Inc.)
Dell Support Center (Version: 3.1.5907.16 - PC-Doctor, Inc.) Hidden
DHTML Editing Component (HKLM\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DirectXInstallService (Version: 9.0.2 - Roxio) Hidden
DiskInternals Linux Reader (HKLM\...\DiskInternals Linux Reader) (Version: 2.3 - DiskInternals Research)
doubleTwist (HKLM\...\doubleTwist) (Version: 3.2.1.14961 - doubleTwist Corporation)
Dropbox (HKLM\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.27.37 - Dropbox, Inc.) Hidden
EASEUS Partition Master 5.8.1 Home Edition (HKLM\...\EASEUS Partition Master Home Edition_is1) (Version:  - EASEUS)
EasyRotator Wizard (HKLM\...\com.dwuser.erwizard.EasyRotatorWizard) (Version: 1.0.115 - Magnetic Marketing Corp)
EasyRotator Wizard (Version: 1.0.115 - Magnetic Marketing Corp) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
Elements 9 Organizer (Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Elevated Installer (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
EML to PST Converter (HKLM\...\EML to PST Converter) (Version:  - )
Entity Framework Tools for Visual Studio 2013 (HKLM\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FileZilla Client 3.14.1 (HKLM\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Garmin Express (HKLM\...\{b292f4e5-60ca-4bb8-8810-e5f908c3c1ff}) (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.10.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.29.1 - Google Inc.) Hidden
H&R Block Iowa 2014 (HKLM\...\{4B90D57B-133C-4D29-8C0B-2408BCB1E2C6}) (Version: 1.14.3301 - HRB Technology, LLC.)
H&R Block Missouri 2014 (HKLM\...\{EF25BBAD-D823-4F7D-A06A-AB1492D0943B}) (Version: 1.14.2801 - HRB Technology, LLC.)
H&R Block Premium + Efile + State 2014 (HKLM\...\{CDB1D329-A168-427D-837C-2075CDD3DC62}) (Version: 14.07.7401 - HRB Technology, LLC.)
Hauppauge TV Tuner Driver (Version: 2.0.25312 - Hauppauge Computer Works) Hidden
Helium (HKLM\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
HouseLinc (HKLM\...\{958E951C-4AF0-4C9A-B90A-77EA61DAA310}) (Version: 2.10.29.0 - SmartLabs)
iCloud (HKLM\...\{20C6FF70-690B-4DF7-8F5D-269DD3A7FD23}) (Version: 3.0.2.163 - Apple Inc.)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Intel(R) PRO Network Connections 12.1.12.4 (HKLM\...\PROSetDX) (Version:  - Dell)
InterVideo FilterSDK for Hauppauge (HKLM\...\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}) (Version:  - InterVideo Inc.)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iSEEK AnswerWorks English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
Java 8 Update 66 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kies Air Discovery Service (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Kies Air Discovery Service) (Version:  - Samsung)
K-Lite Codec Pack 4.1.4 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 4.1.4 - )
LG USB Modem driver (HKLM\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
Macrium Reflect - Free Edition (HKLM\...\{DB35267F-B5C6-495C-8407-75ADC34E759D}) (Version: 4.2.2525 - Macrium)
ManyCam 2.6.43 (remove only) (HKLM\...\ManyCam) (Version: 2.6.43 - ManyCam LLC)
Media Browser (HKLM\...\{DA17E4A3-68A1-44E1-8AC0-A7E06FB60478}) (Version: 2.2.9.0 - Media Browser)
MediaFACE 4.01 (HKLM\...\InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.01 Image Library (HKLM\...\InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}) (Version: 4.01 - Fellowes)
MediaFACE 4.01 Image Library (Version: 4.01 - Fellowes) Hidden
MediaFACE 4.2 (HKLM\...\InstallShield_{9DFCAA7A-9B62-4468-8F91-F68150AA8BAD}) (Version: 4.2 - Fellowes)
MediaFACE 4.2 (Version: 4.2 - Fellowes) Hidden
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.3 (HKLM\...\{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}) (Version: 2.0.2313.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{5EF1EBC5-4A40-4D1C-B02E-0C54BC93FD06}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{FE939060-416C-4ECD-890E-13776E2707C4}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{544ACD54-9FAA-4A60-A1E7-B2EC3AA75D24}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E7654811-38F9-4225-9688-827FDA716582}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU (HKLM\...\{773AC1E4-5F27-4DF6-A932-7FDDE35C069D}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU (HKLM\...\{bec3d87e-1d6d-4b15-8383-29068c86b888}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{710BF966-43C8-4216-A8EC-BC4E169FF7C1}) (Version: 3.1.8.0 - Apple Inc.)
MobileVideo For iPod 3.6 (HKLM\...\MobileVideo For iPod_is1) (Version:  - )
Move Media Player (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\Move Media Player) (Version:  - Move Networks)
Mozilla Firefox 42.0 (x86 en-US) (HKLM\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
NEF Codec (HKLM\...\{A89768CF-CD21-44FD-A723-16D5A8557415}) (Version: 1.00.0000 - Nikon)
Netflix in Windows Media Center (HKLM\...\{F751C062-87DA-4D33-8A12-6E7F1D4C051C}) (Version: 2.0.0.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Outlook Import Wizard (HKLM\...\Outlook Import Wizard) (Version:  - )
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Password Safe (HKLM\...\Password Safe) (Version:  - )
Pdf995 (installed by H&R Block) (HKLM\...\Pdf995) (Version:  - )
PdfEdit995 (installed by H&R Block) (HKLM\...\PdfEdit995) (Version:  - )
Player (HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\QUICKMEDIACONVERTER) (Version:  - )
PlayOn (HKLM\...\{05b60a39-7406-4bb6-8f3b-67f759e12397}) (Version: 4.0.0.12787 - MediaMall Technologies, Inc.)
PlayOn (Version: 4.0.0 - MediaMall Technologies, Inc.) Hidden
PlayOn Dependencies (Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Primo (Version: 1.00.0000 - Your Company Name) Hidden
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Punch! Professional Home Design (HKLM\...\Punch! Professional Home Design) (Version:  - )
Quicken 2014 (HKLM\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
QuickTime 7 (HKLM\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RAIDar 4.3.8 (HKLM\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Roxio Creator Premier (HKLM\...\{469EF13B-4AD0-48D7-AF89-6B92278293E2}) (Version: 10.1 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Runtime (Version: 1.00.0000 - Your Company Name) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Savings Bond Wizard (HKLM\...\Savings Bond Wizard) (Version:  - )
Scansoft PDF Professional (Version:  - ) Hidden
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SES Driver (HKLM\...\{0673654C-5296-453B-9798-B61CD7E03FEB}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shutterfly Express Uploader (HKLM\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (Version: 1.2.0 - Shutterfly, Inc.) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)
SketchUp 2015 (HKLM\...\{D0A0BE3D-8D66-4BE9-87C4-D30CA5AA93A3}) (Version: 15.3.330 - Trimble Navigation Limited)
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.3.7555 - Skype Technologies S.A.)
Skypeâ,,¢ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090 - SmartSound Software Inc) Hidden
Sony Picture Utility (HKLM\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.2.00.15030 - Sony Corporation)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
SYNC Volume Control v1.0.81 (HKLM\...\SYNC Volume Control_is1) (Version:  - Ford Motor Company)
TaxCut Iowa 2008 (HKLM\...\{AC48D212-2070-454F-89F9-CBA4DC6907D5}) (Version: 1.08.2901 - H&R Block Digital Tax Solutions LLC.)
TaxCut Missouri 2008 (HKLM\...\{92D4FD21-0F6B-454F-B812-2199CB434850}) (Version: 1.08.2601 - H&R Block Digital Tax Solutions LLC.)
TaxCut Premium + State + Efile 2008 (HKLM\...\{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}) (Version: 08.07.6801 - H & R Block)
Team Explorer for Microsoft Visual Studio 2013 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Tera Term 4.87 (HKLM\...\Tera Term_is1) (Version:  - )
TextPad 5 (HKLM\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Turbo Lister 2 (HKLM\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2010 (HKLM\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax Deluxe 2007 (HKLM\...\TurboTax Deluxe 2007) (Version:  - )
Tyre (HKLM\...\Tyre_is1) (Version: 5.8.4.8 - 't Schrijverke)
Update for  (KB2504637) (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Utility Chest Internet Explorer Toolbar (HKLM\...\UtilityChest_49bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Vanguard(TM) (HKLM\...\XCamPro) (Version:  - )
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.9 - Verizon)
WD Drive Utilities (HKLM\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Quick View (HKLM\...\{5B1CF5E0-D321-4766-AEF1-1E9D1C535A10}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{2B58AB2C-D980-47FD-8633-E360314BA662}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{5BA501B7-A8B2-4EFF-9241-18CE436C67BB}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM\...\{979a4332-3eb0-4561-9f74-a4fb871cf2bd}) (Version: 2.4.12.1 - Western Digital Technologies, Inc.)
WIDCOMM Bluetooth Software 6.0.1.4300 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.4300 - Dell)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol 2009 (HKLM\...\WinPatrol) (Version: 17.0.2010.0 - BillP Studios)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinX DVD Ripper Platinum 7.0.0 (HKLM\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Wireshark 1.4.4 (HKLM\...\Wireshark) (Version: 1.4.4 - The Wireshark developer community, hxxp://www.wireshark.org)
XPS MiniView Gadget (HKLM\...\{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}) (Version: 1.00.0000 - CompanionLink Software, Inc.)
Xtranormal State - Showpak-Playgoz-Preview (HKLM\...\{D28CB048-A0AB-4F98-909F-69F3F25AA87D}) (Version: 1.2.8 - Xtranormal)
Xtranormal State - SoundPack-Starter Kit (HKLM\...\{B5C314F7-928B-44E3-A8A3-169648B1077D}) (Version: 1.0.2 - Xtranormal)
Xtranormal State - Voicepack-English-UK-Daniel (HKLM\...\{1696C54E-599A-4BA2-9941-BB70C4727887}) (Version: 1.0.4 - Xtranormal)
Xtranormal State - Voicepack-English-UK-Serena (HKLM\...\{838A22DF-81CA-4452-9BDD-A1745224D960}) (Version: 1.0.4 - Xtranormal)
Xtranormal State - Voicepack-English-US-Samantha (HKLM\...\{912536C4-273C-416F-B42C-BBC5B72114D7}) (Version: 1.0.5 - Xtranormal)
Xtranormal State - Voicepack-English-US-Tom (HKLM\...\{467A3BF8-4C87-4E68-835C-CE5318C157C2}) (Version: 1.0.4 - Xtranormal)
Xtranormal State (HKLM\...\{8EC4F64D-92E4-4274-9495-4C887D49DEC3}) (Version: 2.5.3854.0 - Xtranormal)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{493B5A90-6B34-44BF-9CB4-37B22E511415}\InprocServer32 -> C:\Users\Birr\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader7.ocx (Aurigma)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{693566bc-21f8-401e-8d42-e2c5ce50dacc}\localserver32 -> C:\Users\Birr\AppData\Local\Temp\{d5641912-e47a-429c-879e-cfe13eac7a13}\IDriver.NonElevated.exe => N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\Birr\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (InstallShield Software Corporation)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\InprocServer32 -> C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{7ECB1A47-6647-4B2C-A8DA-675569C9FF15}\InprocServer32 -> C:\Users\Birr\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\ImageUploader7.ocx (Aurigma)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{ABECE8A0-FF84-4efb-82AE-9B3181CE097D}\InprocServer32 -> C:\Program Files\TextPad 5\System\shellext32.dll (Helios Software Solutions)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611}\InprocServer32 -> C:\Program Files\Macrium\Reflect\RShellExt.dll (Paramount Software UK Ltd)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{e3e02f12-2adb-478c-8742-5f0819f9f0f4}\InprocServer32 -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{e473a65c-8087-49a3-affd-c5bc4a10669b}\InprocServer32 -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{fc345d4c-b8f4-4674-bff7-3c37d2e535ee}\InprocServer32 -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{fd6484ed-ebe3-4c3d-938a-8238003b41b7}\InprocServer32 -> C:\Users\Birr\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1D8C963B-4892-43D7-AFE3-6AC7722908C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000Core => C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {20675273-286A-4D2C-9171-D24C1AA66EF1} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx3-OFFICE-VISTA-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {26C23E8C-75FC-4204-9C00-025437B1A288} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Birr => C:\Program Files\Windows Calendar\WinCal.exe
Task: {2C4A0018-62ED-4438-B3AA-B1A27755DCDD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)
Task: {4745560E-6AB0-49FB-BB06-84E654CE9272} - System32\Tasks\{A050AD26-DA1A-4D5A-931F-65AA4D414E17} => pcalua.exe -a C:\ProgramData\Kodak\EasyShareSetup\$SETUP_1e0001_22968673\Setup.exe -c /APR-REMOVE
Task: {52C90FD5-2AC4-4168-85DF-4331575AB6A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-01] (Adobe Systems Incorporated)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5A898AA9-269F-4925-A6E0-0B047F340BA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000UA => C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5AB38509-AFEB-416D-8E1A-33E2867BA950} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {5F2FBD31-644A-4ACB-9D83-5751F7123A2A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {643A11A6-90EC-4BA7-B852-5B934504B3C5} - System32\Tasks\{72CA504E-6829-4852-9816-A4B0D310743A} => pcalua.exe -a "C:\Users\Birr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H458U7HP\sbwsetup[1].exe" -d C:\Users\Birr\Desktop
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {820C0D0F-D3A2-4308-8C82-DCC1CC9D1AA6} - System32\Tasks\{61711FA4-8E28-4C64-9D35-AE21E1238B63} => pcalua.exe -a "C:\Users\Birr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OP8DB4VH\softmce_setup.exe" -d C:\Users\Birr\Desktop
Task: {8299FEB4-B1AB-4002-9F45-615049292678} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-11-22] (Dropbox, Inc.)
Task: {929B8A60-2BBD-44CC-9215-3FD80A944FA7} - System32\Tasks\{B63B453C-9DA6-4334-BD4F-6F3D97380DED} => pcalua.exe -a "C:\Users\Birr\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RAC8L1QY\mcekit_setup.exe" -d C:\Users\Birr\Desktop
Task: {942AF4E5-D882-4BEE-BE0F-C1DC698BFF85} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A15C4696-769C-4B17-8526-61A26CDFE201} - System32\Tasks\{B26F427A-B6D1-4922-B448-C875C20E94C8} => pcalua.exe -a "C:\Program Files\Nuance\PaperPort\ScannerWizardU.exe" -c /A [PaperPort 12.1] /L [eng]
Task: {A36B0F83-CDDE-4E9D-B70D-B759A71E8353} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A7CE7D9F-1604-4CA3-9253-D79B9E91DCA1} - System32\Tasks\{9431102B-5964-49E6-89CA-23BCD9508920} => C:\Program Files\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {AEC66F17-143C-4D68-8C28-6DDC457D9D68} - System32\Tasks\GoogleUpdateTaskMachineCore1d0d856b3054c2e => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {B1555DEB-5475-4D70-BAC0-197BD8050116} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C08687CF-47AA-48B0-8808-E6284EE7B8C3} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-10-29] ()
Task: {D05F9AF5-F5C9-4810-964E-35EC18B29606} - System32\Tasks\AdobeAAMUpdater-1.0-OFFICE-VISTA-PC-Birr => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-01-24] (Adobe Systems Incorporated)
Task: {D214280E-1556-4574-8203-CA025AAA3892} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-12-13] (PC-Doctor, Inc.)
Task: {D2D0DC65-24B2-4C3E-BB9E-751D3778FC77} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0d856b3054c2e.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000Core.job => C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2627120174-714410872-1873172258-1000UA.job => C:\Users\Birr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2009-03-28 12:31 - 2015-03-29 19:00 - 00036864 _____ () C:\Windows\System32\pdf995mon.dll
2010-11-13 15:37 - 2008-07-24 03:23 - 00026624 _____ () C:\Windows\System32\sss3ml3.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-25 20:06 - 2013-12-05 08:48 - 01394688 _____ () C:\Program Files\MediaMonkey\MediaMonkeyService.exe
2011-10-31 04:26 - 2011-10-31 03:31 - 00220824 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2014-02-25 20:06 - 2015-10-01 21:50 - 00581632 _____ () C:\Program Files\MediaMonkey\sqlite3MM.dll
2014-02-25 20:06 - 2014-08-15 21:31 - 00054784 _____ () C:\Program Files\MediaMonkey\MMHelper.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00390872 _____ () C:\Program Files\MediaMonkey\Plugins\f_aac.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00327896 _____ () C:\Program Files\MediaMonkey\Plugins\f_ape.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00306904 _____ () C:\Program Files\MediaMonkey\Plugins\f_AVI.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00132824 _____ () C:\Program Files\MediaMonkey\Plugins\f_flac.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00267480 _____ () C:\Program Files\MediaMonkey\Plugins\f_flac_codec.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00262872 _____ () C:\Program Files\MediaMonkey\Plugins\f_FLV.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00377048 _____ () C:\Program Files\MediaMonkey\Plugins\f_mkv.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00395480 _____ () C:\Program Files\MediaMonkey\Plugins\f_MP4.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00328408 _____ () C:\Program Files\MediaMonkey\Plugins\f_mpc.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00270040 _____ () C:\Program Files\MediaMonkey\Plugins\f_MPG.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00352984 _____ () C:\Program Files\MediaMonkey\Plugins\f_ogg.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00142040 _____ () C:\Program Files\MediaMonkey\Plugins\f_video.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00335576 _____ () C:\Program Files\MediaMonkey\Plugins\f_wave.dll
2014-02-25 20:06 - 2015-10-01 21:50 - 00374272 _____ () C:\Program Files\MediaMonkey\Plugins\f_WMV.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00061656 _____ () C:\Program Files\MediaMonkey\Plugins\in_mfaudio.dll
2014-02-25 20:06 - 2010-06-17 15:13 - 00077824 _____ () C:\Program Files\MediaMonkey\Plugins\in_mpc.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00321240 _____ () C:\Program Files\MediaMonkey\Plugins\in_vorbis.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00081624 _____ () C:\Program Files\MediaMonkey\Plugins\in_wav.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00222936 _____ () C:\Program Files\MediaMonkey\Plugins\in_wma.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00104152 _____ () C:\Program Files\MediaMonkey\Plugins\in_wmp3.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00348888 _____ () C:\Program Files\MediaMonkey\Plugins\out_MMDS.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00874200 _____ () C:\Program Files\MediaMonkey\Plugins\out_WASAPI.dll
2014-02-25 20:06 - 2012-11-09 20:18 - 00013824 _____ () C:\Program Files\MediaMonkey\Plugins\out_wave.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00104152 _____ () C:\Program Files\MediaMonkey\Equalize.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 01061592 _____ () C:\Program Files\MediaMonkey\Plugins\d_iPhone.dll
2014-02-25 20:06 - 2015-10-01 21:50 - 01176576 _____ () C:\Program Files\MediaMonkey\iPhoneCalc.dll
2015-09-13 21:35 - 2015-07-02 14:26 - 00679936 _____ () C:\Program Files\MediaMonkey\SQLite3_iOS8.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00906456 _____ () C:\Program Files\MediaMonkey\Plugins\d_iPod.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00400600 _____ () C:\Program Files\MediaMonkey\Plugins\d_iRiverH.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00423128 _____ () C:\Program Files\MediaMonkey\Plugins\d_WMDM.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 00132824 _____ () C:\Program Files\MediaMonkey\WMAuth.dll
2014-02-25 20:06 - 2015-10-01 21:57 - 00706776 _____ () C:\Program Files\MediaMonkey\UpNp.dll
2014-02-25 20:06 - 2015-10-01 21:56 - 01024216 _____ () C:\Program Files\MediaMonkey\Lame_enc.dll
2012-01-02 02:12 - 2012-01-02 02:12 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-01-02 02:12 - 2012-01-02 02:12 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-01-02 02:12 - 2012-01-02 02:12 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2015-10-16 04:08 - 2015-10-16 04:08 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2007-02-13 10:33 - 2007-02-13 10:33 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2007-08-23 13:58 - 2007-08-23 13:58 - 02070000 _____ () C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
2010-05-07 18:35 - 2010-05-07 18:35 - 02143576 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 18:35 - 2010-05-07 18:35 - 07954776 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 18:36 - 2010-05-07 18:36 - 00340824 _____ () C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00027480 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 18:37 - 2010-05-07 18:37 - 00126808 _____ () C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2008-08-26 10:37 - 2006-11-13 08:07 - 00066560 _____ () C:\Windows\system32\CmdRtr.dll
2008-08-26 10:37 - 2006-11-20 11:29 - 00101376 _____ () C:\Windows\system32\APOMngr.dll
2012-04-18 19:19 - 2009-09-14 16:36 - 00506711 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2012-02-12 17:00 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-12-03 17:13 - 2015-12-03 17:13 - 02136728 _____ () C:\Program Files\Verizon\VerizonCloud\VerizonCloud.exe
2015-12-03 17:13 - 2015-12-03 17:13 - 00923424 _____ () C:\Program Files\Verizon\VerizonCloud\x86\sqlite3.DLL
2010-09-30 03:07 - 2010-09-30 03:07 - 02386368 _____ () C:\Program Files\Adobe\Elements 9 Organizer\QtCore4.dll
2010-09-30 03:07 - 2012-06-10 22:10 - 08562536 _____ () C:\Program Files\Adobe\Elements 9 Organizer\QtGui4.dll
2010-09-30 03:11 - 2010-09-30 03:11 - 00125888 _____ () C:\Program Files\Adobe\Elements 9 Organizer\QtPlugins\imageformats\qjpeg4.dll
2007-02-13 10:14 - 2007-02-13 10:14 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2015-12-11 21:14 - 2015-10-30 18:59 - 00034768 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00019408 _____ () C:\Program Files\Dropbox\Client\faulthandler.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00022848 _____ () C:\Program Files\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00023352 _____ () C:\Program Files\Dropbox\Client\Crypto.Util._counter.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00042296 _____ () C:\Program Files\Dropbox\Client\Crypto.Cipher._AES.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00116688 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2015-12-11 21:14 - 2015-10-30 18:59 - 00093640 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00018376 _____ () C:\Program Files\Dropbox\Client\select.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00019760 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00105928 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00392144 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2015-12-11 21:14 - 2015-12-08 15:36 - 00381752 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00692688 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00020816 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00109520 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 01737032 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00020808 _____ () C:\Program Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00020800 _____ () C:\Program Files\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00021840 _____ () C:\Program Files\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00038696 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00024528 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00020936 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00114640 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00021320 _____ () C:\Program Files\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00124880 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00030160 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00043472 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00175560 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00028616 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00048592 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00024392 _____ () C:\Program Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00036296 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2015-12-11 21:14 - 2015-10-30 19:00 - 00024016 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00117056 _____ () C:\Program Files\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00023376 _____ () C:\Program Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00134608 _____ () C:\Program Files\Dropbox\Client\_elementtree.pyd
2015-12-11 21:14 - 2015-10-30 18:59 - 00134088 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00240584 _____ () C:\Program Files\Dropbox\Client\jpegtran.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00020280 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00052024 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00021304 _____ () C:\Program Files\Dropbox\Client\Crypto.Util.strxor.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00350152 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00084792 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.DLL
2015-12-11 21:14 - 2015-12-08 15:36 - 01826608 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 21:14 - 2015-10-30 19:00 - 00083912 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 03891504 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 01950000 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00519984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00133936 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00225080 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00207672 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00024904 _____ () C:\Program Files\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00486704 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQuick.pyd
2015-12-11 21:14 - 2015-12-08 15:36 - 00357680 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtQml.pyd
2015-12-11 21:14 - 2015-10-30 19:01 - 00019920 _____ () C:\Program Files\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-12-11 21:14 - 2015-10-30 19:00 - 00786904 _____ () C:\Program Files\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-12-11 21:14 - 2015-10-30 19:00 - 00063448 _____ () C:\Program Files\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-12-11 21:14 - 2015-10-30 19:00 - 00019408 _____ () C:\Program Files\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\cutestdogcompetition.com -> hxxp://cutestdogcompetition.com
IE trusted site: HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\omahasteaks.com -> hxxp://www.omahasteaks.com
IE trusted site: HKU\S-1-5-21-2627120174-714410872-1873172258-1000\...\x10.com -> hxxp://myhouse.x10.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2627120174-714410872-1873172258-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Birr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor5.0 => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0F7405D3-BD25-47AF-A5F2-4578843CCE94}] => (Allow) C:\Program Files\Logitech\V

[jebirr]

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0F7405D3-BD25-47AF-A5F2-4578843CCE94}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{A6A112A9-0B8D-4A64-92FC-6EF20B0EB033}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{A0EF6834-E3D9-45D3-AFDD-661D5320601A}] => (Allow) C:\Program Files\Windows Live\Mesh\MOE.exe
FirewallRules: [{94AF9B46-C533-4470-9C94-B81672571AE6}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{EA0C6855-F439-4296-811C-364D0EFDCC9F}] => (Allow) LPort=1900
FirewallRules: [{70932DDC-0EA0-4A00-A422-E606CA99AE00}] => (Allow) LPort=2869
FirewallRules: [{DFF1B876-B34B-43D1-8F45-365549272D5B}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9651EC1D-42B6-4C38-A823-E13243495071}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{FBAD5A9E-0F30-4178-9582-7C840394E7BC}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{624483BA-23D6-4860-8B18-EB8B2612A248}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{DBD608B0-F34D-4C50-B550-073120986B17}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{725A4063-D61B-477A-A2CE-4FE5D576F466}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{57B98F2A-DB43-494D-B823-9B8CE12EEB55}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{AE7EEC1E-F406-4455-8A8C-BDED3782894F}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{009F7333-6A03-436F-8076-8BD1C65F4DAE}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{1D42F4CC-8AFF-42E0-BEDE-C45A748CF291}] => (Allow) C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{2AF38CC6-D852-488E-986F-7D073BA5FF5E}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe
FirewallRules: [{66829EFD-8132-4FD3-8484-242267C67B1C}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\vpn.exe
FirewallRules: [{F0258151-9E88-4C89-906F-9F7468063990}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe
FirewallRules: [{CA1F3940-44BB-44B9-AFA3-2B6E874C3AC0}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\CmonApp.exe
FirewallRules: [{C6847BCC-54BA-4D0F-9709-D4BFDA1448FB}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe
FirewallRules: [{B3E60FC7-9B84-44A2-81D1-CA8F2B2C363C}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\ViewLog.exe
FirewallRules: [{0B9820C4-FE2D-4A81-8781-109CB102902E}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
FirewallRules: [{3A0578CF-CFC7-41AB-B2F3-39525C05BAE2}] => (Allow) C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe
FirewallRules: [{C59EF34F-344E-4DC2-969B-A5A403A194DF}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{0BB08D43-2F39-4A77-9950-E6AAB18823C8}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{50DB954E-40D0-4341-94DC-DF980CDE7B15}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{A6E1EFC0-F509-4D84-A21B-AF0C1C18603E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{57CB7FCF-0499-4950-BFCF-6C3CC981137E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{33202861-5A7B-4AF7-96A2-CC53EAE2E62D}] => (Allow) C:\Program Files\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{FF9C5A2D-C434-4D8E-847B-72BA7162AA0D}] => (Allow) C:\Program Files\Brother\Brmfl10f\FAXRX.exe
FirewallRules: [{6D2F64CB-B83E-4123-A4E7-C557609AC658}] => (Allow) LPort=54925
FirewallRules: [{D80CFD31-F4E3-40AF-A327-10CC880C1374}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{0E0E4DAB-7F30-487E-9453-3A63CB81FE88}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\Discovery.exe
FirewallRules: [{EAF07309-8385-40E8-A15D-CE8AFFCAA0E6}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{D4813554-EA60-41A5-B043-3F6D6B4F258B}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\Rescue.exe
FirewallRules: [{D41A65B8-0339-448A-9D3E-17C7F5EA2762}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{A48137BE-BFE7-407A-9CA7-57E405C06F35}] => (Allow) C:\Program Files\ASUS\RT-N66U Wireless Router Utilities\QISWizard.exe
FirewallRules: [{699106D6-DEB8-4693-8B66-B02F1BDE0545}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9DA12057-0763-4D9E-A5F4-F7D7305E49B9}] => (Allow) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{CDAC9BEC-ED5E-4489-AF09-6268CBBDE9C9}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{8D7F901A-8295-4F2F-9812-19BB130A1877}] => (Allow) C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [TCP Query User{E8810521-D947-4107-9088-A5E65A264AEE}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{EEB06498-1B30-48E6-86D8-04A476583217}C:\program files\mediamonkey\mediamonkey.exe] => (Allow) C:\program files\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{AF0D3977-D324-403D-8CC1-88355118C5D1}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{B7E91C6E-6030-468E-83CE-00B70C958BFA}C:\program files\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{8C61EEF2-DE8C-46F9-B964-75FC33C6128D}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D1337CD2-F076-4CA5-A50D-5E2A5DF62869}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{9917EE1C-F629-441A-8D06-D6FF336C9DF3}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2B44FDE9-44A9-49CF-A60E-E9D88F03F730}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F0D11732-DC4E-4E1B-84A8-9B9CC6C28888}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B20676BB-B199-464B-A8A7-6878DA8A55A5}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{43E98ACD-0399-40F3-AF98-3F9D11203F91}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe
FirewallRules: [UDP Query User{7C0C2D0E-C638-4FE5-AE4F-FC29ADEB7B63}C:\program files\airdroid\airdroid.exe] => (Allow) C:\program files\airdroid\airdroid.exe
FirewallRules: [TCP Query User{8A0435F4-BE52-4F84-9E98-128A3566C861}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{B2AE3E37-B840-45D0-9962-EBBD23173911}C:\program files\java\jre6\bin\javaw.exe] => (Allow) C:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{EBBA932E-629F-4A46-819A-4F7006746672}C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [UDP Query User{9E2FC058-E53C-476D-9392-981F462606DA}C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\jp2launcher.exe
FirewallRules: [{0875E1A3-9D24-4582-8EBA-5F618B4E5AB4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DF404F3D-E106-48B1-98CF-0FBE049FF98F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{141728ED-D5CB-42B4-BBC6-4683BC28A48D}C:\program files\netgear readynas\raidar.exe] => (Allow) C:\program files\netgear readynas\raidar.exe
FirewallRules: [UDP Query User{BE401D05-9D59-4392-873D-29321507078A}C:\program files\netgear readynas\raidar.exe] => (Allow) C:\program files\netgear readynas\raidar.exe
FirewallRules: [{2E0309C0-86F5-4038-9C31-2354A739F3DF}] => (Allow) C:\Program Files\MediaMall\MediaMallServer.exe
FirewallRules: [{E93B17C7-DB15-4D15-A93C-9AFA027D8AE3}] => (Allow) C:\Program Files\MediaMall\SettingsManager.exe
FirewallRules: [{9C6E1B82-997C-441D-84BF-7FF0F0E3BF6C}] => (Allow) C:\Program Files\MediaMall\PlayOn.exe
FirewallRules: [{B31CDA87-9649-4D15-8F29-3B743DC3641D}] => (Allow) C:\Program Files\MediaMall\PlayMark.exe
FirewallRules: [{8ED73A40-0FB8-4146-97C2-49D5462B6292}] => (Allow) C:\Program Files\MediaMall\Surfer.exe
FirewallRules: [{01560310-247D-4FA7-BE24-6023EF88AB26}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A38A826D-05C2-44B5-849B-CD73C8BD5A75}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DDABA442-9D65-4405-AFA7-1DE6B5419951}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{8A6F00AA-679C-4D9F-87B7-D01D110C5FEB}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
DomainProfile\AuthorizedApplications: [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7
StandardProfile\AuthorizedApplications: [C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe] => Enabled:Logitech Harmony Remote Software 7

==================== Restore Points =========================

12-12-2015 09:15:45 Windows Update
16-12-2015 01:52:20 Windows Update
18-12-2015 03:00:11 Windows Update
21-12-2015 09:14:41 Windows Update
25-12-2015 01:52:23 Windows Update
28-12-2015 09:15:52 Windows Update
01-01-2016 01:52:03 Windows Update
04-01-2016 09:15:05 Windows Update

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2016 07:48:46 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 19:48:46.697]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 05:36:32 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 17:36:32.749]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 04:28:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 16:28:24.060]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 03:53:17 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 15:53:17.725]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 11:57:55 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 11:57:55.188]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 09:15:18 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary MpKsl4aa4d874.

System Error:
The system cannot find the file specified.
.

Error: (01/04/2016 07:39:28 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 07:39:28.405]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 06:09:18 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 06:09:18.250]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 03:32:01 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 03:32:01.411]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]

Error: (01/04/2016 01:59:51 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/01/04 01:59:51.127]: [00004168]: SendSKeySettingToDevice:: Snmp Load Error[0] To[192.168.1.11]


System errors:
=============
Error: (01/04/2016 10:23:40 PM) (Source: DCOM) (EventID: 10016) (User: OFFICE-VISTA-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}OFFICE-VISTA-PCBirrS-1-5-21-2627120174-714410872-1873172258-1000LocalHost (Using LRPC)

Error: (01/04/2016 10:23:29 PM) (Source: DCOM) (EventID: 10016) (User: OFFICE-VISTA-PC)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}OFFICE-VISTA-PCBirrS-1-5-21-2627120174-714410872-1873172258-1000LocalHost (Using LRPC)

Error: (01/02/2016 06:59:02 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AAC1009F-AB33-48F9-9A21-7F5B88426A2E}

Error: (12/30/2015 11:25:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/28/2015 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/28/2015 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/28/2015 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/28/2015 10:30:42 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/28/2015 10:30:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (12/28/2015 10:30:41 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.


CodeIntegrity:
===================================
  Date: 2013-01-29 22:17:25.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:17:25.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:17:25.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:17:25.587
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:03:27.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:03:27.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:03:27.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-29 22:03:27.738
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-28 23:15:10.377
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-28 23:15:10.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Mcafee\VSCoreOld\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 3325.92 MB
Available physical RAM: 1346.32 MB
Total Virtual: 6650.16 MB
Available Virtual: 3421.92 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:931.44 GB) (Free:240.41 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 58000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[Corrine]

Hi, jebirr.

Thank you for the addition.txt log.

According to the referenced Adobe Article, the issue isn't supposed to happen with Windows 7.  However, what is supposed to happen and what does happen are not always the same.  The article also indicates that the files can be removed immediately after a fresh computer restart. 

These tmp files are actually the true type fonts that are used by the Windows print spooler when printing a PDF.  The font files get created using the Windows call CreateScalableFontResource.  This Windows API call locks the files and thus when Acrobat calls DeleteFile on these files, sometimes an ACCESS_DENIED error is returned and they cannot be deleted.

Personally, I removed Adobe Reader from my computer years ago and switched to Sumatra PDF.  However, with all of the Adobe programs installed on your computer, this may not be an acceptable option for you.  So, lets see what we can do cleaning up your computer, including removing temp files.

1.  First, however, I would not allow any programs in the Trusted Zone.  After all, even well known sites can be the victim of an SQL injection, hidden scripts, and more. If you elect to remove the entries from the Trusted Zone, please do the following:

• Launch Internet Explorer, click Internet Options on the Tools  menu, and then click the Security tab.
• Click Trusted Sites, and then click Sites.
• Click the site you want to delete, and then click Remove.  You have the following in Trusted Sites:
  cutestdogcompetition.com
  omahasteaks.com
  x10.com

2.  Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Open Notepad (Start =>All Programs => Accessories => Notepad).
  
• Copy/Paste the entire contents of the code box below into Notepad.
  

Code Select Expand


start
CreateRestorePoint:
CloseProcesses:
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll => No File
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
C:\Users\Public\installer_eml_to_pst_converter.exe
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\InprocServer32 -> C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
EmptyTemp:
end


• Click Format and ensure Wordwrap is unchecked.
  
• Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  
• Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  
  
  
  • Press the Fix button once and wait.
    
  • FRST will process fixlist.txt
    
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    
  • Please post the log in your next reply.
    

3.  Is there any reason why you are running such an old version of WinPatrol?

[jebirr]

Fix result of Farbar Recovery Scan Tool (x86) Version:31-12-2015
Ran by Birr (2016-01-11 20:27:08) Run:1
Running from C:\Users\Birr\Desktop\Tools
Loaded Profiles: Birr (Available Profiles: Birr & Limited Guest & Mcx2 & Mcx3-OFFICE-VISTA-PC)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee Virtual Technician) - C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll => No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll => No File
S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [X]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 mfehidk01; \Device\mfehidk01.sys [X]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
C:\Users\Public\installer_eml_to_pst_converter.exe
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}\InprocServer32 -> C:\Program Files\UtilityChest_49\bar\1.bin\49SrcAs.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Birr\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\47.0.2526.106\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Users\Birr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll => not found.
C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Users\Birr\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll => not found.
C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
c:\progra~1\mcafee\msc\npmcsn~1.dll => not found.
ACDaemon => service removed successfully.
WPFFontCache_v0400 => service removed successfully.
MBAMSwissArmy => service removed successfully.
mfehidk01 => service removed successfully.
PCDSRVC{E9D79540-57D5953E-06020101}_0 => service removed successfully.
C:\Users\Public\installer_eml_to_pst_converter.exe => moved successfully
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{7a55cbb2-2b2e-4a41-9de1-6ac5d2c2be0a}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}" => key removed successfully.
"HKU\S-1-5-21-2627120174-714410872-1873172258-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully..
EmptyTemp: => 27.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 20:43:50 ====

[Corrine]

Hi, jebirr.

That was a lot of temp files removed:  "27.1 GB temporary data Removed."

Are you still getting the warning from WinPatrol regarding the "Z@Rxxxx.TMP" files?  Any reason why you haven't updated WinPatrol to the latest version?

[jebirr]

Upgraded to latest WinPatrol (just lazy on doing so).  Have not received an more warnings.  Did get a warning on reboot about Adobe Genuine Software Integrity Service (AGService).  Opted to go into system services, stop it and disable.  What little research I did made it appear it was just another lug on the system to make Adobe happy that user has genuine products. 

So I think I'm good. 

Curious what process you went thru to generate the script and what sort of decision making process used along the way (if you have time to explain).

Thanks for all your help.

Regards,

Jim

[Corrine]

Hi, Jim.

I'm glad Scotty is happy now.

Although there are many people in the security community who are so much more knowledgeable that I am, I've been reviewing logs and providing removal instructions for many years.  Of course, we couldn't do much of anything without the incredible developers who create the tools we use.  In your case, you didn't have any dodgy programs installed or apparent adware so it was simply a matter of addressing the leftovers and the ADS (Alternate Data Stream).  If you are interested in learning, there are a few security forums that provide free training to those who wish to help others on forums and I'd be happy to provide you with links to them.

Now, let's clean up the tools we used.   

Please download Delfix from here.

Ensure the following boxes are checked:

• Remove disinfection tools
  
• Create registry backup
  
• Purge system restore
  
  
• Click Run
  

The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.

[jebirr]

Thanks for the reply.  I am interested in links you mentioned to the security forums.

Below is output from DelFix.  Thanks again for all your help.   

DelFix v1.011 - Logfile created 13/01/2016 at 21:21:55
# Updated 18/08/2015 by Xplode
# Username : Birr - OFFICE-VISTA-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\AdwCleaner[C2].txt
Deleted : C:\AdwCleaner[S3].txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

[Corrine]

Hi, Jim.

Although there are others, below are three that I recommend.  I suggest you spend some time at each forum and decide which you are most comfortable at.  Only apply to one school.

What the Tech Classroom
GeekU at Geeks to Go Malware Removal Training
Malware Removal Training Program