Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 7 fine in safemode and very slow in normal mode


  • This topic is locked This topic is locked
5 replies to this topic

#1 RChancellor

RChancellor

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 18 January 2016 - 11:15 AM

I have checked the disk with chkdsk and the ram using windows 7 tools and they look OK. Blew small amount of dust out of machine. Machine is still very slow to start and then normal processes are still slow. Malwarebytes was updated to latest and found nothing running all the options. ESET also did not find anything. Used system restore to go back 2 weeks and still no help on slow response. I am using a different machine to interface with bleeping computer as the other one is almost too slow to use. Also do not want to chance contaminating other machines on network with possible virus/malware that may be on slow machine whose network connection has been unplugged.
 
Hope you can help, do not want to reinstall windows as there are a number of apps that may be lost.
 
Thanks
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by Robert Chancellor (administrator) on 64BIT_WS (18-01-2016 09:46:40)
Running from D:\
Loaded Profiles: Robert Chancellor (Available Profiles: Robert Chancellor)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Charles Schwab & Co., Inc.) C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
( ) C:\Windows\System32\lxeccoms.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(IHS Inc.) C:\Program Files\IHS\KingdomSuite2015\TKS90\KingdomSchedulingService.exe
(IHS Inc.) C:\Program Files (x86)\KINGDOMSuite\TKS88\KingdomSchedulingService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2907240 2011-07-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology enterprise\IAStorIcon.exe [294896 2013-06-28] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-06-25] (cyberlink)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-09-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Nuance PDF Create 7-reminder] => "C:\Program Files (x86)\Nuance\PDFCreate\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Create 7\Ereg\Ereg.ini"
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-08-28] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-05-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] => C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [973720 2011-11-25] (Razer USA Ltd)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-19] (Acronis International GmbH)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1540896 2015-07-15] (Seagate Technology LLC)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-01-15] (AMD)
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\Run: [QuickLaunch] => C:\Program Files (x86)\Schwab\StreetSmart Edge\QuickLaunch.exe [12288 2015-03-03] (Charles Schwab & Co., Inc.)
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2015-07-15] (Seagate Technology LLC)
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\MountPoints2: {ad11a20e-f137-11e2-823c-b8ca3a88e530} - "H:\WD SmartWare.exe" autoplay=true
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KingdomSchedulingService 2015 (64 bit).lnk [2014-07-21]
ShortcutTarget: KingdomSchedulingService 2015 (64 bit).lnk -> C:\Program Files\IHS\KingdomSuite2015\TKS90\KingdomSchedulingService.exe (IHS Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KingdomSchedulingService 8.8 (32 bit).lnk [2013-07-15]
ShortcutTarget: KingdomSchedulingService 8.8 (32 bit).lnk -> C:\Program Files (x86)\KINGDOMSuite\TKS88\KingdomSchedulingService.exe (IHS Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KingdomSchedulingService 8.8 (64 bit).lnk [2013-08-05]
ShortcutTarget: KingdomSchedulingService 8.8 (64 bit).lnk -> C:\Program Files\KingdomSuite\TKS88\KingdomSchedulingService.exe (IHS Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2013-07-15]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6819A45E-7133-4A6C-A122-B6B43FD2B18B}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-908106654-4229965763-1474128001-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13-comm.msn.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-908106654-4229965763-1474128001-1000 -> DefaultScope {8B2186E8-0004-49CE-B329-255719734728} URL =
SearchScopes: HKU\S-1-5-21-908106654-4229965763-1474128001-1000 -> {8B2186E8-0004-49CE-B329-255719734728} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-12-17] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-17] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2013-12-21] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-908106654-4229965763-1474128001-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
DPF: HKLM-x32 {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Robert Chancellor\AppData\Roaming\Mozilla\Firefox\Profiles\a7ybvgxp.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.38 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll [2012-05-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-07-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-908106654-4229965763-1474128001-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Robert Chancellor\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-07-15] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2014-06-26] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Robert Chancellor\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-06-26] (Cisco WebEx LLC)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-17]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2015-12-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [98304 2012-12-11] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-06-25] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 lxec_device; C:\Windows\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSSQL$SMTKINGDOM; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-07-15] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2015-07-15] (Seagate Technology LLC)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [38144 2013-05-15] (Advanced Micro Devices, Inc.)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-01] (Acronis International GmbH)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [26512 2013-06-28] (Intel Corporation)
R0 iaStorS; C:\Windows\System32\drivers\iaStorS.sys [660880 2013-06-28] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [1982952 2011-09-23] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R2 SENT64; C:\Windows\System32\Drivers\Sent64.sys [35472 2015-12-11] (SafeKey International, Inc.) [File not signed]
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58792 2009-09-17] (SafeNet, Inc.)
R2 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-01] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-22] (Acronis International GmbH)
S0 gdrrc; System32\drivers\eeloc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 09:45 - 2016-01-18 09:46 - 00000000 ____D C:\FRST
2016-01-18 08:56 - 2016-01-18 09:42 - 00005014 _____ C:\Windows\System32\Tasks\WSCEAA
2016-01-18 08:41 - 2016-01-18 08:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2016-01-17 19:43 - 2016-01-17 19:43 - 00003728 ____N C:\bootsqm.dat
2016-01-12 08:01 - 2016-01-12 08:01 - 02519461 _____ C:\Users\Robert Chancellor\Downloads\MS SeriesOwnersManual.pdf
2016-01-12 07:56 - 2016-01-12 07:56 - 01533386 _____ C:\Users\Robert Chancellor\Downloads\ME-ARC.pdf
2016-01-12 07:55 - 2016-01-12 07:55 - 02465654 _____ C:\Users\Robert Chancellor\Downloads\MagnumMS_PAE.pdf
2016-01-07 09:54 - 2016-01-17 23:08 - 00000000 ___RD C:\SMT Galveston Chambers Retained data 8.8
2016-01-06 18:31 - 2016-01-06 19:12 - 00000000 ____D C:\Music CDs Recorded MASTER
2016-01-05 16:16 - 2016-01-05 16:16 - 00197256 _____ C:\Users\Robert Chancellor\Downloads\i3_Quick_Installation_Guide_.pdf
2016-01-05 16:15 - 2016-01-05 16:16 - 12214085 _____ C:\Users\Robert Chancellor\Downloads\i4-i4P_Manual.pdf
2016-01-05 16:15 - 2016-01-05 16:15 - 12214085 _____ C:\Users\Robert Chancellor\Downloads\i3_Manual.pdf
2016-01-03 18:10 - 2016-01-17 23:08 - 00000000 ____D C:\Ripped CDs to wav 1_3_2016
2016-01-01 20:12 - 2016-01-01 20:12 - 82057818 _____ C:\Users\Robert Chancellor\Downloads\BEv2.22_120626_BDP1600_XAA.zip
2016-01-01 20:12 - 2016-01-01 20:12 - 00080439 _____ C:\Users\Robert Chancellor\Downloads\Upgrade_Guide_USB.pdf
2016-01-01 20:09 - 2016-01-01 20:09 - 13976649 _____ C:\Users\Robert Chancellor\Downloads\01783H-BD-P1590_1590C_1600-XAA-ENG-0715-BM[1][1].pdf
2016-01-01 13:59 - 2016-01-01 13:59 - 00000000 ____D C:\Users\Robert Chancellor\AppData\Local\Windows Live
2015-12-30 20:17 - 2015-12-30 20:20 - 424108520 _____ C:\Users\Robert Chancellor\Downloads\AcronisTrueImage2016_web(1).exe
2015-12-30 20:09 - 2015-12-30 20:11 - 424108520 _____ C:\Users\Robert Chancellor\Downloads\AcronisTrueImage2016_web.exe
2015-12-30 17:49 - 2015-12-30 17:49 - 12150154 _____ C:\Users\Robert Chancellor\Downloads\Newmar_PTN_Catalog_2012-Web.pdf
2015-12-28 17:46 - 2015-12-28 17:47 - 05296618 _____ C:\Users\Robert Chancellor\Downloads\_20121220143010_45084.pdf
2015-12-28 16:36 - 2015-12-28 16:34 - 00006155 _____ C:\Users\Robert Chancellor\Desktop\FRIDirUtil1v7.xlsm - Shortcut.lnk
2015-12-28 12:08 - 2015-12-28 12:08 - 00000000 ____D C:\Users\Robert Chancellor\Documents\Outlook Files
2015-12-24 19:42 - 2016-01-17 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 12:02 - 2015-12-22 12:02 - 01015969 _____ C:\Users\Robert Chancellor\Downloads\CA-1550 Battery tester.pdf
2015-12-22 11:26 - 2015-12-22 11:26 - 00447528 _____ C:\Users\Robert Chancellor\Downloads\8A8DLTP-DEKA.pdf
2015-12-22 11:25 - 2015-12-22 11:25 - 00162433 _____ C:\Users\Robert Chancellor\Downloads\Deka Battery manual.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 09:46 - 2015-05-16 00:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa19d5bee79.job
2016-01-18 09:46 - 2014-07-28 13:05 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-908106654-4229965763-1474128001-1000.job
2016-01-18 09:45 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-18 09:44 - 2009-07-13 23:13 - 00874460 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-18 09:44 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-18 09:42 - 2015-06-01 03:19 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-908106654-4229965763-1474128001-1000.job
2016-01-18 09:34 - 2015-02-05 03:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04126341c07d4.job
2016-01-18 09:34 - 2014-10-21 06:23 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed29cfbe4d83.job
2016-01-18 09:29 - 2014-06-16 16:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf89b0bd834495.job
2016-01-18 09:25 - 2013-09-12 15:21 - 00000000 ____D C:\nds
2016-01-18 09:25 - 2013-07-04 20:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-18 08:54 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 08:54 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 08:43 - 2015-12-11 17:44 - 00000200 _____ C:\Windows\system32\Drivers\LOCK.SSP
2016-01-18 08:41 - 2015-05-16 00:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa19c681507.job
2016-01-18 08:41 - 2015-02-05 03:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412632f9170b.job
2016-01-18 08:41 - 2014-02-12 13:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf282ce1c4002c.job
2016-01-18 08:41 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-18 08:22 - 2013-07-11 08:03 - 01305386 _____ C:\Windows\ntbtlog.txt
2016-01-17 23:34 - 2014-12-10 03:28 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-17 23:34 - 2014-05-06 09:28 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-17 23:34 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\L2Schemas
2016-01-17 23:15 - 2015-04-10 12:13 - 00000000 ___SD C:\Windows\system32\GWX
2016-01-17 23:15 - 2013-07-10 16:19 - 00000000 ____D C:\Users\Robert Chancellor
2016-01-17 23:10 - 2013-07-11 07:59 - 00000000 ____D C:\Windows\Minidump
2016-01-17 23:08 - 2015-05-31 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-01-17 23:08 - 2015-05-31 13:19 - 00000000 ____D C:\ProgramData\ESET
2016-01-17 23:08 - 2013-09-06 12:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-17 23:08 - 2013-07-24 10:00 - 00000000 ____D C:\ProgramData\Licenses
2016-01-17 23:07 - 2010-11-21 01:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-01-17 23:06 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2016-01-17 22:52 - 2013-07-12 15:08 - 00000000 ____D C:\Users\Robert Chancellor\Documents\My PaperPort Documents
2016-01-17 11:41 - 2013-07-19 18:29 - 00000000 ____D C:\Users\Robert Chancellor\AppData\Local\CrashDumps
2016-01-07 11:01 - 2013-07-04 21:07 - 00000000 ____D C:\ProgramData\Temp
2016-01-07 09:08 - 2013-07-24 14:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-07 09:08 - 2013-07-24 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-04 04:03 - 2015-11-12 08:12 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade – Refresh settings
2016-01-03 01:00 - 2013-07-15 11:26 - 00000000 ____D C:\Users\Robert Chancellor\AppData\Local\ElevatedDiagnostics
2016-01-02 09:55 - 2013-07-24 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-02 01:25 - 2013-07-04 20:36 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 01:25 - 2013-07-04 20:36 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 01:25 - 2013-07-04 20:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-31 17:45 - 2013-09-30 16:57 - 00000000 ____D C:\ProgramData\Rose Point Navigation Systems
2015-12-31 13:25 - 2015-06-01 03:19 - 00003712 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-908106654-4229965763-1474128001-1000
2015-12-31 13:25 - 2014-07-28 13:05 - 00003616 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-908106654-4229965763-1474128001-1000
2015-12-28 19:05 - 2013-09-30 17:21 - 00000000 ____D C:\Users\Robert Chancellor\AppData\Local\Rose Point Navigation Systems
2015-12-28 12:23 - 2014-04-08 16:43 - 00000218 _____ C:\Windows\system32\waazi1c.tgz
2015-12-28 12:23 - 2014-04-08 16:43 - 00000204 _____ C:\Windows\system32\waazi1c.dll
2015-12-28 12:23 - 2014-04-08 16:43 - 00000114 _____ C:\Windows\system32\prsgrc.tgz
2015-12-28 12:23 - 2014-04-08 16:43 - 00000100 _____ C:\Windows\system32\prsgrc.dll
2015-12-28 12:23 - 2014-04-08 16:43 - 00000086 _____ C:\Windows\system32\ssprs.tgz
2015-12-21 13:17 - 2013-07-15 13:00 - 00007608 _____ C:\Users\Robert Chancellor\AppData\Local\Resmon.ResmonCfg
2015-12-21 11:31 - 2009-07-13 23:08 - 00032568 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-20 14:14 - 2013-07-15 10:48 - 00000000 ____D C:\TKSCaching

==================== Files in the root of some directories =======

2015-01-09 07:54 - 2015-07-28 17:44 - 0004608 _____ () C:\Users\Robert Chancellor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-15 13:00 - 2015-12-21 13:17 - 0007608 _____ () C:\Users\Robert Chancellor\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Robert Chancellor\AppLauncher.exe


Some files in TEMP:
====================
C:\Users\Robert Chancellor\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\AUTORUN.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\COMAP.EXE
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Runner.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\uninstall.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\UnSnagIt.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Update.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Util.dll
C:\Users\Robert Chancellor\AppData\Local\Temp\wsvo7xy8.dll
C:\Users\Robert Chancellor\AppData\Local\Temp\_isECFC.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 00:36

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Robert Chancellor (2016-01-18 09:47:10)
Running from D:\
Windows 7 Professional Service Pack 1 (X64) (2013-07-10 22:18:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-908106654-4229965763-1474128001-500 - Administrator - Disabled)
Guest (S-1-5-21-908106654-4229965763-1474128001-501 - Limited - Enabled)
Robert Chancellor (S-1-5-21-908106654-4229965763-1474128001-1000 - Administrator - Enabled) => C:\Users\Robert Chancellor

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acronis True Image 2015 (HKLM-x32\...\{35CFA5F4-EE2D-4B13-AAED-BC643B6874B5}Visible) (Version: 18.0.6613 - Acronis)
Acronis True Image 2015 (x32 Version: 18.0.6613 - Acronis) Hidden
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.13 - Adobe Systems)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0090FE16-2582-0185-73D2-292DA202F7F7}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Baker Hughes MetaWin (HKLM-x32\...\{5524C265-F2DE-4F18-9BAE-9526A745EDC5}) (Version: 5.20 - Baker Hughes)
BlueView (HKLM-x32\...\{EA494E7E-2624-4A83-9C7D-44E62871B99E}) (Version: 1.00.64 - Schlumberger)
BMC AppSight Black Box X64 Addition (x32 Version: 7.5 - BMC Software) Hidden
BMC AppSight Windows Black Box (HKLM-x32\...\InstallShield_{9BA2A3B8-6E26-484B-B820-A8671FAE2132}) (Version: 7.5 - BMC Software)
BMC AppSight Windows Black Box (x32 Version: 7.5 - BMC Software) Hidden
BRAdmin Professional 3 (HKLM-x32\...\{75C885D4-C758-4896-A3B4-90DA34B44C31}) (Version: 3.50.0002 - Brother)
Brother MFL-Pro Suite MFC-J4710DW (HKLM-x32\...\{DD98C438-D769-4677-AA87-3481FA32D20C}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (HKLM-x32\...\{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.2300 - Brother Industries, Ltd.)
Brother P-touch Software (x32 Version: 1.0.006 - Brother Industries, Ltd. ) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Classic Menu for Office 2010 and 2013 (HKLM-x32\...\{04BB6BFE-47D7-456A-B782-4EE1ECC172DF}) (Version: 5.85 - Detong Technology Ltd.)
Coastal Explorer (HKLM-x32\...\Coastal Explorer) (Version: - Rose Point Navigation Systems)
Coastal Explorer 2011 (HKLM-x32\...\Coastal Explorer 2011) (Version: 3.1 - Rose Point Navigation Systems)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5425 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataView (HKLM-x32\...\{0259D2F8-69FA-4307-9586-5A4646042424}) (Version: 1.6.7230 - Schlumberger)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
DI Desktop (HKLM-x32\...\DI Desktop) (Version: - Drillinginfo)
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
ESET NOD32 Antivirus (HKLM\...\{D6885DDE-4632-4640-A3BB-13C9F02CE81C}) (Version: 8.0.312.0 - ESET, spol s r. o.)
FolderMatch v3.4.8 (HKLM-x32\...\ST6UNST #1) (Version: - )
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
GEOe-View (HKLM-x32\...\{F3E2587E-FB14-41E5-B8AC-CB53B2233C88}) (Version: 7.01.4014 - SDC Software Ltd.)
Global Mapper 11 (HKLM-x32\...\{CC83C25E-981D-4F73-A238-E36A7A8EB725}) (Version: 11.00.0010 - Global Mapper Software)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
GPSBabel 1.4.4 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version: - GPSBabel)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IHS Kingdom SQL Server Express Utilities (HKLM-x32\...\{BF754DDA-E529-4122-8437-E3033CE341C5}) (Version: 2.0 - IHS Inc.)
IHS Kingdom Update Manager (HKLM-x32\...\{6A7E236B-4F99-4988-B666-1AF68F244B60}) (Version: 2.2.0 - IHS Global Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1010 - Intel Corporation)
Intel® Identity Protection Technology 1.2.27.0 (HKLM-x32\...\{F109D156-577D-101B-A622-CF4351943AA4}) (Version: 1.2.27.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Rapid Storage Technology enterprise (HKLM-x32\...\{8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}) (Version: 3.7.0.1092 - Intel Corporation)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Larson VizEx Pro (HKLM-x32\...\{8B085E05-A45A-437D-B5ED-CA4EE4E01E04}) (Version: 9.8.5 - Larson Software Technology)
Larson VizEx Reader (HKLM-x32\...\{FB5A9715-810D-4087-8DF1-F75C98052E97}) (Version: 9.8.5 - Larson Software Technology)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MapSource - Americas BlueChart v5 (HKLM-x32\...\{603F460F-49B5-41C9-BE15-E73924C6CAD2}) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional 2013 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-908106654-4229965763-1474128001-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{064C41F6-09D4-4430-B88C-F14AE35C334C}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server Management Objects Collection (HKLM\...\{B2EA2CCC-7920-468F-AD46-F409F97644E0}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Management Studio Express (HKLM\...\{B6C87B73-79A5-401A-A12A-4DD96EC40442}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{909394EB-4868-4E85-87F1-360B46114793}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
PDSView 3.5 (HKLM-x32\...\{9CC080A4-3455-427F-9B5C-8C24A2ACB025}) (Version: 3.5 - Schlumberger)
PI/Dwights PLUS on CD (HKLM-x32\...\PI/Dwights PLUS on CD) (Version: - )
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
Razer Mamba (HKLM-x32\...\{BF60B320-3AA3-4DFB-B542-BDA6D4F1A60E}) (Version: 2.01.05 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5890 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.39.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.39.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator BDAV Plugin (HKLM-x32\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Scansoft PDF Professional (x32 Version: - ) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.2.002.0 - Seagate)
SeiSee 2.15.4 (HKLM-x32\...\{9C0B04F5-B1A1-4A1B-B364-5CE51E108048}_is1) (Version: - DMNG)
Sentinel System Driver Installer 7.5.1 (HKLM-x32\...\{BF9E346B-5ECE-4A18-9510-55729FD08323}) (Version: 7.5.1 - SafeNet, Inc.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
Snagit 11 (HKLM-x32\...\{A56C6348-59D0-433B-A48A-75914858664E}) (Version: 11.2.1 - TechSmith Corporation)
Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
StreetSmart Edge® (HKLM-x32\...\{5646676A-5A97-4B66-BE71-1B1770AD982B}) (Version: 1.34.96.0 - Schwab)
The Kingdom Software 2015 (64-bit) (HKLM\...\{1770621E-4590-4072-AC2F-A20D76B66DFC}) (Version: 9.0.69.0 - IHS Inc.)
The Kingdom Software 8.8 (32-bit) (HKLM-x32\...\{88AA0A2E-0670-474B-81AD-091FD5F77CE2}) (Version: 8.8 - IHS Inc.)
The Kingdom Software 8.8 (32-bit) (x32 Version: 8.8 - IHS Inc.) Hidden
The Kingdom Software 8.8 (64-bit) (HKLM-x32\...\{88AA21A6-662F-45AF-9776-C8235C6BAD38}) (Version: 8.8 - IHS Inc.)
The KINGDOM Software 8.8 (64-bit) (x32 Version: 8.8 - IHS Inc.) Hidden
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-908106654-4229965763-1474128001-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\3499\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {029F7E5B-60EE-4731-841C-520C89C4A2C4} - System32\Tasks\G2MUpdateTask-S-1-5-21-908106654-4229965763-1474128001-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {0C71B2E7-DF67-4A8F-AD65-9477FD00583D} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-07-15] (Seagate Technology LLC)
Task: {0E41C76B-AC0E-4977-85E1-57D766781509} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {174412EF-3AFC-4464-859C-AA9C2A6D4AAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {19B549A8-B3F1-41A3-AE21-230096B06EBB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {24CDFA9E-B706-40BC-8E04-FEB365174DEA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {26E368E7-3530-4790-97B0-7F4A138CAFC2} - System32\Tasks\G2MUploadTask-S-1-5-21-908106654-4229965763-1474128001-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3D993539-8E05-4257-8395-DCCD562C0C67} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {3EB1C56B-6B52-481C-A36E-FAE23A1DD0EB} - System32\Tasks\{9870EAD2-F01D-451A-B418-7E56E337F44B} => pcalua.exe -a "C:\Program Files (x86)\TechSmith\SnagIt 7\SIUNINST.EXE"
Task: {4B7E407A-A224-4033-AA30-E827DA10AC40} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {527EB880-8649-460D-AC5F-4D9F3B446A8B} - System32\Tasks\GoogleUpdateTaskMachineUA1cfed29cfbe4d83 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {734291E1-1A78-4C99-B30A-9BFF76A4FC08} - System32\Tasks\Robert Chancellor DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2015-07-15] (Seagate Technology LLC)
Task: {79DD35DB-C8DA-491A-AB2C-9C58C1649B2B} - System32\Tasks\Robert Chancellor Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {8EC2ED54-76D7-4582-B13E-13D0477675E6} - System32\Tasks\GoogleUpdateTaskMachineCore1cf282ce1c4002c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A1F14014-170F-4D89-8E25-6E98F3F0A03F} - System32\Tasks\Robert Chancellor => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-07-15] (Seagate Technology LLC)
Task: {A6795061-9F99-4DED-BDCC-AA0437F296B4} - System32\Tasks\GoogleUpdateTaskMachineUA1cf89b0bd834495 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B6DCF738-E489-4732-AACD-B9B67D85B015} - System32\Tasks\ESET Windows 10 upgrade – Refresh settings => C:\Program Files\Common Files\AV\ESET NOD32 Antivirus 8.0\upgrade.exe [2015-11-23] (ESET)
Task: {CAD696AB-4AE1-4DAD-96C1-853797841527} - System32\Tasks\GoogleUpdateTaskMachineUA1d08fa19d5bee79 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DA031888-C044-486F-A0FB-640846FAB047} - System32\Tasks\GoogleUpdateTaskMachineCore1d0412632f9170b => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E85CA22E-860A-41E3-A6C6-888480BF3BC2} - System32\Tasks\GoogleUpdateTaskMachineCore1d08fa19c681507 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F54A4CDA-F28D-49E7-BF3C-5CC5BAFA97EF} - System32\Tasks\{1A32FC8E-15F4-4A64-A286-F9A661277763} => C:\Program Files (x86)\TechSmith\SnagIt 7\SnagIt32.exe
Task: {F6496141-5DDB-4897-A2F5-05CB6B770496} - System32\Tasks\GoogleUpdateTaskMachineUA1d04126341c07d4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-908106654-4229965763-1474128001-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-908106654-4229965763-1474128001-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf282ce1c4002c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0412632f9170b.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d08fa19c681507.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf89b0bd834495.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfed29cfbe4d83.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d04126341c07d4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d08fa19d5bee79.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-08-19 09:43 - 2009-11-04 12:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2014-08-24 07:10 - 2015-09-01 10:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-07-21 09:37 - 2012-12-11 09:02 - 00098304 _____ () C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
2014-03-28 03:18 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-11 09:05 - 2013-03-11 09:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 09:04 - 2013-03-11 09:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 08:47 - 2012-05-11 08:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
2013-08-29 15:41 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-05-29 15:12 - 2013-05-29 15:12 - 00095232 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\VideoRecording.dll
2013-05-29 15:11 - 2013-05-29 15:11 - 00089088 _____ () C:\Program Files (x86)\TechSmith\Snagit 11\SDKRecorder.dll
2013-05-29 15:05 - 2013-05-29 15:05 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 11\PDFNetC.dll
2015-07-20 08:08 - 2015-07-20 08:08 - 00037696 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2015-07-20 08:08 - 2015-07-20 08:08 - 00034624 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-07-20 08:15 - 2015-07-20 08:15 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-07-20 08:10 - 2015-07-20 08:10 - 00129344 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\EXPAT.dll
2014-11-10 08:10 - 2014-11-10 08:10 - 00019968 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\PSIClient\6d8fac5fffed296b6c9aa435cc59524d\PSIClient.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:728B799F

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-07-08 18:04 - 2014-07-08 18:04 - 00001065 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-908106654-4229965763-1474128001-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Robert Chancellor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{37FBF664-6A25-430E-BF7C-0D740AB64D62}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{12CF732D-134C-4E7D-AA87-8723BC0968E4}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{60F1DD84-900F-452B-A5EC-CF55F19594F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{64F2904B-B4C3-4B4C-AFC8-7903B67330D0}] => (Allow) LPort=2869
FirewallRules: [{5412BA25-8022-4C39-A55D-CEFC840B70B4}] => (Allow) LPort=1900
FirewallRules: [{199BAA36-5FC6-4999-A7A7-68BA8C64DBAD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{CD4883DE-E2A4-4FC7-AF9E-EFF819EDFCD3}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{7C0C5427-AAC7-4C2B-A053-24E570404DC1}] => (Allow) C:\Users\Robert Chancellor\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{42E1A016-A6F2-45BE-B627-02C0A412E1E1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{C314C51B-AF37-44E2-9D5C-DC60AB631121}] => (Allow) C:\Program Files\Common Files\mcafee\platform\mcsvchost\McSvHost.exe
FirewallRules: [{4B937676-585C-40E0-BE67-50ACB178AE7E}] => (Allow) LPort=135
FirewallRules: [{72F5DDFB-D813-4EF0-8411-4694296FE2D5}] => (Allow) LPort=4979
FirewallRules: [{123B48CC-2301-4CD5-8B88-AF6DE08A051A}] => (Allow) C:\Program Files (x86)\BMC Software\BMC AppSight\AppSight for Windows\Bin\BlackBox.exe
FirewallRules: [{CA0496A7-BA90-48FF-8DC0-4309440CB04C}] => (Allow) C:\Program Files (x86)\BMC Software\BMC AppSight\AppSight for Windows\Bin\API\BBxExt\BBxExtClient.exe
FirewallRules: [{2C383490-898E-4085-856B-61F24C5A7DDB}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{CAE1E66C-253E-4FB5-84AB-2620AB9790C4}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{DFBE9B07-43D9-4D6C-8659-65DB612BBDC7}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{7F04EA5E-C0E4-484A-AC55-57D4222E8E61}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
FirewallRules: [{C4999DA2-D815-468F-8E11-A63363B3F160}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{9FFF6DD0-5DEC-434E-A6FC-719D582A8CDC}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\discover.exe
FirewallRules: [{3A21F85C-476C-45A9-AD3C-8CDB0C00E9B5}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{8A4011EB-CF70-44EB-9354-3CF1EF086D25}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\auditorserver.exe
FirewallRules: [{390A28E9-F310-48EB-ACED-62015C06160C}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{CFF7F4FC-041F-4757-AE81-528B4B617951}] => (Allow) C:\Program Files (x86)\Brother\BRAdmin Professional 3\bradminv3.exe
FirewallRules: [{2EB75E03-55AD-4FC2-B751-D52654A941B7}] => (Allow) C:\Windows\system32\lxeccoms.exe
FirewallRules: [TCP Query User{2B62802F-6AD0-4BD9-95F2-57C85A8726BD}C:\program files (x86)\coastal explorer\chart.exe] => (Allow) C:\program files (x86)\coastal explorer\chart.exe
FirewallRules: [UDP Query User{B0103D0C-9AD9-47F4-A11E-5025B36185CC}C:\program files (x86)\coastal explorer\chart.exe] => (Allow) C:\program files (x86)\coastal explorer\chart.exe
FirewallRules: [{62B7879D-A83D-43F4-B53B-FCA17E956783}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{8A12DC7A-BBA3-4AC3-99BC-486ADBD42151}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EBEB0CF0-95B6-4114-8C8B-F786EDB3D6A7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{2845C019-BB37-4129-8E5A-85248D5C5E34}C:\program files (x86)\coastal explorer\chart.exe] => (Allow) C:\program files (x86)\coastal explorer\chart.exe
FirewallRules: [UDP Query User{3D8FDD7E-5FF0-4700-BA2B-5A49C316C14B}C:\program files (x86)\coastal explorer\chart.exe] => (Allow) C:\program files (x86)\coastal explorer\chart.exe
FirewallRules: [TCP Query User{B58578D9-086B-4FF1-98F2-F787890E399E}C:\users\robert chancellor\appdata\local\temp\g2_1470\g2viewer.exe] => (Allow) C:\users\robert chancellor\appdata\local\temp\g2_1470\g2viewer.exe
FirewallRules: [UDP Query User{A421494B-0C76-4AF6-BE40-523B7C84E4C8}C:\users\robert chancellor\appdata\local\temp\g2_1470\g2viewer.exe] => (Allow) C:\users\robert chancellor\appdata\local\temp\g2_1470\g2viewer.exe
FirewallRules: [{C4B542D9-EF01-468D-88DE-2CA5D944683C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{5E9547BA-32CC-4009-B463-1BD15D54C75D}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{56455DDC-3326-4E37-AE96-54CD6AD80E7B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1780CAE6-5331-4322-9E2A-D3653A35E5A6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{E8F0E00F-D5D2-4578-875F-29C9B5DB46BD}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [UDP Query User{ADD462E2-E91E-42B1-99AD-00496931BCDF}C:\program files (x86)\acronis\trueimagehome\trueimage.exe] => (Block) C:\program files (x86)\acronis\trueimagehome\trueimage.exe
FirewallRules: [{E3DF805A-6B8C-4E59-A577-7C75A088FE94}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{266A3979-175C-4A5C-893F-A235DCF824E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6926BC15-BDB0-4478-A68A-34DC1768662B}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{A02F30D8-F543-4BD0-8986-CF8DD1E13AC6}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{943954AC-2D64-42B9-A16C-76EC570EFBFF}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{3EEE99A6-AB65-4908-BF92-6DB8EFCCA82A}] => (Allow) LPort=8888

==================== Restore Points =========================

07-01-2016 11:46:55 Scheduled Checkpoint
08-01-2016 04:11:07 Windows Update
12-01-2016 03:56:04 Windows Update
15-01-2016 04:13:06 Windows Update
18-01-2016 09:17:31 Removed Brava! Reader 7.2.
18-01-2016 09:23:40 Removed NeuraView.

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2016 08:43:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2016 07:59:59 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (01/18/2016 07:57:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 11:27:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 11:16:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 07:46:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 12:58:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wmiprvse.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d42
Faulting module name: TdmWmiProvider.dll, version: 5.0.2.24, time stamp: 0x513671b8
Exception code: 0xc0000005
Fault offset: 0x000000000001ad88
Faulting process id: 0x6ec
Faulting application start time: 0xwmiprvse.exe0
Faulting application path: wmiprvse.exe1
Faulting module path: wmiprvse.exe2
Report Id: wmiprvse.exe3

Error: (01/17/2016 12:54:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 12:27:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 12:22:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Dashboard.EXE version 4.2.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: a8c

Start Time: 01d1515248d7010b

Termination Time: 1444

Application Path: C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.EXE

Report Id: 29bc3302-bd47-11e5-968a-b8ca3a88e530


System errors:
=============
Error: (01/18/2016 08:43:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
gdrrc

Error: (01/18/2016 08:41:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (01/18/2016 08:41:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (01/18/2016 07:58:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084TdmService{2F723A84-FD6F-4C32-9477-391FA6EA0BB6}

Error: (01/18/2016 07:58:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (01/18/2016 07:58:43 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (01/18/2016 07:57:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/18/2016 07:57:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/18/2016 07:57:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (01/18/2016 07:57:14 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Xeon® CPU E5-2643 0 @ 3.30GHz
Percentage of memory in use: 20%
Total physical RAM: 16341.66 MB
Available physical RAM: 13010.5 MB
Total Virtual: 49107.87 MB
Available Virtual: 45510.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:214.88 GB) NTFS
Drive d: (Thumb 1) (Removable) (Total:0.96 GB) (Free:0.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 56C707FB)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=750 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 991 MB) (Disk ID: BAA0A00D)
Partition 1: (Active) - (Size=979 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 20 January 2016 - 09:50 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:38 PM

Posted 20 January 2016 - 09:53 PM

Greetings RChancellor and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-908106654-4229965763-1474128001-1000 -> DefaultScope {8B2186E8-0004-49CE-B329-255719734728} URL =
SearchScopes: HKU\S-1-5-21-908106654-4229965763-1474128001-1000 -> {8B2186E8-0004-49CE-B329-255719734728} URL =
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
S0 gdrrc; System32\drivers\eeloc.sys [X]
2015-12-28 12:23 - 2014-04-08 16:43 - 00000218 _____ C:\Windows\system32\waazi1c.tgz
2015-12-28 12:23 - 2014-04-08 16:43 - 00000204 _____ C:\Windows\system32\waazi1c.dll
2015-12-28 12:23 - 2014-04-08 16:43 - 00000114 _____ C:\Windows\system32\prsgrc.tgz
2015-12-28 12:23 - 2014-04-08 16:43 - 00000100 _____ C:\Windows\system32\prsgrc.dll
2015-12-28 12:23 - 2014-04-08 16:43 - 00000086 _____ C:\Windows\system32\ssprs.tgz
C:\Users\Robert Chancellor\AppLauncher.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\AUTORUN.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\COMAP.EXE
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Runner.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\uninstall.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\UnSnagIt.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Update.exe
C:\Users\Robert Chancellor\AppData\Local\Temp\Util.dll
C:\Users\Robert Chancellor\AppData\Local\Temp\wsvo7xy8.dll
C:\Users\Robert Chancellor\AppData\Local\Temp\_isECFC.exe
AlternateDataStreams: C:\ProgramData\Temp:728B799F
File: C:\Windows\system32\Drivers\LOCK.SSP
Folder: C:\TKSCaching
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:38 PM

Posted 24 January 2016 - 06:58 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 RChancellor

RChancellor
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 25 January 2016 - 03:59 PM

Thanks for volunteering to assist. i modified the apps startup list and removed and reinstalled the virus software and this made the boot much faster. PC looks good to go at this point. Thanks again for the effort.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:38 PM

Posted 25 January 2016 - 04:02 PM

Thanks for letting us know, I am glad you were able to resolve things. We are always here if you should need us again.

I will close the Topic but feel free to send me a Personal Message if something comes up in the next few days.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,203 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:38 PM

Posted 25 January 2016 - 04:03 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users