Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with something - google keeps redirecting


  • This topic is locked This topic is locked
49 replies to this topic

#1 Chrisj8769

Chrisj8769

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 February 2015 - 08:42 AM

Infected with something, not sure - Welcome to Anywhere access setup wizard keeps popping up and google redirects when I click on links - there is also a digi docket on the side of my PC.  I did try running malwarebytes and adwcleaner prior to opening this case (yesterday) - it removed a lot, but problem still happening.  Didi docket advertisements on the lower right hand corner of my screen.

Any help would be greatly appreciated.  Thank you.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 February 2015 - 08:44 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by chrisj (administrator) on ITMANAGER on 26-02-2015 08:38:44
Running from C:\Users\chrisj.CHCHOMECARE\Downloads
Loaded Profiles: chrisj (Available profiles: chrisj & Administrator & Administrator & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
() C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
() C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp
() C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Novell\Client\nwtray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [NWTRAY] => C:\Program Files\Novell\Client\nwtray.exe [39992 2013-01-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-10] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-10-22] (AMD)
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe [610888 2014-10-07] (Citrix Online, LLC)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140509094701.dll (McAfee, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140509094701.dll (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://webex-user.pressganey.com/client/T27LD/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://qies-east.cms.gov/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.16 192.168.1.4

FireFox:
========
FF ProfilePath: C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Mozilla\Firefox\Profiles\tzqsx6mh.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: @citrixonline.com/appdetectorplugin -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\chrisj.CHCHOMECARE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Mozilla\Firefox\Profiles\tzqsx6mh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Extension: digi docket 1.0.1 - C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Mozilla\Firefox\Profiles\tzqsx6mh.default\Extensions\{5aa2dc97-2456-4fbe-88cb-7cb1d5a4c1a0}.xpi [2015-02-25]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-10] (Intel Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2014-05-09] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2014-05-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 petonuve; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp [168960 2015-02-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 pysucode; C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp [179712 2015-02-25] () [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-21] (Microsoft Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20536 2013-01-15] (Novell, Inc.)
R2 hotyfulu; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27120 2013-07-02] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [660976 2013-07-02] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2014-05-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2014-05-09] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2014-05-09] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2014-05-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2014-05-09] (McAfee, Inc.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112696 2013-01-15] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115256 2013-01-15] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90680 2013-01-15] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [120376 2013-01-15] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26680 2013-01-15] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31800 2013-01-15] (Novell, Inc.)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [55864 2013-01-15] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80952 2013-01-15] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [79416 2013-01-15] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [101944 2013-01-15] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49720 2013-01-15] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20024 2013-01-15] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84024 2013-01-15] (Novell, Inc.)
U3 nds4; C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys [129080 2013-01-15] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39480 2013-01-15] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [56376 2013-01-15] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [37944 2013-01-15] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25656 2013-01-15] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [36408 2013-01-15] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59960 2013-01-15] (Novell, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:38 - 2015-02-26 08:39 - 00026155 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\FRST.txt
2015-02-26 08:38 - 2015-02-26 08:38 - 00000000 ____D () C:\FRST
2015-02-26 08:37 - 2015-02-26 08:37 - 02087936 _____ (Farbar) C:\Users\chrisj.CHCHOMECARE\Downloads\FRST64.exe
2015-02-26 08:36 - 2015-02-26 08:36 - 01127424 _____ (Farbar) C:\Users\chrisj.CHCHOMECARE\Downloads\FRST(1).exe
2015-02-26 08:35 - 2015-02-26 08:35 - 01127424 _____ (Farbar) C:\Users\chrisj.CHCHOMECARE\Downloads\FRST.exe
2015-02-25 15:52 - 2015-02-25 15:52 - 02126848 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\AdwCleaner(1).exe
2015-02-25 15:46 - 2015-02-25 15:50 - 00003720 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\Rkill.txt
2015-02-25 15:39 - 2015-02-26 08:27 - 00001078 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\Continue Live Installation.lnk
2015-02-25 15:02 - 2015-02-25 16:12 - 00000168 _____ () C:\Windows\setupact.log
2015-02-25 15:02 - 2015-02-25 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 13:28 - 2015-02-25 13:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 13:28 - 2015-02-25 13:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Users\Administrator.ItManager\AppData\Roaming\Malwarebytes
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 13:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 13:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 13:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 13:27 - 2015-02-25 13:28 - 00003584 _____ () C:\Users\Administrator.ItManager\Desktop\Rkill.txt
2015-02-25 13:26 - 2014-06-13 09:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Administrator.ItManager\Desktop\rkill.exe
2015-02-25 13:26 - 2014-02-11 10:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator.ItManager\Desktop\mbam-setup-1.75.0.1300.exe
2015-02-25 13:25 - 2015-02-25 13:25 - 00000020 ___SH () C:\Users\Administrator.ItManager\ntuser.ini
2015-02-25 13:25 - 2015-02-25 13:25 - 00000000 ____D () C:\Users\Administrator.ItManager
2015-02-25 13:25 - 2014-05-09 12:34 - 00002102 _____ () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-25 13:25 - 2014-04-21 19:02 - 00000000 ___HD () C:\Users\Administrator.ItManager\Documents\hp.system.package.metadata
2015-02-25 13:25 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-25 13:25 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-25 13:19 - 2015-02-25 15:55 - 00034656 _____ () C:\Windows\PFRO.log
2015-02-25 13:11 - 2015-02-25 15:01 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Local\SmartWeb
2015-02-25 13:01 - 2015-02-25 16:17 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49
2015-02-25 13:00 - 2015-02-25 13:12 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49
2015-02-25 11:46 - 2015-02-25 11:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-18 10:53 - 2015-02-18 10:53 - 00452424 _____ (Bleeping Computer, LLC) C:\Users\chrisj.CHCHOMECARE\Downloads\ListCWall.exe
2015-02-12 14:19 - 2015-02-12 14:19 - 00019364 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\Abbreviations(CSD-A-01).xlsx
2015-02-11 15:57 - 2015-02-11 16:13 - 00145408 _____ () C:\Users\chrisj.CHCHOMECARE\Documents\Publication1.pub
2015-02-10 13:45 - 2015-02-10 13:45 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-02-10 10:22 - 2015-02-10 10:24 - 437490266 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\sag-hipaa_cbt-feb_2012.zip
2015-02-09 12:18 - 2015-02-09 12:18 - 00000000 ____D () C:\Users\Public\Documents\ntr
2015-02-09 12:17 - 2015-02-25 13:03 - 00000000 ____D () C:\Program Files (x86)\N-able Technologies
2015-02-04 08:13 - 2015-02-04 08:13 - 08288845 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\MobileWyse10.65.04.zip
2015-02-03 12:21 - 2015-02-03 12:21 - 00007214 _____ () C:\Users\chrisj.CHCHOMECARE\Documents\MMVisitvsActual.xlsx
2015-01-29 10:48 - 2015-01-29 10:50 - 00080150 _____ () C:\Users\chrisj.CHCHOMECARE\Documents\AppRiver's Portal - Admin - SpamLab - Statistics.htm
2015-01-29 10:48 - 2015-01-29 10:49 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Documents\AppRiver's Portal - Admin - SpamLab - Statistics_files
2015-01-27 10:31 - 2015-02-25 13:01 - 00000000 ____D () C:\Quarantine

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-26 08:35 - 2014-05-06 09:20 - 01766328 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 08:24 - 2014-05-12 07:26 - 00004990 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {763ace4e-ca6b-4cfd-90e5-9999aaf4a457} ItManager.chchomecare.org
2015-02-26 08:17 - 2014-05-09 13:19 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Documents\Outlook Files
2015-02-26 08:13 - 2014-05-06 11:31 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2015-02-26 08:11 - 2014-05-09 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 16:26 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 16:26 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 16:16 - 2009-07-14 00:13 - 00944424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 16:12 - 2014-05-06 11:32 - 00020092 __RSH () C:\ProgramData\ntuser.pol
2015-02-25 16:12 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-25 15:20 - 2014-05-06 11:34 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA409FD-F4C2-4153-B051-BEB4C005CCEF}
2015-02-25 15:02 - 2014-05-09 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 13:19 - 2014-05-09 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 13:18 - 2014-05-08 14:53 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\uTorrent
2015-02-25 13:15 - 2014-05-13 13:44 - 00000000 ____D () C:\torrents
2015-02-25 13:08 - 2014-05-08 14:04 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\FileZilla
2015-02-25 13:07 - 2014-06-24 07:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 13:07 - 2011-02-11 15:13 - 00000000 ____D () C:\Windows\Panther
2015-02-25 12:16 - 2014-05-08 14:36 - 00002248 ____H () C:\Users\chrisj.CHCHOMECARE\Documents\Default.rdp
2015-02-24 12:27 - 2014-07-28 07:57 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\webex
2015-02-23 08:28 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-23 08:06 - 2014-05-09 09:21 - 00000000 ____D () C:\Temp
2015-02-19 11:51 - 2014-05-08 14:13 - 00000000 ____D () C:\hhgold
2015-02-14 12:41 - 2011-02-11 15:29 - 00961518 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-14 12:38 - 2014-05-08 14:28 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-13 13:27 - 2014-12-04 08:54 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Desktop\Scans
2015-02-10 13:45 - 2014-05-06 11:34 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Adobe
2015-02-06 14:27 - 2014-05-09 09:34 - 00001200 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\WyseSync.lnk
2015-02-05 14:11 - 2014-05-09 10:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 14:11 - 2014-05-09 10:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 14:11 - 2014-05-09 10:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-29 08:30 - 2014-05-14 14:56 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\PrimoPDF

==================== Files in the root of some directories =======

2014-08-14 08:15 - 2014-08-14 08:15 - 0022074 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Comma Separated Values.ADR
2014-05-09 11:30 - 2014-05-09 11:30 - 0099384 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\inst.exe
2014-05-09 11:30 - 2014-05-09 11:30 - 0007859 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.cat
2014-05-09 11:30 - 2014-05-09 11:30 - 0001167 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.inf
2014-05-09 11:30 - 2014-05-09 11:30 - 0000055 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.log
2014-05-09 11:30 - 2014-05-09 11:30 - 0082816 _____ (VSO Software) C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.sys
2014-05-09 13:27 - 2014-05-09 13:27 - 0000186 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-08 13:50 - 2014-05-08 13:50 - 0000315 _____ () C:\ProgramData\NCIDebug.log

Files to move or delete:
====================
C:\Users\chrisj.CHCHOMECARE\g2ax_expert_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\chrisj\AppData\Local\Temp\uninstall.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\Quarantine.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:41

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by chrisj at 2015-02-26 08:39:18
Running from C:\Users\chrisj.CHCHOMECARE\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8C67668E-BA6F-8F50-A4BC-5D4D6888C015}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
digi docket (HKLM\...\digi docket) (Version: 2015.02.25.140428 - digi docket) <==== ATTENTION
DVDFab 8.1.6.8 (17/03/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
GoToAssist Expert 2.2.0.758 (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\GoToAssist Remote Support Expert) (Version: 2.2.0.758 - Citrix Online)
GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HHG Professional  8.5.0 (HKLM-x32\...\HHGOLD.exe_is1) (Version: 8.5.0 - The Manager, Inc.)
HomeCare Billing Solution (HKLM-x32\...\{2F37410B-2E26-41E1-9350-1473E71185A3}) (Version: 1.1.6.30 - HAS)
HP Documentation (HKLM-x32\...\{2B17D65C-D9EC-439C-9F42-5E35BBD95B7A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Performance Advisor (HKLM-x32\...\{3183E2B8-1B3B-4671-AB66-547AD62A78F1}) (Version: 1.6.5725 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.2.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
InfoTransfer (HKLM-x32\...\{FFD13DB5-97DD-4FFF-A29F-CCD9F3F69F6E}) (Version: 2.0.0.10 - Press Ganey Associates, Inc)
Install Graph 8.0 (HKLM-x32\...\Install Graph_is1) (Version:  - The Manager, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LifeStream 4.9.0 (HKLM-x32\...\LifeStream_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.01000 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OLE DB Provider for Visual FoxPro (HKLM-x32\...\{CD5DC4AA-7D62-48D9-B756-5925471001FE}) (Version: 9.0.0.3504 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{421B88F8-D7C9-44CB-8B73-166D65B18DCC}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NICI U.S./Worldwide 2.77.1.0 (x64) (HKLM\...\{123B3157-26AF-43F5-AD46-AB200AC56292}) (Version: 2.77.1.0 - Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version: 2 SP3 - Novell, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OfficeWyse (HKLM-x32\...\{E4D3B24B-6BF2-42D1-933C-2B7775A685C9}) (Version:  - )
OmniForm Premium 5.0 (HKLM-x32\...\{D9E2AA0C-078F-491E-A728-1A621ADF9900}) (Version: 5.00.029 - ScanSoft, Inc.)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 14.0 (HKLM-x32\...\{48FF40D4-2071-4EC0-8BD5-2E7D69A38CE2}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Enterprise Solutions: Nonprofit Edition 14.0 (HKLM-x32\...\{439ACB20-4C55-49AE-983D-F885FF1D231A}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
RDLC Prerequisites (HKLM-x32\...\{5D230134-DABC-4396-B84D-7028BE8302F5}) (Version: 1.0.0003 - HealthWyse)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Secure MS Outlook Toolbar (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\9386fa792bf58592) (Version: 4.10.14279.3 - Secure Messaging)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
SQL Anywhere 12 (HKLM\...\{1DFA77E6-91B2-4DCC-B8BE-98EA70705D39}) (Version: 12.1.3505 - iAnywhere Solutions, Inc.)
Symantec Installation Manager (x32 Version: 7.5.240 - Symantec) Hidden
Symantec Platform and Solutions (HKLM\...\Altiris Installation Manager) (Version: 7.5.240 - Symantec Corporation)
Unity Web Player (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VFP 9 (HKLM-x32\...\VFP Runtime 9_is1) (Version:  - )
VideoCam Suite 3.5 (HKLM-x32\...\{66D97020-1814-4DA8-A2AC-7CAED535F2D1}) (Version: 3.05.009.1033 - Panasonic Corporation)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{02E9C6B0-2B7D-3781-8EDF-4E003E5FC2A2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{0391C481-8D3C-3F23-AE3F-4152B84C2AB9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{045350FA-8012-369D-ADF7-ECA29498EE62}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{046550D7-F958-3CDC-93E7-E91E22E8563C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{063DEC94-E425-3763-96BC-26AAA2B9003B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{08FAFD43-8E07-3FB9-BAF3-53CF4BBA6DD3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{0CF86CE6-B264-3955-9B89-22C858C175AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{1246B5FC-052C-3E2A-94FD-26E7435044DB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{15821BD4-0327-36C3-B8D3-B16A629B9BF1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{168E12C5-1C8E-3D19-974A-6408C1666929}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{17C7583C-FF0C-3607-AFB8-3FDEE6B28E41}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{190E3BB4-01D2-30C4-B145-CEEE32C1F65D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{1ABC4082-B1F1-35B8-B33A-59CCDA7E7F77}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{239FDE2D-6782-3499-B6D4-1491890C4AD8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2771A246-2CA1-3785-BC7B-5334D9A901FA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2ACA4F24-A63D-3671-8053-E87C615A0844}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2B440102-C706-30A9-86CB-E6E75AF47CA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2D5542CA-837D-37BD-9FCC-C361B78AA11B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2F24FE06-7173-3EA8-A81A-0D54D20BAB22}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2F7B468D-336C-3DF7-A919-16F0E1140FD4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2FE09CFF-D51B-38F3-B38D-9F6DC28B7418}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{31F353B8-5708-3529-B068-8A20802E9740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3244FBA7-4C38-3651-AF26-6C082E36FF5F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{33ECC9DD-58B8-3878-906F-BC8B6D3BC196}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{34176F5A-4EAB-3106-8526-AC61AD1CDD35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{348AF7F9-F7C2-3052-819A-5950A90DB038}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{35D8B0D6-3367-393A-AD11-A6186373FFBD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{36AAEC16-00A4-3BE3-AA53-12C8122A3FD2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{37771620-2352-384C-9BEB-7019A75A2992}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{37DFEE4A-B031-3E2C-AFFF-EB8C683B416A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{38957EC4-77D6-3467-B7D3-5E7536E5B24C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{38D66DAE-53F4-3F64-9FD5-1E950881859D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3B5BC331-26CD-347A-877E-FA0DFA0AF065}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3B8B01BC-04A8-304E-B4A5-4D425E60772A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3EB17872-7DAE-3998-9E27-F3AEF9B78C11}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3EBAAB52-EFD5-3209-BB66-831A7374592B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{402C6E58-2CC1-3F26-9B85-5D3F21BE76F7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{402F72CE-3470-3D44-9950-148DCB3389D3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{42FC9F3C-B22E-367C-B2FD-D638E664E31A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4665DCAD-2C5A-340F-965E-B26B740076E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{46F57B08-7DD1-36C3-A7A9-2DCA04378F15}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{48433022-67BA-3334-AD7F-293BC76191FD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{48FC708B-2845-35E6-B0AB-02509DD59499}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4A0D5316-3CDF-3D19-9AB2-3F40BDD75A85}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C02120F-95E5-3E51-AB91-47B9353D548F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C5D2E3B-6CC3-3F78-B0AF-7310B5552CFC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C8914AB-0A5C-34C1-AFDE-833D6F0AAEE9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4CDE8A98-7158-3A97-A048-F528DD46B8AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4F262985-989F-3031-B1A6-06C6E5F330A5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4FC6EF9B-BD8D-3103-B27D-DFAF0FDEC66D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{54D8C200-43D0-32FF-9F31-BBF0F5B8E784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{58234081-5437-37F8-A4EA-7C92DF984290}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{596E670B-6F9B-3B48-B2B2-C7741B9E183B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5A4A1C27-8B20-3392-B5B5-6B07CEBCA451}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5A87DCA2-108F-36E0-A7F8-7CE4E985BEF6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5FEDB19A-1E41-39E8-BED2-71C405D6BA7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{619E5BF6-7832-3C74-97D0-69A59DBBAD97}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{61A86EC8-3416-3344-8825-163658BCA2D7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{68D0B881-653D-3C8E-9AB7-841A4AC62092}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6A06052F-0805-3B24-B029-13D134DC8B91}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6BA8E6E0-D310-3E63-8443-A860D4A35963}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6C96F1DB-799C-3C42-93F7-397D7DC71C46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6FADEF0B-588E-39CD-BEBD-DD30315069B5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7043C39E-07C4-362C-9559-6623F60AA288}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{70F59F6C-178D-3C4F-8A61-389C32582D0A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{722E09DD-9B79-30F8-9CA7-944CE9FA1A12}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7336FF50-C320-3A11-AE4D-E8FD01D4FFD7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{74E247DD-CFCF-3107-9E7F-1EF2078E04E4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{74FE6081-E61C-3B79-93C1-03FCC7D2FF7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7861534E-DC86-3A1C-A18B-EABB016F5720}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{794CF8BF-6D83-38E8-9EC0-5EF5174FC63E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7980D4F9-BC5F-323C-BD07-87DD3656A8CD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7CED20EE-9CF0-3439-AA3D-BA2B50B3D1F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8258662B-21C6-3886-BD97-A3589DDF9F96}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{82F34FB2-8320-3D81-875A-E5CF1D6D7814}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{851418EE-4D45-31A8-A973-AC376E20E512}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{880FC8FB-1D01-30F7-A84E-15B19C787470}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{89D62DAB-1A56-3F88-B489-5F6F6E5F48A2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{89E25728-F5DC-392B-B470-B1F062CC8723}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8AA8CE96-ABFF-37FA-81D5-5B8F37F2403F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8B9F70F4-1F7C-3093-AC90-16524CAECF70}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8EA84661-C9D0-35D1-8496-37E4831C1A90}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8FF3D0DE-5E1D-306F-934D-2F571FD69309}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{940242B4-99DF-37E7-B04A-25378AB8E68E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{97F9D3C9-A844-3A06-AC0A-7D0EFEE25F08}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{99AD8422-7EE2-36E7-A19A-3C1B9720BAB7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A2F22558-69FE-3FB6-99D8-7C3B339C19D4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A65D60EF-E6FC-3F48-9CA4-EF41133E104F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A85A47F8-E8DD-3853-A07E-97ECEAF2F253}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A88BC559-1566-3142-BF06-59DD58565187}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A8C94358-F602-3250-B079-10F6F2A14EFE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A9F0EC49-5379-33FB-98F5-D3BEB2FD4268}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{ADA74C45-C4A4-306C-940F-C68EDCCE1B14}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{AFB8F8EB-5A13-3BF4-84C0-7E1F7552E41C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B52A8215-2781-364A-AB21-8020529D8D0A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B6EE950B-CDB4-3C3D-9634-19594D5F4CF5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B9CDC547-2DA8-3786-A819-17082B6BD23B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BAA2EC70-5DAD-35C7-B488-37FB293AD801}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BCE5B6AE-52EC-3887-BDA5-73A878CB3DBB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BF363C71-C3C2-3006-BF0A-2B51A325AF14}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C0A78D98-2A22-31A6-8D58-F9E770C727A0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C7D0AE2C-1401-3E4C-8AE8-2A54E76F43C0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C801C54C-CC28-3330-ACF8-50909886507E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C8D9CF00-AFFC-3C44-8330-C9E6DD8771BF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CA964CAB-84BF-340F-BA61-D28AEF33900B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CC348802-7CDD-3497-866B-B32AABEA7A7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CE2FB0FB-E6E0-389D-8A46-362894E38757}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D14FED53-E09F-308F-85C1-98D49E310157}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D250FD69-B9F5-3EE8-8C93-D1E92492B77D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D447B66D-F21D-3D07-8A80-C89C328A2808}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D45646A6-6D48-30A0-8888-DD198DB8AB89}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D5E56A34-2BF2-3580-B98E-B8F47CFA8146}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D75D3A15-3BCA-3A87-9393-B264348A6DB8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DC4B9997-DF3E-3853-B27B-C72F9F59774A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DD67443C-6E9D-439D-8EC0-3251F678ADA1}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Apps\2.0\HPQKZE0B.YAQ\97X61BHP.N03\secu..lbar_95b2ee78f4d9b2db_0004.000a_1b4005bd5a54fcad\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DE522B15-5362-3B8F-BF8F-D400B62D53F0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DE989E65-7C09-31B4-B98A-FC10091DCDBD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DEAF5BFD-D8C8-3C1C-BA16-6B99C99B194B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E0612FC5-3A4C-334A-B901-99FAB8139DC6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E1493CEF-6477-3EE6-B3D6-F426D4AC697A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E4B84D04-3869-317C-93A2-6A081E63059E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E7B8E99E-996C-3C32-82C3-B98899E21F8F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E9F3B29A-658C-3B17-B8D5-1914CFE84EB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EB7FD8AC-B3DD-35B1-AAAF-FACA81248D72}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EE3A8FDD-1477-32C9-9D09-031F798C2B04}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EE68214A-8EC6-3D3B-AA62-E5A6E4A68C4F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EF323861-D3AF-3579-8B1A-25371A8B4EFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F007C87A-7814-37A1-8D1D-7D738840646D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F1A21E60-B53B-331E-9DD1-94F667751848}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F29DAB07-4CAB-38EB-AE28-4BE8B6A0B551}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F2B2F28D-303E-3C84-AAC3-052E73F594CC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F4E37838-BE98-34AA-85A9-0503D53953A9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F615736B-25F9-3EC8-90FE-284AD620422F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F8C4311F-639B-3F78-BD5B-3ACD22B6D26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{FCA2B2D9-0463-37C0-A5C1-0B2D0F50D8B1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{FF7946B3-D27F-3B77-8793-79BB39FFD533}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points  =========================

06-02-2015 00:00:02 Scheduled Checkpoint
13-02-2015 17:27:10 Scheduled Checkpoint
21-02-2015 00:00:02 Scheduled Checkpoint
25-02-2015 13:01:07 Removed Windows Agent.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-12 08:28 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0EC018-E5FF-48A9-A52A-16A178B0AB3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {2442EC2E-0356-42E5-9C83-064E6E312978} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3133D515-9F4E-42EC-9171-09FA0092C995} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {698C57FE-86DA-400C-BFE5-7C844AEB0B33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7D284589-B682-4A98-B7D0-A8CE30743B67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {C2C2D9A4-D36F-4EED-B400-09FF589503EB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E6689ED4-37F5-416B-8854-99AA1BF79AA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDC9BD30-F8BE-4C9A-A11B-72016FB516E6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {763ace4e-ca6b-4cfd-90e5-9999aaf4a457} ItManager.chchomecare.org => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {FC1D4356-A8E9-4E92-9E15-9CA59D0E056A} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-15 23:17 - 2013-01-15 23:17 - 00048696 _____ () C:\Windows\system32\ncv1_0.DLL
2013-01-15 23:17 - 2013-01-15 23:17 - 01004088 _____ () C:\Windows\system32\ncnetprovider.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00109112 _____ () C:\Windows\system32\NCLangID.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00174648 _____ () C:\Windows\system32\MAPBASE.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00272440 _____ () C:\Windows\system32\NWSHLXNT.dll
2013-01-16 11:02 - 2013-01-16 11:02 - 00015872 _____ () C:\Windows\system32\nls\ENGLISH\NCLangIDR.DLL
2013-01-16 11:06 - 2013-01-16 11:06 - 00086016 _____ () C:\Windows\system32\nls\ENGLISH\MAPBASER.DLL
2013-01-16 11:07 - 2013-01-16 11:07 - 00101376 _____ () C:\Windows\system32\nls\ENGLISH\NWSHLXNTR.DLL
2013-01-16 11:08 - 2013-01-16 11:08 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\ncnetproviderR.DLL
2014-05-08 14:35 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00152120 _____ () C:\Program Files\Novell\Client\XTier\Common\libslp.dll
2014-05-13 04:31 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-25 13:01 - 2015-02-25 13:01 - 00203776 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs
2015-02-25 13:01 - 2015-02-25 13:01 - 00168960 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp
2015-02-25 13:01 - 2015-02-25 13:01 - 00179712 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp
2014-11-23 05:44 - 2014-12-23 14:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00039992 _____ () C:\Program Files\Novell\Client\nwtray.exe
2013-01-15 23:17 - 2013-01-15 23:17 - 01004088 _____ () C:\Windows\system32\NCNetProvider.DLL
2013-01-16 11:08 - 2013-01-16 11:08 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\NCNetProviderR.DLL
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-09-14 19:08 - 2011-09-14 19:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2014-04-21 19:10 - 2013-07-10 18:16 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\boost_regex-vc100-mt-1_47.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBCompressor.dll
2013-12-02 13:27 - 2013-12-02 13:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\zlib1.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBMAPILibrary.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\boost_serialization-vc100-mt-1_47.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\FtuEngine.dll
2014-06-26 12:53 - 2014-06-26 12:53 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\BackupLib.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBProActiveCore.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\FeaturesBridge.dll
2014-06-26 12:55 - 2014-06-26 12:55 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\mbpopup.dll
2014-06-26 09:56 - 2014-06-26 09:56 - 00146248 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\qbar.dll
2014-04-21 19:13 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-23 05:41 - 2014-11-23 05:41 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-29 08:11 - 2014-10-29 08:11 - 00520192 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Local\Apps\2.0\HPQKZE0B.YAQ\97X61BHP.N03\secu..lbar_95b2ee78f4d9b2db_0004.000a_1b4005bd5a54fcad\adxloader.dll
2013-12-21 01:04 - 2013-12-21 01:04 - 03989888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-12-23 03:35 - 2015-01-06 04:36 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-02-05 14:11 - 2015-02-05 14:11 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Maintenance Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Service => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Control Panel\Desktop\\Wallpaper -> C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.16 - 192.168.1.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-580940083-1041192238-1244669225-500 - Administrator - Enabled) => C:\Users\Administrator.ItManager
Guest (S-1-5-21-580940083-1041192238-1244669225-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 03:43:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 03:03:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (4488) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\Windows\WebCache\V0100164.log.

Error: (02/25/2015 01:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wotlttxdlh.exe, version: 1.36.1.22, time stamp: 0x50be00b6
Faulting module name: InstallerUtils.dll, version: 0.0.0.0, time stamp: 0x54edb2db
Exception code: 0xc0000005
Fault offset: 0x0001b731
Faulting process id: 0x2820
Faulting application start time: 0xWotlttxdlh.exe0
Faulting application path: Wotlttxdlh.exe1
Faulting module path: Wotlttxdlh.exe2
Report Id: Wotlttxdlh.exe3

Error: (02/25/2015 01:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wotlttxdlh.exe, version: 1.36.1.22, time stamp: 0x50be00b6
Faulting module name: InstallerUtils.dll, version: 0.0.0.0, time stamp: 0x54edb2db
Exception code: 0xc0000005
Fault offset: 0x0001b731
Faulting process id: 0x2bf8
Faulting application start time: 0xWotlttxdlh.exe0
Faulting application path: Wotlttxdlh.exe1
Faulting module path: Wotlttxdlh.exe2
Report Id: Wotlttxdlh.exe3

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


System errors:
=============
Error: (02/25/2015 04:21:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/25/2015 04:18:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (02/25/2015 04:10:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA}

Error: (02/25/2015 04:01:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBIDPService service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/25/2015 03:43:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestK:\esetsmartinstaller_enu.exe

Error: (02/25/2015 03:03:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost4488WebCacheLocal: C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\Windows\WebCache\V0100164.log-1811

Error: (02/25/2015 01:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wotlttxdlh.exe1.36.1.2250be00b6InstallerUtils.dll0.0.0.054edb2dbc00000050001b731282001d05126a1ebb567C:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nsi4B79.tmp\Wotlttxdlh.exeC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nss51D0.tmp\InstallerUtils.dlle262309d-bd19-11e4-97b1-a0481c981d49

Error: (02/25/2015 01:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wotlttxdlh.exe1.36.1.2250be00b6InstallerUtils.dll0.0.0.054edb2dbc00000050001b7312bf801d051269232099bC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nshE3E0.tmp\Wotlttxdlh.exeC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nsxEAF3.tmp\InstallerUtils.dlld31245d6-bd19-11e4-97b1-a0481c981d49

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


CodeIntegrity Errors:
===================================
  Date: 2015-02-23 08:24:49.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-23 08:16:36.172
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-18 09:59:39.575
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-16 10:18:37.000
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 07:15:22.316
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 07:01:41.372
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 06:52:45.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-02-02 06:46:35.581
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-28 09:35:43.829
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-03 08:34:46.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5-1660 v2 @ 3.70GHz
Percentage of memory in use: 22%
Total physical RAM: 16307.79 MB
Available physical RAM: 12593 MB
Total Pagefile: 32613.75 MB
Available Pagefile: 28802.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.09 GB) (Free:326.11 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.89 GB) (Free:1.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (DATA) (Network) (Total:250 GB) (Free:213.02 GB) NTFS
Drive g: (VOL1) (Network) (Total:126.01 GB) (Free:88.62 GB) NcFsd
Drive h: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive i: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive j: (APPS) (Network) (Total:410.1 GB) (Free:108.78 GB) NTFS
Drive l: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive m: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive o: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive p: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive x: (SYS) (Network) (Total:89.01 GB) (Free:63.81 GB) NcFsd
Drive y: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive z: (SYS) (Network) (Total:89.01 GB) (Free:63.81 GB) NcFsd

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD182395)
Partition 1: (Active) - (Size=800 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#3 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 March 2015 - 01:29 PM

Just wanted to add - I just noticed that in C:\Documents and Settings, C:\Recovery, C:\System Volume Information all have a lock on the folders and I can't access them.

Also - when I go into MY Documents - - My Music, My Pictures, My Videos all have locks on them also and can't access.

Just wanted to give you this info in case helpful.  Thank you.



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 AM

Posted 03 March 2015 - 08:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568359 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 03 March 2015 - 08:56 AM

FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by chrisj (administrator) on ITMANAGER on 03-03-2015 08:54:56
Running from C:\Users\chrisj.CHCHOMECARE\Downloads
Loaded Profiles: chrisj (Available profiles: chrisj & Administrator & Administrator & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Novell, Inc.) C:\Program Files\Novell\Client\XTier\Services\xtsvcmgr.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
() C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
() C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp
() C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\Novell\Client\nwtray.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_comm_expert.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_user_expert.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-09] (Realtek Semiconductor)
HKLM\...\Run: [NWTRAY] => C:\Program Files\Novell\Client\nwtray.exe [39992 2013-01-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-10] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-06] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-09-14] (McAfee, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-10-22] (AMD)
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\758\g2ax_start.exe [610888 2014-10-07] (Citrix Online, LLC)
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 ncv1_0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VideoCam Suite.lnk
ShortcutTarget: VideoCam Suite.lnk -> C:\Program Files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe (Panasonic Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM14/19
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140509094701.dll (McAfee, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140509094701.dll (McAfee, Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://webex-user.pressganey.com/client/T27LD/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://qies-east.cms.gov/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.16 192.168.1.4

FireFox:
========
FF ProfilePath: C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Mozilla\Firefox\Profiles\tzqsx6mh.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: @citrixonline.com/appdetectorplugin -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\chrisj.CHCHOMECARE\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1957994488-57989841-1801674531-1167: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Mozilla\Firefox\Profiles\tzqsx6mh.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-05-09]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-05-09]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-08-12] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-08-12] (CyberLink)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-10] (Intel Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199008 2014-05-09] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2014-05-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 petonuve; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp [168960 2015-02-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 pysucode; C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp [179712 2015-02-25] () [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-12-02] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-21] (Microsoft Corporation)
R2 XTSvcMgr; C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe [20536 2013-01-15] (Novell, Inc.)
R2 hotyfulu; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [27120 2013-07-02] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [660976 2013-07-02] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158712 2014-05-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2014-05-09] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642952 2014-05-09] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2014-05-09] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2014-05-09] (McAfee, Inc.)
R0 NCFilter; C:\Windows\System32\DRIVERS\NCFilter.sys [112696 2013-01-15] ()
R2 NCFSD; C:\Program Files\Novell\Client\XTier\Drivers\ncfsd.sys [115256 2013-01-15] ()
R2 NCIOCTL; C:\Program Files\Novell\Client\XTier\Drivers\ncioctl.sys [90680 2013-01-15] ()
R0 NCRecognizer; C:\Windows\System32\DRIVERS\NCRecognizer.sys [120376 2013-01-15] ()
R0 NCUncFilter; C:\Windows\System32\DRIVERS\NCUncFilter.sys [26680 2013-01-15] ()
R1 NICM; C:\Program Files\Novell\Client\XTier\Drivers\nicm.sys [31800 2013-01-15] (Novell, Inc.)
U3 nccache; C:\Program Files\Novell\Client\XTier\Drivers\nccache.sys [55864 2013-01-15] (Novell, Inc.)
U3 nciom; C:\Program Files\Novell\Client\XTier\Drivers\nciom.sys [80952 2013-01-15] (Novell, Inc.)
U3 ncp; C:\Program Files\Novell\Client\XTier\Drivers\ncp.sys [79416 2013-01-15] (Novell, Inc.)
U3 ncpfsp; C:\Program Files\Novell\Client\XTier\Drivers\ncpfsp.sys [101944 2013-01-15] (Novell, Inc.)
U3 ncpl; C:\Program Files\Novell\Client\XTier\Drivers\ncpl.sys [49720 2013-01-15] (Novell, Inc.)
U3 ndm; C:\Program Files\Novell\Client\XTier\Drivers\ndm.sys [20024 2013-01-15] (Novell, Inc.)
U3 ndmndap; C:\Program Files\Novell\Client\XTier\Drivers\ndmndap.sys [84024 2013-01-15] (Novell, Inc.)
U3 nds4; C:\Program Files\Novell\Client\XTier\Drivers\nds4.sys [129080 2013-01-15] (Novell, Inc.)
U3 niam; C:\Program Files\Novell\Client\XTier\Drivers\niam.sys [39480 2013-01-15] (Novell, Inc.)
U3 nipctl; C:\Program Files\Novell\Client\XTier\Drivers\nipctl.sys [56376 2013-01-15] (Novell, Inc.)
U3 nscm; C:\Program Files\Novell\Client\XTier\Drivers\nscm.sys [37944 2013-01-15] (Novell, Inc.)
U3 nsns; C:\Program Files\Novell\Client\XTier\Drivers\nsns.sys [25656 2013-01-15] (Novell, Inc.)
U3 nsvccost; C:\Program Files\Novell\Client\XTier\Drivers\nsvccost.sys [36408 2013-01-15] (Novell, Inc.)
U3 xtxplat; C:\Program Files\Novell\Client\XTier\Drivers\xtxplat.sys [59960 2013-01-15] (Novell, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 08:54 - 2015-03-03 08:54 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Downloads\FRST-OlderVersion
2015-02-27 08:03 - 2015-02-27 08:03 - 06372800 _____ (Tim Kosse) C:\Users\chrisj.CHCHOMECARE\Downloads\FileZilla_3.10.1.1_win32-setup.exe
2015-02-26 11:51 - 2015-02-26 11:51 - 02126848 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\AdwCleaner(1).exe
2015-02-26 08:39 - 2015-02-26 08:40 - 00061714 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\Addition.txt
2015-02-26 08:38 - 2015-03-03 08:54 - 00026141 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\FRST.txt
2015-02-26 08:38 - 2015-03-03 08:54 - 00000000 ____D () C:\FRST
2015-02-26 08:37 - 2015-03-03 08:54 - 02092544 _____ (Farbar) C:\Users\chrisj.CHCHOMECARE\Downloads\FRST64.exe
2015-02-25 15:46 - 2015-02-25 15:50 - 00003720 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\Rkill.txt
2015-02-25 15:02 - 2015-03-02 15:27 - 00001130 _____ () C:\Windows\setupact.log
2015-02-25 15:02 - 2015-02-25 15:02 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 13:28 - 2015-02-25 13:29 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 13:28 - 2015-02-25 13:28 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Users\Administrator.ItManager\AppData\Roaming\Malwarebytes
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-25 13:28 - 2015-02-25 13:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-25 13:28 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-25 13:28 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-25 13:28 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-25 13:27 - 2015-02-25 13:28 - 00003584 _____ () C:\Users\Administrator.ItManager\Desktop\Rkill.txt
2015-02-25 13:26 - 2014-06-13 09:38 - 01940216 _____ (Bleeping Computer, LLC) C:\Users\Administrator.ItManager\Desktop\rkill.exe
2015-02-25 13:26 - 2014-02-11 10:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Administrator.ItManager\Desktop\mbam-setup-1.75.0.1300.exe
2015-02-25 13:25 - 2015-02-25 13:25 - 00000020 ___SH () C:\Users\Administrator.ItManager\ntuser.ini
2015-02-25 13:25 - 2015-02-25 13:25 - 00000000 ____D () C:\Users\Administrator.ItManager
2015-02-25 13:25 - 2014-05-09 12:34 - 00002102 _____ () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2015-02-25 13:25 - 2014-04-21 19:02 - 00000000 ___HD () C:\Users\Administrator.ItManager\Documents\hp.system.package.metadata
2015-02-25 13:25 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-25 13:25 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Administrator.ItManager\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-25 13:19 - 2015-02-25 15:55 - 00034656 _____ () C:\Windows\PFRO.log
2015-02-25 13:11 - 2015-02-25 15:01 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Local\SmartWeb
2015-02-25 13:01 - 2015-03-02 15:33 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49
2015-02-25 13:00 - 2015-02-25 13:12 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49
2015-02-25 11:46 - 2015-02-25 11:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-12 14:19 - 2015-02-12 14:19 - 00019364 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\Abbreviations(CSD-A-01).xlsx
2015-02-11 15:57 - 2015-02-11 16:13 - 00145408 _____ () C:\Users\chrisj.CHCHOMECARE\Documents\Publication1.pub
2015-02-10 13:45 - 2015-02-10 13:45 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-02-10 10:22 - 2015-02-10 10:24 - 437490266 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\sag-hipaa_cbt-feb_2012.zip
2015-02-09 12:18 - 2015-02-09 12:18 - 00000000 ____D () C:\Users\Public\Documents\ntr
2015-02-09 12:17 - 2015-02-25 13:03 - 00000000 ____D () C:\Program Files (x86)\N-able Technologies
2015-02-04 08:13 - 2015-02-04 08:13 - 08288845 _____ () C:\Users\chrisj.CHCHOMECARE\Downloads\MobileWyse10.65.04.zip
2015-02-03 12:21 - 2015-02-03 12:21 - 00007214 _____ () C:\Users\chrisj.CHCHOMECARE\Documents\MMVisitvsActual.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 08:52 - 2014-05-06 11:34 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7BA409FD-F4C2-4153-B051-BEB4C005CCEF}
2015-03-03 08:51 - 2015-01-27 10:31 - 00000000 ____D () C:\Quarantine
2015-03-03 08:47 - 2014-05-08 14:36 - 00002252 ____H () C:\Users\chrisj.CHCHOMECARE\Documents\Default.rdp
2015-03-03 08:28 - 2014-05-12 07:26 - 00004988 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {763ace4e-ca6b-4cfd-90e5-9999aaf4a457} ItManager.chchomecare.org
2015-03-03 08:21 - 2014-05-09 13:19 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Documents\Outlook Files
2015-03-03 08:18 - 2014-05-06 11:31 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2015-03-03 08:11 - 2014-05-09 10:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 04:49 - 2014-05-06 09:20 - 02081206 _____ () C:\Windows\WindowsUpdate.log
2015-03-02 15:41 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:41 - 2009-07-13 23:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 15:32 - 2009-07-14 00:13 - 00944424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 15:27 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 15:26 - 2014-05-08 14:53 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\uTorrent
2015-03-02 13:52 - 2014-05-13 13:44 - 00000000 ____D () C:\torrents
2015-03-02 08:00 - 2014-05-06 11:32 - 00020092 __RSH () C:\ProgramData\ntuser.pol
2015-02-27 08:24 - 2014-05-09 09:03 - 00000000 ____D () C:\OfficeWyse
2015-02-27 08:21 - 2014-05-09 09:03 - 00000000 ____D () C:\HealthWyse
2015-02-27 08:07 - 2014-05-08 14:04 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\FileZilla
2015-02-25 15:02 - 2014-05-09 12:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-25 13:19 - 2014-05-09 13:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-25 13:07 - 2014-06-24 07:17 - 00000000 ____D () C:\Windows\Minidump
2015-02-25 13:07 - 2011-02-11 15:13 - 00000000 ____D () C:\Windows\Panther
2015-02-24 12:27 - 2014-07-28 07:57 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\webex
2015-02-23 08:28 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-23 08:06 - 2014-05-09 09:21 - 00000000 ____D () C:\Temp
2015-02-19 11:51 - 2014-05-08 14:13 - 00000000 ____D () C:\hhgold
2015-02-14 12:41 - 2011-02-11 15:29 - 00961518 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-14 12:38 - 2014-05-08 14:28 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-02-13 13:27 - 2014-12-04 08:54 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\Desktop\Scans
2015-02-10 13:45 - 2014-05-06 11:34 - 00000000 ____D () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Adobe
2015-02-06 14:27 - 2014-05-09 09:34 - 00001200 _____ () C:\Users\chrisj.CHCHOMECARE\Desktop\WyseSync.lnk
2015-02-05 14:11 - 2014-05-09 10:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 14:11 - 2014-05-09 10:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 14:11 - 2014-05-09 10:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-08-14 08:15 - 2014-08-14 08:15 - 0022074 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Comma Separated Values.ADR
2014-05-09 11:30 - 2014-05-09 11:30 - 0099384 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\inst.exe
2014-05-09 11:30 - 2014-05-09 11:30 - 0007859 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.cat
2014-05-09 11:30 - 2014-05-09 11:30 - 0001167 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.inf
2014-05-09 11:30 - 2014-05-09 11:30 - 0000055 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.log
2014-05-09 11:30 - 2014-05-09 11:30 - 0082816 _____ (VSO Software) C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\pcouffin.sys
2014-05-09 13:27 - 2014-05-09 13:27 - 0000186 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-05-08 13:50 - 2014-05-08 13:50 - 0000315 _____ () C:\ProgramData\NCIDebug.log

Files to move or delete:
====================
C:\Users\chrisj.CHCHOMECARE\g2ax_expert_downloadhelper_win32_x86.exe


Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\chrisj\AppData\Local\Temp\uninstall.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\Quarantine.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 00:41

==================== End Of Log ============================

Yes I have original CD's if needed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by chrisj at 2015-02-26 08:39:18
Running from C:\Users\chrisj.CHCHOMECARE\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8C67668E-BA6F-8F50-A4BC-5D4D6888C015}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{C5670C59-8D82-47FF-90A1-FDAA41A7E9B2}) (Version: 1.34.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.3207 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3212 - CyberLink Corp.)
digi docket (HKLM\...\digi docket) (Version: 2015.02.25.140428 - digi docket) <==== ATTENTION
DVDFab 8.1.6.8 (17/03/2012) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version: - Fengtao Software Inc.)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.6.716 - DVDVideoSoft Ltd.)
GoToAssist Expert 2.2.0.758 (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\GoToAssist Remote Support Expert) (Version: 2.2.0.758 - Citrix Online)
GoToMeeting 6.4.10.2185 (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\GoToMeeting) (Version: 6.4.10.2185 - CitrixOnline)
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HHG Professional 8.5.0 (HKLM-x32\...\HHGOLD.exe_is1) (Version: 8.5.0 - The Manager, Inc.)
HomeCare Billing Solution (HKLM-x32\...\{2F37410B-2E26-41E1-9350-1473E71185A3}) (Version: 1.1.6.30 - HAS)
HP Documentation (HKLM-x32\...\{2B17D65C-D9EC-439C-9F42-5E35BBD95B7A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Performance Advisor (HKLM-x32\...\{3183E2B8-1B3B-4671-AB66-547AD62A78F1}) (Version: 1.6.5725 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.2.0 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
InfoTransfer (HKLM-x32\...\{FFD13DB5-97DD-4FFF-A29F-CCD9F3F69F6E}) (Version: 2.0.0.10 - Press Ganey Associates, Inc)
Install Graph 8.0 (HKLM-x32\...\Install Graph_is1) (Version: - The Manager, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Network Connections 18.5.52.1 (HKLM\...\PROSetDX) (Version: 18.5.52.1 - Intel)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks Network Connect 7.4.0 (HKLM-x32\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
LifeStream 4.9.0 (HKLM-x32\...\LifeStream_is1) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{DE91C193-2611-4BD3-A9F9-DF589C572565}) (Version: 4.6.0.2292 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.01000 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft OLE DB Provider for Visual FoxPro (HKLM-x32\...\{CD5DC4AA-7D62-48D9-B756-5925471001FE}) (Version: 9.0.0.3504 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{421B88F8-D7C9-44CB-8B73-166D65B18DCC}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NICI U.S./Worldwide 2.77.1.0 (x64) (HKLM\...\{123B3157-26AF-43F5-AD46-AB200AC56292}) (Version: 2.77.1.0 - Novell, Inc.)
Novell Client for Windows (HKLM\...\Novell Client for Windows) (Version: 2 SP3 - Novell, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
OfficeWyse (HKLM-x32\...\{E4D3B24B-6BF2-42D1-933C-2B7775A685C9}) (Version: - )
OmniForm Premium 5.0 (HKLM-x32\...\{D9E2AA0C-078F-491E-A728-1A621ADF9900}) (Version: 5.00.029 - ScanSoft, Inc.)
Online Plug-in (x32 Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 14.0 (HKLM-x32\...\{48FF40D4-2071-4EC0-8BD5-2E7D69A38CE2}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Enterprise Solutions: Nonprofit Edition 14.0 (HKLM-x32\...\{439ACB20-4C55-49AE-983D-F885FF1D231A}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RarZilla Free Unrar (HKLM-x32\...\RarZilla Free Unrar) (Version: 5.10 - Philipp Winterberg)
RDLC Prerequisites (HKLM-x32\...\{5D230134-DABC-4396-B84D-7028BE8302F5}) (Version: 1.0.0003 - HealthWyse)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6878 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Secure MS Outlook Toolbar (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\9386fa792bf58592) (Version: 4.10.14279.3 - Secure Messaging)
Self-service Plug-in (x32 Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
SQL Anywhere 12 (HKLM\...\{1DFA77E6-91B2-4DCC-B8BE-98EA70705D39}) (Version: 12.1.3505 - iAnywhere Solutions, Inc.)
Symantec Installation Manager (x32 Version: 7.5.240 - Symantec) Hidden
Symantec Platform and Solutions (HKLM\...\Altiris Installation Manager) (Version: 7.5.240 - Symantec Corporation)
Unity Web Player (HKU\S-1-5-21-1957994488-57989841-1801674531-1167\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VFP 9 (HKLM-x32\...\VFP Runtime 9_is1) (Version: - )
VideoCam Suite 3.5 (HKLM-x32\...\{66D97020-1814-4DA8-A2AC-7CAED535F2D1}) (Version: 3.05.009.1033 - Panasonic Corporation)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.75 - VSO Software)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{02E9C6B0-2B7D-3781-8EDF-4E003E5FC2A2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{0391C481-8D3C-3F23-AE3F-4152B84C2AB9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{045350FA-8012-369D-ADF7-ECA29498EE62}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{046550D7-F958-3CDC-93E7-E91E22E8563C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{063DEC94-E425-3763-96BC-26AAA2B9003B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{08FAFD43-8E07-3FB9-BAF3-53CF4BBA6DD3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{0CF86CE6-B264-3955-9B89-22C858C175AE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{1246B5FC-052C-3E2A-94FD-26E7435044DB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{15821BD4-0327-36C3-B8D3-B16A629B9BF1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{168E12C5-1C8E-3D19-974A-6408C1666929}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{17C7583C-FF0C-3607-AFB8-3FDEE6B28E41}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{190E3BB4-01D2-30C4-B145-CEEE32C1F65D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{1ABC4082-B1F1-35B8-B33A-59CCDA7E7F77}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{239FDE2D-6782-3499-B6D4-1491890C4AD8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2771A246-2CA1-3785-BC7B-5334D9A901FA}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2ACA4F24-A63D-3671-8053-E87C615A0844}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2B440102-C706-30A9-86CB-E6E75AF47CA8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2D5542CA-837D-37BD-9FCC-C361B78AA11B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2F24FE06-7173-3EA8-A81A-0D54D20BAB22}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2F7B468D-336C-3DF7-A919-16F0E1140FD4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{2FE09CFF-D51B-38F3-B38D-9F6DC28B7418}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{31F353B8-5708-3529-B068-8A20802E9740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3244FBA7-4C38-3651-AF26-6C082E36FF5F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{33ECC9DD-58B8-3878-906F-BC8B6D3BC196}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{34176F5A-4EAB-3106-8526-AC61AD1CDD35}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{348AF7F9-F7C2-3052-819A-5950A90DB038}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{35D8B0D6-3367-393A-AD11-A6186373FFBD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{36AAEC16-00A4-3BE3-AA53-12C8122A3FD2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{37771620-2352-384C-9BEB-7019A75A2992}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{37DFEE4A-B031-3E2C-AFFF-EB8C683B416A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{38957EC4-77D6-3467-B7D3-5E7536E5B24C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{38D66DAE-53F4-3F64-9FD5-1E950881859D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3B5BC331-26CD-347A-877E-FA0DFA0AF065}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3B8B01BC-04A8-304E-B4A5-4D425E60772A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3EB17872-7DAE-3998-9E27-F3AEF9B78C11}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{3EBAAB52-EFD5-3209-BB66-831A7374592B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{402C6E58-2CC1-3F26-9B85-5D3F21BE76F7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{402F72CE-3470-3D44-9950-148DCB3389D3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{42FC9F3C-B22E-367C-B2FD-D638E664E31A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4665DCAD-2C5A-340F-965E-B26B740076E6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{46F57B08-7DD1-36C3-A7A9-2DCA04378F15}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{48433022-67BA-3334-AD7F-293BC76191FD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{48FC708B-2845-35E6-B0AB-02509DD59499}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4A0D5316-3CDF-3D19-9AB2-3F40BDD75A85}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C02120F-95E5-3E51-AB91-47B9353D548F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C5D2E3B-6CC3-3F78-B0AF-7310B5552CFC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4C8914AB-0A5C-34C1-AFDE-833D6F0AAEE9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4CDE8A98-7158-3A97-A048-F528DD46B8AF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4F262985-989F-3031-B1A6-06C6E5F330A5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{4FC6EF9B-BD8D-3103-B27D-DFAF0FDEC66D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{54D8C200-43D0-32FF-9F31-BBF0F5B8E784}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{58234081-5437-37F8-A4EA-7C92DF984290}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{596E670B-6F9B-3B48-B2B2-C7741B9E183B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5A4A1C27-8B20-3392-B5B5-6B07CEBCA451}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5A87DCA2-108F-36E0-A7F8-7CE4E985BEF6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{5FEDB19A-1E41-39E8-BED2-71C405D6BA7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{619E5BF6-7832-3C74-97D0-69A59DBBAD97}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{61A86EC8-3416-3344-8825-163658BCA2D7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{68D0B881-653D-3C8E-9AB7-841A4AC62092}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6A06052F-0805-3B24-B029-13D134DC8B91}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6BA8E6E0-D310-3E63-8443-A860D4A35963}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6C96F1DB-799C-3C42-93F7-397D7DC71C46}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{6FADEF0B-588E-39CD-BEBD-DD30315069B5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7043C39E-07C4-362C-9559-6623F60AA288}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{70F59F6C-178D-3C4F-8A61-389C32582D0A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{722E09DD-9B79-30F8-9CA7-944CE9FA1A12}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7336FF50-C320-3A11-AE4D-E8FD01D4FFD7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{74E247DD-CFCF-3107-9E7F-1EF2078E04E4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{74FE6081-E61C-3B79-93C1-03FCC7D2FF7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7861534E-DC86-3A1C-A18B-EABB016F5720}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{794CF8BF-6D83-38E8-9EC0-5EF5174FC63E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7980D4F9-BC5F-323C-BD07-87DD3656A8CD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{7CED20EE-9CF0-3439-AA3D-BA2B50B3D1F4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8258662B-21C6-3886-BD97-A3589DDF9F96}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{82F34FB2-8320-3D81-875A-E5CF1D6D7814}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2185\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{851418EE-4D45-31A8-A973-AC376E20E512}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{880FC8FB-1D01-30F7-A84E-15B19C787470}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{89D62DAB-1A56-3F88-B489-5F6F6E5F48A2}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{89E25728-F5DC-392B-B470-B1F062CC8723}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8AA8CE96-ABFF-37FA-81D5-5B8F37F2403F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8B9F70F4-1F7C-3093-AC90-16524CAECF70}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8EA84661-C9D0-35D1-8496-37E4831C1A90}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{8FF3D0DE-5E1D-306F-934D-2F571FD69309}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{940242B4-99DF-37E7-B04A-25378AB8E68E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{97F9D3C9-A844-3A06-AC0A-7D0EFEE25F08}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{99AD8422-7EE2-36E7-A19A-3C1B9720BAB7}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A2F22558-69FE-3FB6-99D8-7C3B339C19D4}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A65D60EF-E6FC-3F48-9CA4-EF41133E104F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A85A47F8-E8DD-3853-A07E-97ECEAF2F253}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A88BC559-1566-3142-BF06-59DD58565187}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A8C94358-F602-3250-B079-10F6F2A14EFE}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{A9F0EC49-5379-33FB-98F5-D3BEB2FD4268}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{ADA74C45-C4A4-306C-940F-C68EDCCE1B14}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{AFB8F8EB-5A13-3BF4-84C0-7E1F7552E41C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B52A8215-2781-364A-AB21-8020529D8D0A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B6EE950B-CDB4-3C3D-9634-19594D5F4CF5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{B9CDC547-2DA8-3786-A819-17082B6BD23B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BAA2EC70-5DAD-35C7-B488-37FB293AD801}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BCE5B6AE-52EC-3887-BDA5-73A878CB3DBB}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{BF363C71-C3C2-3006-BF0A-2B51A325AF14}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C0A78D98-2A22-31A6-8D58-F9E770C727A0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C7D0AE2C-1401-3E4C-8AE8-2A54E76F43C0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C801C54C-CC28-3330-ACF8-50909886507E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{C8D9CF00-AFFC-3C44-8330-C9E6DD8771BF}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CA964CAB-84BF-340F-BA61-D28AEF33900B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CC348802-7CDD-3497-866B-B32AABEA7A7B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{CE2FB0FB-E6E0-389D-8A46-362894E38757}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D14FED53-E09F-308F-85C1-98D49E310157}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D250FD69-B9F5-3EE8-8C93-D1E92492B77D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D447B66D-F21D-3D07-8A80-C89C328A2808}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D45646A6-6D48-30A0-8888-DD198DB8AB89}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D5E56A34-2BF2-3580-B98E-B8F47CFA8146}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{D75D3A15-3BCA-3A87-9393-B264348A6DB8}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DC4B9997-DF3E-3853-B27B-C72F9F59774A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DD67443C-6E9D-439D-8EC0-3251F678ADA1}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Apps\2.0\HPQKZE0B.YAQ\97X61BHP.N03\secu..lbar_95b2ee78f4d9b2db_0004.000a_1b4005bd5a54fcad\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DE522B15-5362-3B8F-BF8F-D400B62D53F0}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DE989E65-7C09-31B4-B98A-FC10091DCDBD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{DEAF5BFD-D8C8-3C1C-BA16-6B99C99B194B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E0612FC5-3A4C-334A-B901-99FAB8139DC6}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E1493CEF-6477-3EE6-B3D6-F426D4AC697A}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E4B84D04-3869-317C-93A2-6A081E63059E}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E7B8E99E-996C-3C32-82C3-B98899E21F8F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{E9F3B29A-658C-3B17-B8D5-1914CFE84EB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EB7FD8AC-B3DD-35B1-AAAF-FACA81248D72}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EE3A8FDD-1477-32C9-9D09-031F798C2B04}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EE68214A-8EC6-3D3B-AA62-E5A6E4A68C4F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{EF323861-D3AF-3579-8B1A-25371A8B4EFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F007C87A-7814-37A1-8D1D-7D738840646D}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F1A21E60-B53B-331E-9DD1-94F667751848}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F29DAB07-4CAB-38EB-AE28-4BE8B6A0B551}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F2B2F28D-303E-3C84-AAC3-052E73F594CC}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F4E37838-BE98-34AA-85A9-0503D53953A9}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F615736B-25F9-3EC8-90FE-284AD620422F}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{F8C4311F-639B-3F78-BD5B-3ACD22B6D26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{FCA2B2D9-0463-37C0-A5C1-0B2D0F50D8B1}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1957994488-57989841-1801674531-1167_Classes\CLSID\{FF7946B3-D27F-3B77-8793-79BB39FFD533}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

==================== Restore Points =========================

06-02-2015 00:00:02 Scheduled Checkpoint
13-02-2015 17:27:10 Scheduled Checkpoint
21-02-2015 00:00:02 Scheduled Checkpoint
25-02-2015 13:01:07 Removed Windows Agent.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-02-12 08:28 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A0EC018-E5FF-48A9-A52A-16A178B0AB3C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {2442EC2E-0356-42E5-9C83-064E6E312978} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3133D515-9F4E-42EC-9171-09FA0092C995} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {698C57FE-86DA-400C-BFE5-7C844AEB0B33} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {7D284589-B682-4A98-B7D0-A8CE30743B67} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {C2C2D9A4-D36F-4EED-B400-09FF589503EB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E6689ED4-37F5-416B-8854-99AA1BF79AA0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDC9BD30-F8BE-4C9A-A11B-72016FB516E6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {763ace4e-ca6b-4cfd-90e5-9999aaf4a457} ItManager.chchomecare.org => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-01-06] (Microsoft Corporation)
Task: {FC1D4356-A8E9-4E92-9E15-9CA59D0E056A} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2012-04-23] (CyberLink)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-15 23:17 - 2013-01-15 23:17 - 00048696 _____ () C:\Windows\system32\ncv1_0.DLL
2013-01-15 23:17 - 2013-01-15 23:17 - 01004088 _____ () C:\Windows\system32\ncnetprovider.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00109112 _____ () C:\Windows\system32\NCLangID.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00174648 _____ () C:\Windows\system32\MAPBASE.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00272440 _____ () C:\Windows\system32\NWSHLXNT.dll
2013-01-16 11:02 - 2013-01-16 11:02 - 00015872 _____ () C:\Windows\system32\nls\ENGLISH\NCLangIDR.DLL
2013-01-16 11:06 - 2013-01-16 11:06 - 00086016 _____ () C:\Windows\system32\nls\ENGLISH\MAPBASER.DLL
2013-01-16 11:07 - 2013-01-16 11:07 - 00101376 _____ () C:\Windows\system32\nls\ENGLISH\NWSHLXNTR.DLL
2013-01-16 11:08 - 2013-01-16 11:08 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\ncnetproviderR.DLL
2014-05-08 14:35 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00152120 _____ () C:\Program Files\Novell\Client\XTier\Common\libslp.dll
2014-05-13 04:31 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-02-25 13:01 - 2015-02-25 13:01 - 00203776 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs
2015-02-25 13:01 - 2015-02-25 13:01 - 00168960 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp
2015-02-25 13:01 - 2015-02-25 13:01 - 00179712 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp
2014-11-23 05:44 - 2014-12-23 14:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-01-15 23:17 - 2013-01-15 23:17 - 00039992 _____ () C:\Program Files\Novell\Client\nwtray.exe
2013-01-15 23:17 - 2013-01-15 23:17 - 01004088 _____ () C:\Windows\system32\NCNetProvider.DLL
2013-01-16 11:08 - 2013-01-16 11:08 - 00488448 _____ () C:\Windows\system32\nls\ENGLISH\NCNetProviderR.DLL
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 18:30 - 2007-04-18 18:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2011-09-14 19:08 - 2011-09-14 19:08 - 00150032 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2014-04-21 19:10 - 2013-07-10 18:16 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00623432 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\boost_regex-vc100-mt-1_47.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBCompressor.dll
2013-12-02 13:27 - 2013-12-02 13:27 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\zlib1.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00149320 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBMAPILibrary.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00247112 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\boost_serialization-vc100-mt-1_47.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00623944 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\FtuEngine.dll
2014-06-26 12:53 - 2014-06-26 12:53 - 00582472 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\BackupLib.dll
2014-06-26 12:56 - 2014-06-26 12:56 - 00142664 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBProActiveCore.dll
2014-06-26 12:54 - 2014-06-26 12:54 - 00791880 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\FeaturesBridge.dll
2014-06-26 12:55 - 2014-06-26 12:55 - 00043848 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\mbpopup.dll
2014-06-26 09:56 - 2014-06-26 09:56 - 00146248 _____ () C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\qbar.dll
2014-04-21 19:13 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-23 05:41 - 2014-11-23 05:41 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-29 08:11 - 2014-10-29 08:11 - 00520192 _____ () C:\Users\chrisj.CHCHOMECARE\AppData\Local\Apps\2.0\HPQKZE0B.YAQ\97X61BHP.N03\secu..lbar_95b2ee78f4d9b2db_0004.000a_1b4005bd5a54fcad\adxloader.dll
2013-12-21 01:04 - 2013-12-21 01:04 - 03989888 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\AdobePDFMakerX.dll
2014-12-23 03:35 - 2015-01-06 04:36 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2015-02-05 14:11 - 2015-02-05 14:11 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Maintenance Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Windows Agent Service => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1957994488-57989841-1801674531-1167\Control Panel\Desktop\\Wallpaper -> C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.16 - 192.168.1.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-580940083-1041192238-1244669225-500 - Administrator - Enabled) => C:\Users\Administrator.ItManager
Guest (S-1-5-21-580940083-1041192238-1244669225-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 03:43:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/25/2015 03:03:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (4488) WebCacheLocal: Error -1811 occurred while opening logfile C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\Windows\WebCache\V0100164.log.

Error: (02/25/2015 01:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wotlttxdlh.exe, version: 1.36.1.22, time stamp: 0x50be00b6
Faulting module name: InstallerUtils.dll, version: 0.0.0.0, time stamp: 0x54edb2db
Exception code: 0xc0000005
Fault offset: 0x0001b731
Faulting process id: 0x2820
Faulting application start time: 0xWotlttxdlh.exe0
Faulting application path: Wotlttxdlh.exe1
Faulting module path: Wotlttxdlh.exe2
Report Id: Wotlttxdlh.exe3

Error: (02/25/2015 01:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Wotlttxdlh.exe, version: 1.36.1.22, time stamp: 0x50be00b6
Faulting module name: InstallerUtils.dll, version: 0.0.0.0, time stamp: 0x54edb2db
Exception code: 0xc0000005
Fault offset: 0x0001b731
Faulting process id: 0x2bf8
Faulting application start time: 0xWotlttxdlh.exe0
Faulting application path: Wotlttxdlh.exe1
Faulting module path: Wotlttxdlh.exe2
Report Id: Wotlttxdlh.exe3

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


System errors:
=============
Error: (02/25/2015 04:21:22 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/25/2015 04:18:46 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (02/25/2015 04:10:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA}

Error: (02/25/2015 04:01:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBIDPService service terminated unexpectedly. It has done this 1 time(s).

Error: (02/25/2015 03:54:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The QBCFMonitorService service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/25/2015 03:43:28 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestK:\esetsmartinstaller_enu.exe

Error: (02/25/2015 03:03:19 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost4488WebCacheLocal: C:\Users\chrisj.CHCHOMECARE\AppData\Local\Microsoft\Windows\WebCache\V0100164.log-1811

Error: (02/25/2015 01:12:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wotlttxdlh.exe1.36.1.2250be00b6InstallerUtils.dll0.0.0.054edb2dbc00000050001b731282001d05126a1ebb567C:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nsi4B79.tmp\Wotlttxdlh.exeC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nss51D0.tmp\InstallerUtils.dlle262309d-bd19-11e4-97b1-a0481c981d49

Error: (02/25/2015 01:12:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Wotlttxdlh.exe1.36.1.2250be00b6InstallerUtils.dll0.0.0.054edb2dbc00000050001b7312bf801d051269232099bC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nshE3E0.tmp\Wotlttxdlh.exeC:\Users\CHRISJ~1.CHC\AppData\Local\Temp\nsxEAF3.tmp\InstallerUtils.dlld31245d6-bd19-11e4-97b1-a0481c981d49

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (02/23/2015 03:22:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19


CodeIntegrity Errors:
===================================
Date: 2015-02-23 08:24:49.791
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-23 08:16:36.172
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-18 09:59:39.575
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-16 10:18:37.000
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-02 07:15:22.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-02 07:01:41.372
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-02 06:52:45.586
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-02-02 06:46:35.581
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-01-28 09:35:43.829
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

Date: 2015-01-03 08:34:46.413
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5-1660 v2 @ 3.70GHz
Percentage of memory in use: 22%
Total physical RAM: 16307.79 MB
Available physical RAM: 12593 MB
Total Pagefile: 32613.75 MB
Available Pagefile: 28802.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:455.09 GB) (Free:326.11 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.89 GB) (Free:1.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (DATA) (Network) (Total:250 GB) (Free:213.02 GB) NTFS
Drive g: (VOL1) (Network) (Total:126.01 GB) (Free:88.62 GB) NcFsd
Drive h: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive i: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive j: (APPS) (Network) (Total:410.1 GB) (Free:108.78 GB) NTFS
Drive l: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive m: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive o: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive p: (OFFICE) (Network) (Total:132.02 GB) (Free:81.48 GB) NcFsd
Drive x: (SYS) (Network) (Total:89.01 GB) (Free:63.81 GB) NcFsd
Drive y: (DOMAIN) (Network) (Total:59.01 GB) (Free:49.14 GB) NcFsd
Drive z: (SYS) (Network) (Total:89.01 GB) (Free:63.81 GB) NcFsd

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: BD182395)
Partition 1: (Active) - (Size=800 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=455.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Edited by Oh My!, 03 March 2015 - 08:04 PM.
Posted Addition.txt


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 03 March 2015 - 08:09 PM

Greetings Chrisj8769 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and run the below for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s).
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

digi docket

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49
R2 petonuve; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp [168960 2015-02-25] () [File not signed]
R2 pysucode; C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp [179712 2015-02-25] () [File not signed]
R2 hotyfulu; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs [X]
U3 mfeavfk01; No ImagePath
C:\Users\chrisj.CHCHOMECARE\g2ax_expert_downloadhelper_win32_x86.exe
C:\Users\administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\chrisj\AppData\Local\Temp\uninstall.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\Quarantine.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\sqlite3.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did digi docket uninstall?
  • Fixlog
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 March 2015 - 08:17 AM

Thank you for getting back to me.

I uninstalled uTorrent.

When I type in appwiz.cpl and the program listing appears there is nothing listed with digi docket - so I was unable to uninstall.

I did as instructed to create the fixlist.txt file to my desktop and ran, but there is no fixlog.txt on my desktop to attach?

I didn't want to re-try because instructions say not to re-run anything unless instructed.

Attached is the Summary.zip file.

Thanks again.

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 04 March 2015 - 09:59 AM

What we need to do is move FRST.exe onto your desktop. Currently it is located in your Downloads folder:
 

Running from C:\Users\chrisj.CHCHOMECARE\Downloads


Rerun the fixlist located on your desktop and it should work properly.

In addition, please run the below program for me.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
*digi dock*
:folderfind
*digi dock*
:regfind
*digi dock*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST logs (2)
  • SystemLook log

Edited by Oh My!, 04 March 2015 - 10:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 March 2015 - 10:35 AM

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by chrisj at 2015-03-04 10:21:38 Run:1
Running from C:\Users\chrisj.CHCHOMECARE\Desktop
Loaded Profiles: chrisj &  (Available profiles: chrisj & Administrator & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49
R2 petonuve; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\jnstEC86.tmp [168960 2015-02-25] () [File not signed]
R2 pysucode; C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp [179712 2015-02-25] () [File not signed]
R2 hotyfulu; C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49\nstBF1A.tmpfs [X]
U3 mfeavfk01; No ImagePath
C:\Users\chrisj.CHCHOMECARE\g2ax_expert_downloadhelper_win32_x86.exe
C:\Users\administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\chrisj\AppData\Local\Temp\uninstall.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\Quarantine.exe
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\sqlite3.dll
*****************

C:\Users\chrisj.CHCHOMECARE\AppData\Roaming\9A47A300-1424869257-11E3-8F0A-A0481C981D49 => Moved successfully.

"C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49" directory move:

C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\onst8DF7.tmp => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\pnso8E27.exe => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\rnst8DF6.exe => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\snst8DF5.tmp => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49\Uninstall.exe => Moved successfully.
Could not move "C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49" directory. => Scheduled to move on reboot.

petonuve => Service stopped successfully.
petonuve => Service deleted successfully.
pysucode => Service stopped successfully.
pysucode => Service deleted successfully.
hotyfulu => Service stopped successfully.
hotyfulu => Service deleted successfully.
mfeavfk01 => Service deleted successfully.
C:\Users\chrisj.CHCHOMECARE\g2ax_expert_downloadhelper_win32_x86.exe => Moved successfully.
C:\Users\administrator\AppData\Local\Temp\ConfigurationWizard.exe => Moved successfully.
C:\Users\chrisj\AppData\Local\Temp\uninstall.exe => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\chrisj.CHCHOMECARE\AppData\Local\Temp\sqlite3.dll => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-04 10:23:55)<=

C:\Users\chrisj.CHCHOMECARE\AppData\Local\9A47A300-1424869314-11E3-8F0A-A0481C981D49 => Is moved successfully.

==== End of Fixlog 10:23:55 ====

 

SystemLook 30.07.11 by jpshortstuff
Log created at 10:27 on 04/03/2015 by chrisj
Administrator - Elevation successful

========== filefind ==========

Searching for "*digi dock*"
No files found.

========== folderfind ==========

Searching for "*digi dock*"
No folders found.

========== regfind ==========

Searching for "*digi dock*"
No data found.

-= EOF =-



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 04 March 2015 - 10:41 AM

Thank you,

Please rerun SystemLook but use this instead:
 
:filefind
*digi*
:folderfind
*digi*
:regfind
*digi*

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 March 2015 - 10:47 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 10:48 on 04/03/2015 by chrisj
Administrator - Elevation successful

========== filefind ==========

Searching for "*digi*"
C:\Program Files (x86)\CyberLink\Power2Go8\AuthoringPage_Skin\Common\edit\Display DigitalNum.png    --a---- 4240 bytes    [00:13 22/04/2014]    [02:08 25/03/2011] A67056C2603429EFC758701CF3EBFDFF
C:\Program Files (x86)\CyberLink\PowerDVD12\Custom\Skin\Standard\Photo\Layout\common\wndDigitalZoomPos.bkml    --a---- 2815 bytes    [00:13 22/04/2014]    [09:40 12/08/2013] 4B36DC0F4D89380EF94E68048B621774
C:\Program Files (x86)\CyberLink\PowerDVD12\Custom\Skin\Standard\Photo\Layout\musicStore\DlgSevenDigitalIntro.bkml    --a---- 7891 bytes    [00:13 22/04/2014]    [09:40 12/08/2013] 417AD884DC6B36E4054929C4BF342EE4
C:\Program Files (x86)\CyberLink\PowerDVD12\Custom\Skin\Standard\Photo\Layout\musicStore\DlgSevenDigitalLogin.bkml    --a---- 3231 bytes    [00:13 22/04/2014]    [09:40 12/08/2013] 77256B8BDC8DF77E6D1E64E55C9852CC
C:\Program Files (x86)\CyberLink\PowerDVD12\Custom\Skin\Standard\Photo\Layout\musicStore\SevenDigitalIEDlg.bkml    --a---- 4395 bytes    [00:13 22/04/2014]    [09:40 12/08/2013] 67D97B9A53EC01904068E761EEEEA59E
C:\Windows\assembly\GAC_MSIL\Intuit.QuickBooks.XmlDigitalSignature\1.2.0.0__5b3f47ba29970ccb\Intuit.QuickBooks.XMLDigitalSignature.dll    --a---- 28672 bytes    [15:56 09/05/2014]    [15:56 09/05/2014] 486E625601EDE9A2B51AD7B4CC0B1861
C:\Windows\ehome\MediaRenderer\MediaCenter.DigitalMediaRenderer.AVTransport.xml    --a---- 16235 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] AE445926A4ADE0CF8DA677EE411BF012
C:\Windows\ehome\MediaRenderer\MediaCenter.DigitalMediaRenderer.ConnectionManager.xml    --a---- 4497 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] D33C1A0CA310B944A106B393CFE3E97C
C:\Windows\ehome\MediaRenderer\MediaCenter.DigitalMediaRenderer.RenderingControl.xml    --a---- 3527 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] 72B1C0CD5542DB639BB56126E8287FA7
C:\Windows\ehome\MediaRenderer\MediaCenter.DigitalMediaRenderer.RenderingControlNoMute.xml    --a---- 2100 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] CD326F2CA0BE6666188649101C8F6B44
C:\Windows\inf\digitalmediadevice.inf    --a---- 8142 bytes    [05:31 14/07/2009]    [05:31 14/07/2009] 936F5CEE847D2C019AE43B43623577C1
C:\Windows\inf\digitalmediadevice.PNF    --a---- 7536 bytes    [04:50 14/07/2009]    [04:50 14/07/2009] 91AD804A6D8867EDF334C5289C1A362C
C:\Windows\inf\hiddigi.inf    --a---- 5480 bytes    [05:31 14/07/2009]    [05:31 14/07/2009] 3C1DD988945006089AE7A9AF73D8F0BA
C:\Windows\inf\hiddigi.PNF    --a---- 9772 bytes    [04:50 14/07/2009]    [04:50 14/07/2009] 7FCBD8238E8772E9D4AA43B0C1F050F7
C:\Windows\PolicyDefinitions\DigitalLocker.admx    --a---- 1992 bytes    [20:37 10/06/2009]    [20:37 10/06/2009] B3B1BAB12CE011462C6057621C9E510C
C:\Windows\PolicyDefinitions\en-US\DigitalLocker.adml    --a---- 1186 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] A4EECA9FC18FD2F595ECC98FD40E0F5F
C:\Windows\System32\MultiDigiMon.exe    --a---- 51712 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 3DC7F21CF94CC930E7E8F63D4AEBA71A
C:\Windows\System32\DriverStore\en-US\DigitalMediaDevice.inf_loc    --a---- 334 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 5408575B037714C186ECAE37204008A7
C:\Windows\System32\DriverStore\en-US\hiddigi.inf_loc    --a---- 418 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 32B9CA4A0CE453FEB270AF905C9D2819
C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\digitalmediadevice.inf    --a---- 8142 bytes    [20:48 13/07/2009]    [20:48 13/07/2009] 936F5CEE847D2C019AE43B43623577C1
C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20\digitalmediadevice.PNF    --a---- 7388 bytes    [05:31 14/07/2009]    [05:31 14/07/2009] 71BF3A1334FFB63F65CE6B26ECECECFF
C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da\hiddigi.inf    --a---- 5480 bytes    [20:39 13/07/2009]    [20:39 13/07/2009] 3C1DD988945006089AE7A9AF73D8F0BA
C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da\hiddigi.PNF    --a---- 9592 bytes    [05:31 14/07/2009]    [05:31 14/07/2009] 03C6DC34BD9D1074270EEDB520C32C44
C:\Windows\System32\en-US\MultiDigiMon.exe.mui    --a---- 3072 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 6A84A697A7635F09F1FACEDA864C3AC9
C:\Windows\winsxs\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ffd83a48de3b881c\DigitalMediaDevice.inf_loc    --a---- 334 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 5408575B037714C186ECAE37204008A7
C:\Windows\winsxs\amd64_digitalmediadevice.inf_31bf3856ad364e35_6.1.7600.16385_none_e15a2bcac4c4abc6\DigitalMediaDevice.inf    --a---- 8142 bytes    [20:48 13/07/2009]    [20:48 13/07/2009] 936F5CEE847D2C019AE43B43623577C1
C:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92e1a6f8f023c71c\hiddigi.inf_loc    --a---- 418 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 32B9CA4A0CE453FEB270AF905C9D2819
C:\Windows\winsxs\amd64_hiddigi.inf_31bf3856ad364e35_6.1.7600.16385_none_f15136385f8cfd0e\hiddigi.inf    --a---- 5480 bytes    [20:39 13/07/2009]    [20:39 13/07/2009] 3C1DD988945006089AE7A9AF73D8F0BA
C:\Windows\winsxs\amd64_microsoft-windows-d..ocker-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8ed8b37006b00933\DigitalLocker.adml    --a---- 1186 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] A4EECA9FC18FD2F595ECC98FD40E0F5F
C:\Windows\winsxs\amd64_microsoft-windows-digitallocker-adm_31bf3856ad364e35_6.1.7600.16385_none_06415336c01645cc\DigitalLocker.admx    --a---- 1992 bytes    [20:37 10/06/2009]    [20:37 10/06/2009] B3B1BAB12CE011462C6057621C9E510C
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\MediaCenter.DigitalMediaRenderer.AVTransport.xml    --a---- 16235 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] AE445926A4ADE0CF8DA677EE411BF012
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\MediaCenter.DigitalMediaRenderer.ConnectionManager.xml    --a---- 4497 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] D33C1A0CA310B944A106B393CFE3E97C
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\MediaCenter.DigitalMediaRenderer.RenderingControl.xml    --a---- 3527 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] 72B1C0CD5542DB639BB56126E8287FA7
C:\Windows\winsxs\amd64_microsoft-windows-ehome-devices-dmrxml_31bf3856ad364e35_6.1.7600.16385_none_9d23d74d960a8256\MediaCenter.DigitalMediaRenderer.RenderingControlNoMute.xml    --a---- 2100 bytes    [22:26 13/07/2009]    [21:04 10/06/2009] CD326F2CA0BE6666188649101C8F6B44
C:\Windows\winsxs\amd64_microsoft-windows-t..trolpanel.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2da78f99272efcb9\MultiDigiMon.exe.mui    --a---- 3072 bytes    [07:06 21/11/2010]    [07:06 21/11/2010] 6A84A697A7635F09F1FACEDA864C3AC9
C:\Windows\winsxs\amd64_microsoft-windows-tabletpc-controlpanel_31bf3856ad364e35_6.1.7601.17514_none_3d9977977190cdc4\MultiDigiMon.exe    --a---- 51712 bytes    [03:24 21/11/2010]    [03:24 21/11/2010] 3DC7F21CF94CC930E7E8F63D4AEBA71A
C:\Windows\winsxs\FileMaps\$$_digitallocker_en-us_ff53d45933582902.cdf-ms    --a---- 652 bytes    [05:37 14/07/2009]    [07:06 21/11/2010] 0BD8FF9C0ED5AD4A63D96FAF2B7EDB9C
C:\Windows\winsxs\Manifests\amd64_digitalmediadevice.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_91afc1820c37dc2b.manifest    --a---- 1139 bytes    [07:05 21/11/2010]    [07:05 21/11/2010] 1590AC05A2B1C02D29CBB1D460CFE16B
C:\Windows\winsxs\Manifests\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ffd83a48de3b881c.manifest    --a---- 1816 bytes    [07:05 21/11/2010]    [07:05 21/11/2010] A30EC08DAE4931E1AE0AB6B05AE66B80
C:\Windows\winsxs\Manifests\amd64_digitalmediadevice.inf_31bf3856ad364e35_6.1.7600.16385_none_e15a2bcac4c4abc6.manifest    --a---- 1500 bytes    [05:28 14/07/2009]    [05:28 14/07/2009] 16538CBAEA2A69E770CBC08361C6FD59
C:\Windows\winsxs\Manifests\amd64_hiddigi.inf-languagepack_31bf3856ad364e35_6.1.7600.16385_en-us_d33833c14e240587.manifest    --a---- 1117 bytes    [07:05 21/11/2010]    [07:05 21/11/2010] 686188BB3CA496D632B18BE0C36052E0
C:\Windows\winsxs\Manifests\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92e1a6f8f023c71c.manifest    --a---- 2616 bytes    [07:05 21/11/2010]    [07:05 21/11/2010] AB84577BDB783068D7F7B6D9C0E14B06
C:\Windows\winsxs\Manifests\amd64_hiddigi.inf_31bf3856ad364e35_6.1.7600.16385_none_f15136385f8cfd0e.manifest    --a---- 2093 bytes    [05:28 14/07/2009]    [05:28 14/07/2009] 1C3C7A7DA387E88A3FCBA55E3B45D647
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-digitallocker-adm_31bf3856ad364e35_6.1.7600.16385_none_06415336c01645cc.manifest    --a---- 2777 bytes    [02:18 14/07/2009]    [02:18 14/07/2009] E02A059B53A80CD27BC5C8C43A568BD4
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_1eb3558ba4abcf2e.manifest    --a---- 4827 bytes    [02:18 14/07/2009]    [02:18 14/07/2009] 21ADFEE21A3E0E7DA971462C37E561D8
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe.manifest    --a---- 47150 bytes    [03:17 21/11/2010]    [03:17 21/11/2010] FF7FC8DBA35E747C40FE2BD22B1EA84E
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d.manifest    ------- 49959 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] 5765D9662CF0570A3E5AFDC1F315D823
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889.manifest    ------- 49959 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] A3DADBDBAD84E2170C2DAFE47F945E3F
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9.manifest    --a---- 46081 bytes    [03:18 21/11/2010]    [03:18 21/11/2010] 0406BE26D2B3090E930DA9BCB9D6B5AF
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848.manifest    ------- 48834 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] 8E88BC09FB3445076271EA173169B942
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84.manifest    ------- 48834 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] F525D5A33D2E9BEAEFCEB84AE168779F
C:\Windows\winsxs\Manifests\x86_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_c294ba07ec4e5df8.manifest    --a---- 4825 bytes    [01:52 14/07/2009]    [01:52 14/07/2009] 6C5331ACC0C03099BA0F2B1518BB31CF
C:\Windows\winsxs\Manifests\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517.manifest    ------- 49957 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] 24A00761938E42710236E8AE6DA554A7
C:\Windows\winsxs\Manifests\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753.manifest    ------- 49957 bytes    [23:32 21/04/2014]    [23:32 21/04/2014] 238821D1B5DAD6D40C52F397371568AC

========== folderfind ==========

Searching for "*digi*"
C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\store\py7digital    d------    [00:13 22/04/2014]
C:\Users\Public\Documents\CyberLink\DigitalHome    d------    [00:13 22/04/2014]
C:\Windows\DigitalLocker    d------    [05:37 14/07/2009]
C:\Windows\assembly\GAC_MSIL\Intuit.QuickBooks.XmlDigitalSignature    d------    [15:57 09/05/2014]
C:\Windows\System32\DriverStore\FileRepository\digitalmediadevice.inf_amd64_neutral_6fd673519d66ab20    d------    [05:30 14/07/2009]
C:\Windows\System32\DriverStore\FileRepository\hiddigi.inf_amd64_neutral_12aaf5742a9969da    d------    [05:30 14/07/2009]
C:\Windows\Temp\CLDigitalHome    d------    [00:13 22/04/2014]
C:\Windows\winsxs\amd64_digitalmediadevice.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ffd83a48de3b881c    d------    [07:06 21/11/2010]
C:\Windows\winsxs\amd64_digitalmediadevice.inf_31bf3856ad364e35_6.1.7600.16385_none_e15a2bcac4c4abc6    d------    [05:29 14/07/2009]
C:\Windows\winsxs\amd64_hiddigi.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92e1a6f8f023c71c    d------    [07:06 21/11/2010]
C:\Windows\winsxs\amd64_hiddigi.inf_31bf3856ad364e35_6.1.7600.16385_none_f15136385f8cfd0e    d------    [05:29 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-digitallocker-adm_31bf3856ad364e35_6.1.7600.16385_none_06415336c01645cc    d------    [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_1eb3558ba4abcf2e    d------    [05:30 14/07/2009]
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_3a233d996daf2ebe    d------    [03:18 21/11/2010]
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_39f231556dd3364d    d------    [23:32 21/04/2014]
C:\Windows\winsxs\amd64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_3a545c56870f7889    d------    [23:32 21/04/2014]
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17514_none_4477e7eba20ff0b9    d------    [03:18 21/11/2010]
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_4446dba7a233f848    d------    [23:32 21/04/2014]
C:\Windows\winsxs\wow64_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_44a906a8bb703a84    d------    [23:32 21/04/2014]
C:\Windows\winsxs\x86_microsoft-windows-v..driver-tvdigital-ks_31bf3856ad364e35_6.1.7600.16385_none_c294ba07ec4e5df8    d------    [05:30 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.17669_none_ddd395d1b575c517    d------    [23:32 21/04/2014]
C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.1.7601.21792_none_de35c0d2ceb20753    d------    [23:32 21/04/2014]

========== regfind ==========

Searching for "*digi*"
No data found.

-= EOF =-



#12 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 March 2015 - 10:49 AM

FYI - the docket isn't on the side of my screen today - I didn't uninstall anything or run any scans since I've posted to the forum.  But my McAfee which is always active did find something the other day - to be honest I don't know what it was but something was deleted - I'm sure I have a log somewhere on the PC.  Just wanted to add this info for you.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 04 March 2015 - 11:22 AM

Thank you for the information. There is no longer any evidence of Digi Dock.

How is your computer running now?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Chrisj8769

Chrisj8769
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 04 March 2015 - 11:24 AM

First thing this am - I still have the program Welcome to Anywhere Access Wizard pop up and want me to install - still - that seems to be the only thing I have noticed this AM.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,392 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:55 AM

Posted 04 March 2015 - 11:30 AM

Can you tell me if you installed and use this program?

SQL Anywhere 12 (HKLM\...\{1DFA77E6-91B2-4DCC-B8BE-98EA70705D39}) (Version: 12.1.3505 - iAnywhere Solutions, Inc.)


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users