Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Work computer very sluggish.


  • This topic is locked This topic is locked
23 replies to this topic

#1 GeoGoGo

GeoGoGo

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 22 February 2016 - 12:48 PM

Hi Everyone,

 

I have been dealing with this issue for several months now.  My desktop is an HP 8200 tower with an Intel Core i5 @ 3.10 GHz with 16 GB ram running Windows Professional SP1 64 bit.  It is on a domain and with Symantec SEPP.  This machine suffers from routine IE crashes and runs generally very sluggish on our gigabit network.  Upon a reboot, it takes easily 5 minutes before it settles down and is ready to use.  Thirty seconds after opening IE the page has finally loaded.  Same with Chrome.

 

I run a lot of software tools on the computer so I am always very cognizant of scanning and updating this machine.  I have run all the malware tools that I have and it comes up clean.  I have just gotten frustrated with all the lost time waiting for this machine to sort it self out.  Any assistance will be greatly appreciated.  Thank you all for the time!  I have included the FRST logs as required.

 

 

Respectfully,

 

George D.

 

LastRegBack: 2016-01-21 10:37

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 27 February 2016 - 09:35 AM

Sorry for the delay. I must tell you that there was a problem with that FRST log. Could you try running it again, and post it? Then give me a little time to study it.

Edited by Bezukhov, 27 February 2016 - 09:45 AM.

To err is Human. To blame it on someone else is even more Human.

#3 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 02 March 2016 - 12:32 PM

Bezukhov,

 

My apologies for not getting back to you sooner.  For some reason, I did not get notification of the reply.  You will find the log below.  Now it looks right!  Thank you for the help!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
Ran by gdalessandro (administrator) on HP8200-GDALESSA (02-03-2016 12:29:44)
Running from C:\Users\gdalessandro\Desktop\FRST
Loaded Profiles: gdalessandro (Available Profiles: Owner & HP8200Elite & gdalessandro)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470248 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2014-11-20] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-13] (Google Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [GoogleChromeAutoLaunch_74B9D4DA976780380B9B2B656427761E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [Dropbox Update] => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-04]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 10.250.0.41 10.250.0.42
Tcpip\..\Interfaces\{F8DBE938-30FE-44EA-BA46-5ACB20250542}: [DhcpNameServer] 10.250.0.41 10.250.0.42

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> {04BEC197-4355-4DC5-9FA6-9E9F05C30409} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2063

FireFox:
========
FF ProfilePath: C:\Users\gdalessandro\AppData\Roaming\Mozilla\Firefox\Profiles\lwq6b1ky.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: v9
FF Homepage: google.com
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3915526683-1073962682-3848504125-2589: @kaseya.com/LiveConnect63 -> C:\Users\gdalessandro\AppData\Local\Mozilla\Plugins [2015-06-02] ()
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Store) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfgnpeijmldmjbigmlbjnkjlifodjfmm] - C:\Users\gdalessandro\AppData\Local\Kaseya\LiveConnect\LiveConnect-6-3.crx [2015-03-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [225976 2014-11-20] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3649720 2014-11-20] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [137224 2011-10-30] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe [2594816 2011-10-30] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1979608 2014-11-18] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [228024 2014-11-21] (VMware)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-12-01] (VMware, Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-25] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-03] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-03] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2007-07-16] (Hewlett Packard)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [18328 2010-04-09] (Initio Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150202.034\ENG64.SYS [129752 2015-02-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150202.034\EX64.SYS [2137304 2015-02-03] (Symantec Corporation)
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] (Christian Gulden)
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [23608 2014-01-13] (Christian Gulden)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-10-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-05-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-10-30] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-10-30] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 10:14 - 2016-03-01 10:14 - 06837784 _____ (Piriform Ltd) C:\Users\gdalessandro\Desktop\ccsetup515.exe
2016-03-01 10:13 - 2016-03-01 10:13 - 00071263 _____ C:\Users\gdalessandro\amanda laptops.pdf
2016-02-26 16:42 - 2016-02-26 16:40 - 15747568 _____ C:\Users\gdalessandro\Desktop\2007_TB_Service_Manuals.zip
2016-02-26 16:42 - 2009-10-29 20:57 - 00000000 ____D C:\Users\gdalessandro\Desktop\2007
2016-02-26 16:39 - 2016-02-26 16:40 - 15747568 _____ C:\Users\gdalessandro\Downloads\2007_TB_Service_Manuals.zip
2016-02-22 13:03 - 2016-02-22 13:03 - 00000290 _____ C:\Users\gdalessandro\Desktop\Used cars for sale in West Springfield Amherst Worcester Hartford CT, MA  Main Auto Sales.url
2016-02-22 12:35 - 2016-03-02 12:29 - 00000000 ____D C:\Users\gdalessandro\Desktop\FRST
2016-02-22 12:35 - 2016-03-02 12:29 - 00000000 ____D C:\FRST
2016-02-18 16:38 - 2016-02-18 16:38 - 00000166 _____ C:\Users\gdalessandro\Desktop\2007 Chevrolet Trailblazer LS Awd 4dr--Leather Sunroof In Newark NJ - East Coast Auto Group.url
2016-02-18 03:26 - 2016-02-18 03:26 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 16:41 - 2016-02-17 16:41 - 00000439 _____ C:\Users\gdalessandro\Desktop\Cars for Sale 2007 Chevrolet TrailBlazer 4WD LT in Clifton Park, NY 12065 Sport Utility Details - 421183268 - Autotrader.url
2016-02-17 15:22 - 2015-11-20 09:55 - 15192440 _____ C:\Users\gdalessandro\Desktop\WC5325-5335_5.230.5.0_PCL6_x64.exe
2016-02-17 15:20 - 2016-02-17 15:21 - 00000000 ____D C:\Users\gdalessandro\Desktop\RSS stuff
2016-02-16 09:03 - 2016-02-16 09:03 - 00000133 _____ C:\Users\gdalessandro\Desktop\Planet Earth 100 Million Years In The Future - What will happen to our world - HD Full Documentary - YouTube.url
2016-02-11 16:48 - 2016-02-11 16:48 - 00000275 _____ C:\Users\gdalessandro\Desktop\Long Island Auto Find  Pre-owned Used Car Dealer  Copiague, New York.url
2016-02-08 15:56 - 2016-02-08 15:56 - 00967147 _____ C:\Users\gdalessandro\Desktop\ProBook470-G3.pdf
2016-02-08 14:44 - 2016-02-08 14:44 - 00000303 _____ C:\Users\gdalessandro\Desktop\Used 2005 Chevrolet Trailblazer For Sale  Bronx NY Victory Auto Group 1GNDT13S752317630.url
2016-02-04 10:59 - 2016-02-04 10:59 - 00000000 ____D C:\Minnesota Chamber of Commerce
2016-02-04 09:09 - 2016-02-04 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-04 09:09 - 2016-02-04 09:09 - 00000000 ____D C:\ProgramData\Apple Computer
2016-02-04 09:09 - 2016-02-04 09:09 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-03 14:51 - 2016-02-03 14:51 - 00000000 ____D C:\Users\gdalessandro\Desktop\pics
2016-02-03 13:22 - 2016-02-03 13:22 - 00001274 _____ C:\Users\gdalessandro\Desktop\February 2016.xlsx - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-02 12:20 - 2013-12-13 10:33 - 00000408 _____ C:\Windows\system32\config\netlogon.ftl
2016-03-02 11:48 - 2013-12-13 11:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-02 11:38 - 2015-06-22 10:27 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589UA.job
2016-03-02 11:37 - 2013-12-04 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-02 05:48 - 2013-12-13 11:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 23:37 - 2015-12-29 16:04 - 00000000 ____D C:\Users\gdalessandro\AppData\LocalLow\Adblock Plus for IE
2016-03-01 16:38 - 2015-06-22 10:27 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589Core.job
2016-03-01 10:15 - 2013-12-18 17:14 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-01 10:13 - 2013-12-13 10:41 - 00000000 ____D C:\Users\gdalessandro
2016-03-01 03:41 - 2009-07-13 23:45 - 00028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-01 03:41 - 2009-07-13 23:45 - 00028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-29 14:29 - 2014-07-09 14:22 - 00000000 ___RD C:\Users\gdalessandro\Dropbox
2016-02-29 14:29 - 2014-07-09 13:54 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\Dropbox
2016-02-29 14:24 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-26 16:39 - 2014-05-21 16:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 11:03 - 2015-02-27 12:25 - 00000000 ____D C:\Users\gdalessandro\AppData\Local\CrashDumps
2016-02-25 09:47 - 2015-10-12 13:03 - 00000000 ____D C:\Users\gdalessandro\Desktop\United Health Care
2016-02-24 15:18 - 2013-12-18 09:03 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\KeePass
2016-02-22 16:05 - 2015-12-14 15:04 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-22 16:05 - 2015-12-14 15:04 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-02-22 16:05 - 2014-01-24 15:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-19 19:49 - 2014-05-08 08:20 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 19:49 - 2014-05-08 08:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-18 10:36 - 2015-03-30 13:41 - 00000000 ____D C:\Users\gdalessandro\AppData\Local\LogMeIn Client
2016-02-18 10:36 - 2015-03-30 11:28 - 00000000 ____D C:\Users\gdalessandro\AppData\Local\LogMeInIgnition
2016-02-18 10:36 - 2013-12-13 17:04 - 00000000 ____D C:\ProgramData\LogMeIn
2016-02-16 09:13 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-02-10 09:37 - 2013-12-04 17:06 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 09:37 - 2013-12-04 17:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 09:37 - 2013-12-04 17:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-08 09:29 - 2014-10-07 12:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-08 09:29 - 2014-10-07 12:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-04 10:05 - 2014-07-08 10:03 - 07209944 _____ (Citrix Systems, Inc.) C:\Users\gdalessandro\Desktop\GoToAssistHelpAlert.exe
2016-02-03 16:31 - 2014-10-07 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-03 13:31 - 2015-04-14 13:18 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\vlc
2016-02-02 12:56 - 2015-01-22 12:46 - 00000000 ____D C:\ProgramData\Hewlett-Packard

==================== Files in the root of some directories =======

2015-01-22 12:07 - 2015-02-20 10:51 - 0006140 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\gdalessandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmxkzoi.dll
C:\Users\gdalessandro\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\gdalessandro\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-29 15:45

==================== End of FRST.txt ============================



#4 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 14 March 2016 - 09:00 AM

Hi!  It has been 10 days since my last reply.  Is anyone still working on my issue or should I start a new thread?



#5 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 14 March 2016 - 11:33 AM

Oh, no!  :o I forgot to set up this thread as well. I'll start on it right away.


To err is Human. To blame it on someone else is even more Human.

#6 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 16 March 2016 - 07:40 AM

Do you still want help with this?
To err is Human. To blame it on someone else is even more Human.

#7 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 18 March 2016 - 09:25 AM

Yes, please!



#8 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 18 March 2016 - 05:31 PM

First I need to ask a few questions. When it comes to computer's on a domain I need to ask questions like these, because I really don't want to tamper with things the IT department sets up. I hope you understand.

1) Has your IT department set your Internet Explorer policies?
2) Did they set up any program called Privoxy, or in any way set up Firefox's Network Proxy?
3) Did anyone install a Chrome extension called Kaseya LiveConnect?

These, in and of themselves, aren't necessarily a problem, in fact I saw little in your log to indicate an immediate concern. But taken together a little bell is starting to ring in the back of my mind.

Since it has been awhile could I have fresh logs from Farbar Recovery Scan Tool? When you start it this time, make sure you check the box named Addition.txt.
To err is Human. To blame it on someone else is even more Human.

#9 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 22 March 2016 - 10:57 AM

Bezukhov,

 

Thank you so much for getting back to me.  I am sorry for the delay in my response but I am not getting my email notifications from the forum.  As far as your questions, I completely understand your concerns.

 

1)  Our IT department does not have any IE policies set.

2)  Nothing like Privoxy or any Firefox Network Proxy.

3)  I did install the Chrome extension Kaseya Live Connect.  It is our remote access software but I almost exclusively run it on IE.  A few times when I had issues with it, I tried Chrome.

 

Here are the logs that you requested.  Thank you again, Bezukhov!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by gdalessandro (administrator) on HP8200-GDALESSA (22-03-2016 11:48:19)
Running from C:\Users\gdalessandro\Desktop\FRST
Loaded Profiles: gdalessandro (Available Profiles: Owner & HP8200Elite & gdalessandro)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
() C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware) C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Outertech) C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe
(Dropbox, Inc.) C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_21_0_0_182_ActiveX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470248 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [70328 2014-11-20] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-12-13] (Google Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [GoogleChromeAutoLaunch_74B9D4DA976780380B9B2B656427761E] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [Dropbox Update] => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Run: [ClipboardHistory] => C:\Program Files (x86)\ClipboardHistory\ClipboardHistory.exe [512392 2012-08-05] (Outertech)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-11-04]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyEnable: [S-1-5-20] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 10.250.0.41 10.250.0.42
Tcpip\..\Interfaces\{F8DBE938-30FE-44EA-BA46-5ACB20250542}: [DhcpNameServer] 10.250.0.41 10.250.0.42

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> {04BEC197-4355-4DC5-9FA6-9E9F05C30409} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-03-03] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-27] (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-21] (Google Inc.)
Toolbar: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2063

FireFox:
========
FF ProfilePath: C:\Users\gdalessandro\AppData\Roaming\Mozilla\Firefox\Profiles\lwq6b1ky.default
FF DefaultSearchEngine.US: Google
FF SelectedSearchEngine: v9
FF Homepage: google.com
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-15] (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-01-31] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3915526683-1073962682-3848504125-2589: @kaseya.com/LiveConnect63 -> C:\Users\gdalessandro\AppData\Local\Mozilla\Plugins [2015-06-02] ()
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-20] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======
CHR Profile: C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Store) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\gdalessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfgnpeijmldmjbigmlbjnkjlifodjfmm] - C:\Users\gdalessandro\AppData\Local\Kaseya\LiveConnect\LiveConnect-6-3.crx [2015-03-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [225976 2014-11-20] ()
R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [3649720 2014-11-20] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe [137224 2011-10-30] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe [2594816 2011-10-30] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe [324016 2011-10-30] (Symantec Corporation)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1979608 2014-11-18] (VMware, Inc.)
R2 vmwsprrdpwks; C:\Program Files (x86)\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [228024 2014-11-21] (VMware)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-12-01] (VMware, Inc.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-25] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-02-03] (Symantec Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-02-03] (Symantec Corporation)
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2007-07-16] (Hewlett Packard)
S3 INIDVD; C:\Windows\System32\DRIVERS\inidvd.sys [18328 2010-04-09] (Initio Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150202.034\ENG64.SYS [129752 2015-02-03] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Data\Definitions\VirusDefs\20150202.034\EX64.SYS [2137304 2015-02-03] (Symantec Corporation)
R3 pikbd; C:\Windows\System32\DRIVERS\pikbd.sys [22880 2013-11-30] (Christian Gulden)
R3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [23608 2014-01-14] (Christian Gulden)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSP64.SYS [678008 2011-10-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SRTSPX64.SYS [39032 2011-10-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMDS64.SYS [451192 2011-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMEFA64.SYS [931448 2011-10-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2014-05-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\Ironx64.SYS [171128 2011-10-30] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0103E8\009D.105\x64\SYMNETS.SYS [386168 2011-10-30] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix1\catchme.sys [X]
S3 EraserUtilDrv11312; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11312.sys [X]
S3 EraserUtilDrv11411; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11411.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 11:44 - 2016-03-22 11:44 - 00000000 ____D C:\Users\Public\Documents\Hewlett-Packard
2016-03-22 09:25 - 2016-03-22 09:25 - 00198638 _____ C:\Users\gdalessandro\Desktop\Wanda2.pdf
2016-03-22 09:25 - 2016-03-22 09:25 - 00183820 _____ C:\Users\gdalessandro\Desktop\Wanda1.pdf
2016-03-19 12:11 - 2016-03-19 12:11 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-18 12:13 - 2016-03-18 12:13 - 00000000 ____D C:\Users\gdalessandro\Downloads\Starship Rising (2014) - Copy
2016-03-10 11:52 - 2016-03-10 11:52 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-03-10 11:52 - 2016-03-10 11:52 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-08 14:04 - 2016-03-08 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-08 14:04 - 2016-03-08 14:04 - 00000000 ____D C:\Program Files\7-Zip
2016-03-07 12:08 - 2016-03-15 12:08 - 00000000 ____D C:\Users\gdalessandro\Documents\RSS Quotes
2016-03-02 13:46 - 2016-03-02 13:46 - 00000674 _____ C:\Users\gdalessandro\Desktop\March 2016.xlsx - Shortcut.lnk
2016-03-01 11:14 - 2016-03-01 11:14 - 06837784 _____ (Piriform Ltd) C:\Users\gdalessandro\Desktop\ccsetup515.exe
2016-03-01 11:13 - 2016-03-01 11:13 - 00071263 _____ C:\Users\gdalessandro\amanda laptops.pdf
2016-02-26 17:42 - 2016-02-26 17:40 - 15747568 _____ C:\Users\gdalessandro\Desktop\2007_TB_Service_Manuals.zip
2016-02-26 17:42 - 2009-10-29 21:57 - 00000000 ____D C:\Users\gdalessandro\Desktop\2007
2016-02-26 17:39 - 2016-02-26 17:40 - 15747568 _____ C:\Users\gdalessandro\Downloads\2007_TB_Service_Manuals.zip
2016-02-22 14:03 - 2016-02-22 14:03 - 00000290 _____ C:\Users\gdalessandro\Desktop\Used cars for sale in West Springfield Amherst Worcester Hartford CT, MA  Main Auto Sales.url
2016-02-22 13:35 - 2016-03-22 11:48 - 00000000 ____D C:\Users\gdalessandro\Desktop\FRST
2016-02-22 13:35 - 2016-03-22 11:48 - 00000000 ____D C:\FRST

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-22 11:48 - 2013-12-13 12:18 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-22 11:44 - 2013-12-13 11:33 - 00000408 _____ C:\Windows\system32\config\netlogon.ftl
2016-03-22 11:38 - 2015-06-22 11:27 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589UA.job
2016-03-22 11:37 - 2013-12-04 18:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-22 05:48 - 2013-12-13 12:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-22 02:23 - 2015-12-29 17:04 - 00000000 ____D C:\Users\gdalessandro\AppData\LocalLow\Adblock Plus for IE
2016-03-21 16:38 - 2015-06-22 11:27 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589Core.job
2016-03-21 09:24 - 2009-07-14 00:45 - 00028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 09:24 - 2009-07-14 00:45 - 00028960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 09:19 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-21 09:19 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-03-21 09:18 - 2014-07-09 15:22 - 00000000 ___RD C:\Users\gdalessandro\Dropbox
2016-03-21 09:18 - 2014-07-09 14:54 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\Dropbox
2016-03-21 09:15 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 12:33 - 2013-12-18 10:03 - 00000000 ____D C:\Users\gdalessandro\AppData\Roaming\KeePass
2016-03-18 10:22 - 2015-02-27 13:25 - 00000000 ____D C:\Users\gdalessandro\AppData\Local\CrashDumps
2016-03-15 21:24 - 2014-01-24 16:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-14 21:49 - 2014-05-08 09:20 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-14 21:49 - 2014-05-08 09:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-10 15:37 - 2013-12-04 18:06 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-10 15:37 - 2013-12-04 18:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 15:37 - 2013-12-04 18:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-10 11:52 - 2013-12-04 18:09 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-08 13:29 - 2015-10-19 12:25 - 00013666 __RSH C:\ProgramData\ntuser.pol
2016-03-08 00:16 - 2015-12-14 16:04 - 00000971 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-03-08 00:16 - 2015-12-14 16:04 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk
2016-03-01 11:15 - 2013-12-18 18:14 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-01 11:13 - 2013-12-13 11:41 - 00000000 ____D C:\Users\gdalessandro
2016-02-26 17:39 - 2014-05-21 17:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-25 10:47 - 2015-10-12 14:03 - 00000000 ____D C:\Users\gdalessandro\Desktop\United Health Care

==================== Files in the root of some directories =======

2015-01-22 13:07 - 2015-02-20 11:51 - 0006140 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\gdalessandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmxkzoi.dll
C:\Users\gdalessandro\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\gdalessandro\AppData\Local\Temp\jre-8u71-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-21 10:19

==================== End of FRST.txt ============================

 

 

 

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 22%
Total physical RAM: 16342.05 MB
Available physical RAM: 12631.35 MB
Total Virtual: 32682.32 MB
Available Virtual: 28596.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:321.5 GB) NTFS
Drive d: () (Fixed) (Total:463.75 GB) (Free:313.18 GB) NTFS
Drive g: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B7F75574)
Partition 1: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 9191BBF9)

Partition: GPT.

==================== End of Addition.txt ============================



#10 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 24 March 2016 - 07:16 AM

Bezukhov,
 
Thank you so much for getting back to me.  I am sorry for the delay in my response but I am not getting my email notifications from the forum.  As far as your questions, I completely understand your concerns.


I don't know why you're not getting any emails from Bleeping Computer. Did you check your spam folder? Also check Profile--->Notification Options--->Topics & Posts --->From the drop down box choose Immediate, make sure that both boxes, Notification List and Email are checked under Notification method to use for replies to followed topics.

In the meantime I'll make it a habit to quote from your last post. Check back here frequently, you'll see a number next to your user name in the top right corner of the web page, indicating that I have responded.

For now we can run this fix:
  • Click the Windows key oldwindowsflag.png?w=914 + R on your keyboard
  • In the Search Box type Notepad and hit Enter
  • Copy what's in the box below and paste it into Notepad.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
RemoveProxy:
  • Name this text document as fixlist.txt and save it in the same location as FRST
    Note: It's important that both files, FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
I hate to be a pest about it but the Addition.txt was again incomplete. There is a lot of valuable info in there that I need to see.
  • Delete any Addition.txt files on your desktop
  • Run FRST64.exe again.
  • When the Scan Window appears, make sure the Addition.txt box is checked
  • Post that Addition.txt in your next reply
There is no need to post the results of the FRST.txt at this time.

Let's do a couple of tests:

:step1: Safe Mode
  • Remove all floppy disks, CDs, and DVDs from your computer, and then restart your computer.
    Click the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818, click the arrow next to the Shut Down button eb058ccf-b21e-4dfe-9bb7-1ad6c83b705c_47., and then click Restart.
  • Do the following:
  • Press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you'll need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.
  • On the Advanced Boot Options screen, use the arrow keys to highlight the safe mode option you want, here we'll try Safe mode with Networking and then press Enter.
  • Log on to your computer with a user account that has administrator rights.
Tell me if there is any difference in your computer's performance while in Safe Mode

:step2: Clean Boot
  • Log on to the computer by using an account that has administrator rights.
  • Click Start, type msconfig.exe in the Start Search box, and then press Enter to start the System Configuration utility.
    Note If you are prompted for an administrator password or for confirmation, you should type the password or provide confirmation.
    2440068.png
  • On the General tab, click the Selective startup option, and then click to clear the Load startup items check box. (The Use Original Boot.ini check box is unavailable.)
    2440069.png
  • On the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all.2440071.png
    Note This step lets Microsoft services continue to run. These services include Networking, Plug and Play, Event Logging, Error Reporting, and other services. If you disable these services, you may permanently delete all restore points. Do not do this if you want to use the System Restore utility together with existing restore points.
  • Click OK, and then click Restart.
Again let me know of any changes.
To err is Human. To blame it on someone else is even more Human.

#11 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 24 March 2016 - 10:17 AM

Bezukov,
 
I have changed the notification settings as you requested.  I will keep checking back until I know that the notifications are coming.  Below you will find the Addition.txt file.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by gdalessandro (2016-03-24 11:12:22)
Running from C:\Users\gdalessandro\Desktop\FRST
Windows 7 Professional Service Pack 1 (X64) (2013-12-13 15:29:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2911902404-826159004-862829379-500 - Administrator - Disabled)
Guest (S-1-5-21-2911902404-826159004-862829379-501 - Limited - Disabled)
HP8200Elite (S-1-5-21-2911902404-826159004-862829379-1001 - Administrator - Enabled) => C:\Users\HP8200Elite
Owner (S-1-5-21-2911902404-826159004-862829379-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Enabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat X Pro (HKLM-x32\...\{AC76BA86-1033-0000-7760-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{5AE0838D-19B1-5D12-5FE8-E6503B2C8716}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Autotask MS Outlook Extension (HKLM-x32\...\{EC85AAAB-1AB9-4C0D-BAFC-13D8151E7839}) (Version: 3.1.0 - Autotask Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Clipboard History (HKLM-x32\...\ClipboardHistory) (Version: 2.0 - Outertech)
DriverMax 7 (HKLM-x32\...\DMX5_is1) (Version: 7.29.0.225 - Innovative Solutions)
Dropbox (HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.8.4 (HKLM-x32\...\{C15841A6-C20A-11E4-977D-00163E98E7D6}) (Version: 5.8.4.6870 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.2.8.17 - Hewlett-Packard Company)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® Network Connections 16.8.45.1 (HKLM\...\PROSetDX) (Version: 16.8.45.1 - Intel)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
join.me (HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
KeePass Password Safe 2.17 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version:  - Dominik Reichl)
LiveConnect (HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\{5A85FD2D-9D1C-43C1-A3F8-EA2703BBC12F}) (Version: 6.3.0.0 - Live Connect)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM-x32\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.1500.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Sonic Activation Module (x32 Version: 1.0 - Sonic Solutions) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{19B62EDC-C108-4393-B3F1-8A813096CC8E}) (Version: 12.1.1000.157 - Symantec Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
Unity Web Player (HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
VMware Horizon Client (HKLM\...\{936DD031-2978-4374-842C-D18E92F9DFB5}) (Version: 3.2.0.24246 - VMware, Inc.)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3915526683-1073962682-3848504125-2589_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {162D1784-FE94-46C6-97BD-150B59F2316B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {1B63B423-1DA3-49B5-ABF3-E7099C58D7B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {29B37A39-0D62-447F-BD7D-C4F391149E1E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2ED85CD5-B082-402C-84DF-21F4E5791B04} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)
Task: {46087789-5827-4F31-94CC-6F98FBC48E08} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {51AF834A-166A-4B23-B8E1-F83EC1E163C4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5B703666-1BA8-441A-8644-BA95BDA953AB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {6C01788F-724C-4F45-8D61-761EC06D191A} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {7462650D-B9AC-4878-AF37-739B0E6770B1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {7FCF268B-72AD-4824-9160-CA0EB8D68E05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {80296556-109E-417F-A2FC-7DC0EF814817} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589Core => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {815BFC6D-7B1F-428B-9D60-D6291EC559FA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589UA => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {9E914FB3-75C0-434B-A5A8-52A8F23F9085} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D337976B-9844-4637-A2D9-C49DB3D91934} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DEBA9565-01B4-4333-B3EA-4A3A9AB805DF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589Core.job => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-3915526683-1073962682-3848504125-2589UA.job => C:\Users\gdalessandro\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-20 10:35 - 2014-11-20 10:35 - 00225976 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2014-11-20 11:24 - 2014-11-20 11:24 - 03649720 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-11-20 10:30 - 2014-11-20 10:30 - 01147064 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2006-11-05 11:28 - 2006-11-05 11:28 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2010-11-22 09:26 - 2010-11-22 09:26 - 00047880 _____ () C:\Program Files (x86)\ClipboardHistory\ClipboardHotkey.dll
2015-12-12 16:53 - 2016-02-23 14:19 - 00034768 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-03-19 12:11 - 2016-02-23 14:20 - 00019408 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-03-19 12:11 - 2016-02-23 14:19 - 00116688 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 16:53 - 2016-02-23 14:19 - 00093640 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 16:53 - 2016-02-23 14:19 - 00018376 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 16:53 - 2016-03-11 20:18 - 00019760 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00105928 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-03-19 12:11 - 2016-02-23 14:19 - 00392144 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 16:53 - 2016-03-11 20:18 - 00381752 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 16:53 - 2016-02-23 14:19 - 00692688 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00020816 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 16:53 - 2016-02-23 14:20 - 00112592 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 01682760 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00020808 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 16:53 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 16:53 - 2016-03-11 20:18 - 00021840 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00038696 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-03-19 12:11 - 2016-02-23 14:21 - 00020936 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00024528 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00114640 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00124880 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00021832 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00175560 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00030160 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00043472 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00028616 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00048592 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00026456 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00057808 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00024016 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00117056 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00024392 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-03-19 12:11 - 2016-02-23 14:21 - 00036296 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 16:53 - 2016-03-11 20:18 - 00023376 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 16:53 - 2016-02-23 14:19 - 00134608 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-03-19 12:11 - 2016-02-23 14:19 - 00134088 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-03-19 12:11 - 2016-02-23 14:20 - 00240584 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00052024 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00021824 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00019776 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00020800 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00020280 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 16:53 - 2016-02-23 14:21 - 00350152 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 04:26 - 2016-03-11 20:18 - 00022352 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00084792 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-03-19 12:11 - 2016-03-11 20:18 - 01826096 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 16:53 - 2016-02-23 14:20 - 00083912 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\sip.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 03928880 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 01971504 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00531248 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00132912 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00223544 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00207672 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00158008 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00042808 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-03-19 12:11 - 2016-02-23 14:23 - 00017864 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-03-19 12:11 - 2016-02-23 14:23 - 01631184 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 16:53 - 2016-03-11 20:18 - 00024904 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00546096 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-03-19 12:11 - 2016-03-11 20:18 - 00357680 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 17:45 - 2016-02-23 14:25 - 00697304 _____ () C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-09-24 11:40 - 2015-09-24 11:40 - 02897304 _____ () C:\Program Files (x86)\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Minnesota Chamber of Commerce:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Bikes:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Caddy Stuff:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Dell Optiplex 790:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Hoosick.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\JoJo:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\JoJo flash drive:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\light1.jpg:com.dropbox.attributes [426]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\light2.jpg:com.dropbox.attributes [424]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\MCOC VPN:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Minnesota Chamber of Commerce:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\MozyPro:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\pdf:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\ringtones:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Samsung Galaxy S3 root:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\Shortcuts:Roxio EMC Stream [38]
AlternateDataStreams: C:\Users\gdalessandro\Desktop\YT:Roxio EMC Stream [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-02-17 13:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3915526683-1073962682-3848504125-2589\Control Panel\Desktop\\Wallpaper -> C:\Users\gdalessandro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.250.0.41 - 10.250.0.42
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^gdalessandro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gdalessandro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^gdalessandro^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DriverMax => "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
MSCONFIG\startupreg: DriverMax_RESTART =>
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_74B9D4DA976780380B9B2B656427761E => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: uTorrent => "C:\Users\gdalessandro\AppData\Roaming\uTorrent\uTorrent.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E8238310-09CD-452B-8708-8CFED0788F4A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{FB1B6988-B9B3-4397-8604-38C4DD920EE3}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{13C66D51-1676-43A6-ACF8-3152F2588CF7}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{7BE24BD3-6830-4F8E-BB4D-C371D8AB36A7}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A16AE7C9-4C20-4290-B693-8B7A70F04B05}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C3B97787-6DC3-400A-ABFC-5739C18A91CC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{C38AD6F0-0EE3-4A68-A07E-0BCB5C133D70}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\Smc.exe
FirewallRules: [{1C23CB61-61CD-4CAC-A9D2-C465B82DD2AF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{4D766B29-3F7D-43AC-8EBD-6F546F20CF8D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin64\snac64.exe
FirewallRules: [{71B312F5-A4D0-42B8-8763-177949A16AB1}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D5E784CF-1924-44F2-B58C-2E66ABDAC8F2}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7EE80E93-D757-421B-980B-9116B5C42502}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3CF1BB09-728A-4190-9891-44806CABBBB5}] => (Allow) C:\Users\gdalessandro\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{CA634E7F-C799-44A7-B2D8-CECFC2106252}C:\users\gdalessandro\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gdalessandro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{301DC129-E323-4E42-8EC5-A44B997C95F6}C:\users\gdalessandro\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\gdalessandro\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{FBA17836-56AD-4732-96AD-9F57BDD27FC0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{7AE8B09B-42D9-4093-9A53-1C73E1D82474}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{490934E8-EA5B-4418-856B-0209D80420F0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{B2379718-F89D-430B-B16D-7A0B0553EE4C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{494A2825-58FD-4C61-9360-496F5AE245FE}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{2911A275-5580-4201-A339-7EB043C5651C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{9939802E-DE17-4DA3-B43B-489AE28B22B7}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A9540EAC-383E-48D7-B0D0-40BB16E44529}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{1003F08C-4AC9-424E-8327-819ACADD2B6F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EF610A64-5D7A-4FD7-A770-7466D440D87C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C730505F-609D-440A-AC7F-3F2AC8C26D18}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C16CAA61-5FAB-4C74-9DE5-B0BF1F737934}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{401CCBDE-43A8-45EA-B001-F9A352EB8BB2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{05DAA6B2-8649-4282-8CEF-9789633B19D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{925BBD9C-4577-4F46-908D-AEFA89387463}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

21-01-2016 11:45:03 Scheduled Checkpoint
12-02-2016 12:17:12 Scheduled Checkpoint
23-02-2016 15:02:50 Scheduled Checkpoint
08-03-2016 13:14:36 Scheduled Checkpoint
17-03-2016 10:53:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 10:22:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17410, time stamp: 0x5579acf9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000374
Fault offset: 0x000cea5f
Faulting process id: 0x13d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/18/2016 10:22:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17410, time stamp: 0x5579acf9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000005
Fault offset: 0x0002e3fe
Faulting process id: 0x13d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/18/2016 09:25:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17410, time stamp: 0x5579acf9
Faulting module name: ole32.DLL, version: 6.1.7601.18915, time stamp: 0x55981b9e
Exception code: 0xc0000005
Fault offset: 0x0013d21c
Faulting process id: 0x327c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/18/2016 09:24:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17410, time stamp: 0x5579acf9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000374
Fault offset: 0x000cea5f
Faulting process id: 0x327c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (03/11/2016 11:55:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17410 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1630

Start Time: 01d17888ba5e92f3

Termination Time: 47

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/08/2016 01:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rufus-2.4.exe, version: 2.4.757.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0835fd2d
Faulting process id: 0x20f8
Faulting application start time: 0xrufus-2.4.exe0
Faulting application path: rufus-2.4.exe1
Faulting module path: rufus-2.4.exe2
Report Id: rufus-2.4.exe3

Error: (03/08/2016 01:25:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program rufus-2.4.exe version 2.4.757.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ad4

Start Time: 01d1795ee4b3ef1f

Termination Time: 0

Application Path: C:\Users\gdalessandro\Desktop\rufus-2.4.exe

Report Id: b5e5d843-e552-11e5-b31a-e839354982cb

Error: (03/08/2016 01:23:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rufus-2.4.exe, version: 2.4.757.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0411fcd6
Faulting process id: 0x1ad4
Faulting application start time: 0xrufus-2.4.exe0
Faulting application path: rufus-2.4.exe1
Faulting module path: rufus-2.4.exe2
Report Id: rufus-2.4.exe3

Error: (02/29/2016 03:49:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.7153.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 162c

Start Time: 01d1732769741693

Termination Time: 0

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id:

Error: (02/25/2016 12:03:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17410, time stamp: 0x5579acf9
Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x55636317
Exception code: 0xc0000374
Fault offset: 0x000cea5f
Faulting process id: 0x1398
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (03/24/2016 10:15:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/24/2016 10:14:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
amdkmafd

Error: (03/24/2016 10:12:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {60A90A2F-858D-42AF-8929-82BE9D99E8A1}

Error: (03/23/2016 11:57:47 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:57:47 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:55:47 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:55:47 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:53:40 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:53:40 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{145B4335-FE2A-4927-A040-7C35AD3180EF}{145B4335-FE2A-4927-A040-7C35AD3180EF}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

Error: (03/23/2016 11:42:42 AM) (Source: DCOM) (EventID: 10016) (User: GSSINFOTECH)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}GSSINFOTECHgdalessandroS-1-5-21-3915526683-1073962682-3848504125-2589LocalHost (Using LRPC)

CodeIntegrity:
===================================
  Date: 2015-02-17 12:02:37.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-02-17 12:02:36.908
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix1\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 20%
Total physical RAM: 16342.05 MB
Available physical RAM: 12948.47 MB
Total Virtual: 32682.32 MB
Available Virtual: 28971.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.54 GB) (Free:325.44 GB) NTFS
Drive d: () (Fixed) (Total:463.75 GB) (Free:313.18 GB) NTFS
Drive g: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.98 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B7F75574)
Partition 1: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 9191BBF9)

Partition: GPT.

==================== End of Addition.txt ============================



#12 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 24 March 2016 - 11:21 AM

Well this makes no sense to me.  it seemed to run worse in safe mode.  When it was at the Loading Windows Files screen, the files were scrolling really slowly.  Maybe once a second.  Took longer to reach the desktop than a regular boot.

 

As for the clean boot, it ran a little better but not much.



#13 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,718 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:03:29 PM

Posted 25 March 2016 - 05:26 PM

Thank you for the Addition log. A lot of data there.

One more question. Are you using an older PS/2 keyboard and mouse? This is the connector:

ps2-stecker.jpg

I ask this because that Addtion log showed errors relating to that type of mouse and keyboard, and loading the drivers for them is one of first things done when booting up.

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

We need to run the SFC /SCANNOW Command

The sfc /scannow command (System File Checker) scans the integrity of all protected Windows system files and replaces incorrect corrupted, changed/modified, or damaged versions with the correct versions if possible.

Note: Be aware that if you have modified your system files as in theming explorer/system files, running sfc /scannow will revert the system files such as explorer.exe back to it's default state.

Note: Make the appropriate backups of your system files that you have modified for theming if you wish to save them before running sfc /scannow.
  • Click the Windows "Orb" button.
  • Type cmd.
  • Right click on the search result cmd.exe and click Run as Administrator.
  • Copy the following line of text and paste it into the black box.
    (right-click in the black box and choose paste)
    sfc /scannow
  • Press Enter to run the command.
    Note: This may take a while to finish.
  • If SFC could not fix something, then run the command again to see if it may be able to the next time. Sometimes it may take running the sfc /scannow command 3 or more times to completely fix everything that it's able to.
  • Retrieving SFC /scannow log
    • Click the Windows "Orb" button.
    • Type cmd.
    • Right click on the search result cmd.exe and click Run as Administrator.
    • Copy the following line of text and paste it into the black box.
      (right-click in the black box and choose paste)

      findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
    • Press Enter to run the command.
    • A text file sfcdetails.txt should appear on your desktop. Post the content of the file in your next reply.
Is there any difference in your computer's performance? I had you run a fix in my last post. Did that help any? If you ran it there should have been a Fixlog.txt, if I could see it. And please post the results of the scan from this post, the sfcdetails.txt, whether or not it finds anything.
To err is Human. To blame it on someone else is even more Human.

#14 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 28 March 2016 - 09:47 AM

Bezukhov,

 

 

Good morning!  I am running a USB keyboard and a USB wireless mouse.  No PS/2 stuff.  I did run the fix you referenced in your last previous post but I did not notice an improvement in performance.

 

I have uninstalled UTorrent.  I guess my assumption that our network security would have kept anything out. 

 

I am running SFC now.  I will post the results of the scan when it completes. 

 

Thanks again for the assistance!



#15 GeoGoGo

GeoGoGo
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Upstate New York
  • Local time:03:29 PM

Posted 28 March 2016 - 10:39 AM

Did you want me to post the log for each round of scanning or just send the log after the final run?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users