Solved Suspected Malware. Significant HD activity when there shouldn't be.

Here are the FRST logs:

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2016 01
Ran by DCarlson (administrator) on ON-NW7-189991 (21-06-2016 15:06:16)
Running from C:\Users\dcarlson\Desktop
Loaded Profiles: DCarlson (Available Profiles: DCarlson & CMPC_User & Administrator)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Nexthink S.A.) C:\Windows\System32\nxtsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Nexthink S.A.) C:\Windows\System32\nxtupdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Snow Software AB) C:\Program Files\INVENTORYCLIENT\client.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\communicator.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Qlock\qlock.exe
(Wisdom Software Inc. ) C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
() C:\Program Files\Common Files\Research in Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
() C:\Program Files\Common Files\Research in Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\UcMapi.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Blackfish Software) C:\Users\dcarlson\AppData\Local\IE Tab\9.6.7.1\ietabhelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\NAMECONTROLSERVER.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-10-22] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [432424 2013-10-22] (Lenovo)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Display] => C:\Program Files\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337776 2015-02-10] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2015-03-18] (Microsoft Corporation)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [Dropbox Update] => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\MountPoints2: {aad1f660-c110-11e4-84ee-02d00e1b8701} - E:\win\setup.exe -phs
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\MountPoints2: {cf3ece9e-af5f-11e3-ab73-ec55f9ef0c52} - E:\LaunchU3.exe -a
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll ACGina
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-03]
ShortcutTarget: Dropbox.lnk -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerChute Personal Edition.lnk [2013-03-23]
ShortcutTarget: PowerChute Personal Edition.lnk -> C:\Program Files\APC\PowerChute Personal Edition\PowerChute.exe (Schneider Electric)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk [2013-03-25]
ShortcutTarget: qlock.lnk -> C:\Program Files\Qlock\qlock.exe ()
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Free.lnk [2013-03-26]
ShortcutTarget: ScreenHunter 6.0 Free.lnk -> C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94
Tcpip\..\Interfaces\{7D6C841A-0250-4743-A962-B17638BC381E}: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://thewire.compucom.com/
SearchScopes: HKLM -> DefaultScope {C2BAE1FA-6009-452A-9F5C-6141E21A68C9} URL =
SearchScopes: HKU\S-1-5-21-415762479-31080894-1349916565-56332 -> {A5D8E0B0-EE38-40CB-B531-3D5101459618} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-03] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151016092748.dll [2015-10-16] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-03] (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll [2013-07-11] (Cisco WebEx LLC)
Toolbar: HKU\S-1-5-21-415762479-31080894-1349916565-56332 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://citrix.compucom.local/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://168.87.141.232/CACHE/stc/1/binaries/vpnweb.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://transfer.compucom.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://compucom.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://remote.compucom.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin: @IPCWebComponents -> C:\Program Files\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-415762479-31080894-1349916565-56332: @citrixonline.com/appdetectorplugin -> C:\Users\dcarlson\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\dcarlson\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-28] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2016-06-21] [not signed]

Chrome:
=======
CHR Profile: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Keeper Web App) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb [2015-10-16]
CHR Extension: (YouTube) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-03-14]
CHR Extension: (Google Search) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-27]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-06-21]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-28]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-06-10]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2015-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]
CHR HKLM\...\Chrome\Extension: [cjfdihnepjinbokdddmknfoppfaepbhc] - C:\Users\dcarlson\AppData\Local\CRE\cjfdihnepjinbokdddmknfoppfaepbhc.crx <not found>
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-415762479-31080894-1349916565-56332\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cjfdihnepjinbokdddmknfoppfaepbhc] - C:\Users\dcarlson\AppData\Local\CRE\cjfdihnepjinbokdddmknfoppfaepbhc.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2016-06-07] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [133416 2013-10-22] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [272680 2013-10-22] (Lenovo)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [22016 2014-02-14] (Box Inc.) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1240760 2015-04-14] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [513208 2015-04-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-27] (Intel Corporation)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2015-03-20] (Juniper Networks, Inc.)
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2012-08-24] (Lenovo Group Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [129904 2015-02-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [220784 2015-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [242408 2015-10-16] (McAfee, Inc.)
R2 Nexthink Service; C:\Windows\system32\nxtsvc.exe [522000 2014-11-17] (Nexthink S.A.)
R2 Nexthink Updater; C:\Windows\system32\nxtupdater.exe [284432 2014-07-08] (Nexthink S.A.)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664296 2013-01-09] (Lenovo Group Limited)
R2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
S3 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [243896 2015-04-14] (Microsoft Corporation)
R2 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client.exe [3402752 2014-12-07] (Snow Software AB) [File not signed]
S4 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
S4 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116368 2012-12-18] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

 

Remainder of FRST.txt

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6.sys [22016 2014-09-08] (BlackBerry)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [504360 2012-04-01] (Broadcom Corporation.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [31744 2013-04-04] (CSR plc.) [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-12-19] (Juniper Networks)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-21] (Intel Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [315576 2015-10-16] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [59584 2015-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [269872 2015-10-16] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [79992 2015-10-16] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [380504 2015-10-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [658528 2015-10-16] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [61736 2015-10-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100632 2015-10-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [223520 2015-10-16] (McAfee, Inc.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
R1 nxtdrv; C:\Windows\System32\DRIVERS\nxtdrv.sys [210192 2014-11-17] (Nexthink S.A.)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2015-04-14] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68608 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-03-19] (BlackBerry Limited)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [75264 2011-03-23] (REDC)
S3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114304 2015-06-07] (Power Software Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-18] (Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-03-09] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
U3 mfeavfk01; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 15:06 - 2016-06-21 15:07 - 00033749 _____ C:\Users\dcarlson\Desktop\FRST.txt
2016-06-21 15:05 - 2016-06-21 15:06 - 00000000 ____D C:\FRST
2016-06-21 15:04 - 2016-06-21 15:04 - 01738240 _____ (Farbar) C:\Users\dcarlson\Desktop\FRST.exe
2016-06-14 12:58 - 2016-06-15 16:06 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\LDCad
2016-06-14 12:58 - 2016-06-14 12:58 - 00001889 _____ C:\Users\dcarlson\Desktop\LPub3D 1.3.4.591.2.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001873 _____ C:\Users\dcarlson\Desktop\LDGlite 1.3.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001859 _____ C:\Users\dcarlson\Desktop\LDView 4.1.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001859 _____ C:\Users\dcarlson\Desktop\LDFind 1.3.5.3.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001841 _____ C:\Users\dcarlson\Desktop\MLCad 3.5.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001841 _____ C:\Users\dcarlson\Desktop\LDCad 1.5.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LDraw
2016-06-14 12:58 - 2016-06-14 12:58 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Ing. Michael Lachmann
2016-06-14 12:58 - 2016-06-14 12:58 - 00000000 ____D C:\Users\dcarlson\AppData\Local\LPub3D Software
2016-06-14 12:57 - 2016-06-14 12:57 - 00000000 ____D C:\Users\dcarlson\AppData\Local\Michael Heidemann
2016-06-14 12:47 - 2016-06-14 12:58 - 00000000 ____D C:\Users\Public\Documents\LDraw
2016-06-14 12:47 - 2016-06-14 12:58 - 00000000 ____D C:\Program Files\LDraw
2016-06-14 12:47 - 2016-06-14 12:47 - 00000000 ____D C:\Users\dcarlson\Documents\LDraw
2016-06-14 12:32 - 2016-06-14 12:47 - 00000000 ____D C:\Windows\LDraw
2016-06-08 09:57 - 2016-06-08 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-06-08 09:57 - 2016-06-08 09:57 - 00000000 ____D C:\Program Files\iTunes
2016-06-08 09:57 - 2016-06-08 09:57 - 00000000 ____D C:\Program Files\iPod
2016-06-07 16:11 - 2016-06-07 16:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-06-03 14:57 - 2016-06-03 14:57 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-02 10:07 - 2016-06-03 11:03 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-06-01 11:23 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-06-01 11:21 - 2016-04-14 11:38 - 00105192 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-01 11:21 - 2016-04-14 11:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-01 11:21 - 2016-04-14 11:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-01 11:21 - 2016-04-14 11:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-01 11:21 - 2016-04-14 11:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-01 11:21 - 2016-04-14 11:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-01 11:21 - 2016-04-14 11:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-01 11:20 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-06-01 11:19 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-01 11:19 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-01 11:19 - 2016-04-23 00:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-01 11:19 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-01 11:19 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-01 11:19 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-01 11:19 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-01 11:19 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-01 11:19 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-01 11:19 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-01 11:19 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-01 11:19 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-01 11:19 - 2016-04-22 23:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-01 11:19 - 2016-04-22 23:53 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-01 11:19 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-01 11:19 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-01 11:19 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-01 11:19 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-01 11:19 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-01 11:19 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-01 11:19 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-01 11:19 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-01 11:19 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-01 11:19 - 2016-04-22 23:31 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-01 11:19 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-01 11:19 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-01 11:18 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-01 11:18 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-01 11:18 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-01 11:18 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-01 11:18 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-01 11:18 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-01 11:18 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-01 11:18 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-01 11:18 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-01 11:18 - 2016-04-11 21:07 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-01 11:18 - 2016-04-11 21:07 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-01 11:18 - 2016-04-11 21:02 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-01 11:18 - 2016-04-11 21:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-01 11:18 - 2016-04-11 21:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-01 11:18 - 2016-04-11 21:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-01 11:18 - 2016-04-11 20:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-01 11:18 - 2016-04-11 20:37 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-01 11:18 - 2016-04-11 20:37 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-01 11:18 - 2016-04-11 20:37 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-01 11:18 - 2016-04-11 20:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-01 11:18 - 2016-04-11 20:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-01 11:18 - 2016-04-11 20:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-01 11:17 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-06-01 11:17 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-01 11:17 - 2016-04-09 02:57 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-01 11:17 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-01 11:17 - 2016-04-09 01:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-01 11:17 - 2016-04-09 01:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-01 11:17 - 2016-04-09 01:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-01 11:17 - 2016-04-09 01:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-01 11:17 - 2016-04-09 01:40 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-01 11:17 - 2016-04-09 01:37 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-01 11:16 - 2016-04-09 01:40 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-01 11:16 - 2016-04-06 06:36 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-06-01 11:12 - 2016-04-09 02:59 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-01 11:12 - 2016-04-09 02:59 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-06-01 11:12 - 2016-04-09 02:54 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-01 11:09 - 2016-04-09 02:54 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-01 11:06 - 2016-06-01 11:06 - 00001490 _____ C:\Users\dcarlson\Desktop\StartLDDManager - Shortcut.lnk
2016-06-01 10:59 - 2016-06-10 16:55 - 00000000 ____D C:\Program Files\LDD_Manager
2016-06-01 10:59 - 2016-02-12 14:39 - 02956288 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-01 10:59 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-01 10:59 - 2016-02-12 14:26 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-06-01 10:59 - 2016-02-12 14:07 - 02062848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-01 10:59 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-01 10:59 - 2016-02-12 14:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-01 10:59 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-01 10:59 - 2016-02-12 14:05 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-01 10:59 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-01 10:59 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-01 10:59 - 2016-02-12 14:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-05-31 17:01 - 2016-06-17 11:35 - 00000000 ____D C:\Users\dcarlson\brickstock-cache
2016-05-31 17:01 - 2016-05-31 17:01 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrickStock
2016-05-31 17:01 - 2016-05-31 17:01 - 00000000 ____D C:\Program Files\BrickStock

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 15:04 - 2013-11-23 08:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-21 14:58 - 2013-03-21 15:33 - 00000000 ____D C:\Users\dcarlson\Documents\Exchange
2016-06-21 14:39 - 2009-07-14 00:34 - 00024032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-21 14:39 - 2009-07-14 00:34 - 00024032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-21 14:30 - 2015-06-26 08:20 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA.job
2016-06-21 14:22 - 2013-09-18 14:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-06-21 14:00 - 2013-05-02 13:02 - 00000000 ____D C:\Users\dcarlson\AppData\LocalLow\WebEx
2016-06-21 14:00 - 2013-04-30 09:54 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Webex
2016-06-21 10:57 - 2015-01-23 11:36 - 00000000 ___RD C:\Users\dcarlson\Dropbox
2016-06-21 10:57 - 2013-11-23 08:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-21 10:56 - 2013-03-21 17:42 - 00000000 ___RD C:\Users\dcarlson\Documents\Scanned Documents
2016-06-21 10:56 - 2013-03-21 14:23 - 00000000 ____D C:\Users\dcarlson\Tracing
2016-06-21 10:42 - 2013-03-18 12:58 - 00000532 _____ C:\Windows\SMSCFG.ini
2016-06-21 10:39 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-21 10:39 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\security
2016-06-21 10:38 - 2013-03-26 12:16 - 00067504 _____ C:\Windows\system32\PCPELog.txt
2016-06-21 06:30 - 2015-06-26 08:20 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core.job
2016-06-17 13:22 - 2013-03-21 17:42 - 00000000 ____D C:\Users\dcarlson\Documents\Personal
2016-06-16 14:24 - 2013-07-15 11:25 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 14:24 - 2013-03-18 15:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 10:10 - 2013-03-21 16:10 - 00000000 ____D C:\Users\dcarlson\Documents\Clarify
2016-06-15 13:00 - 2016-03-21 15:10 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\LEGO Company
2016-06-15 12:58 - 2013-03-22 13:31 - 00000000 ____D C:\ProgramData\TEMP
2016-06-15 12:57 - 2013-03-22 13:31 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-06-14 13:45 - 2016-05-11 11:57 - 00000000 ____D C:\Users\dcarlson\Documents\Lego
2016-06-13 19:31 - 2011-06-06 19:25 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 12:04 - 2013-03-21 14:20 - 00000000 ____D C:\Users\dcarlson\AppData\Local\ElevatedDiagnostics
2016-06-08 18:20 - 2015-01-23 11:33 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Dropbox
2016-06-08 18:19 - 2015-06-26 08:20 - 00000000 ____D C:\Users\dcarlson\AppData\Local\Dropbox
2016-06-08 16:16 - 2013-04-05 14:58 - 00000000 ____D C:\ProgramData\Wincert
2016-06-08 16:16 - 2013-03-25 11:58 - 00000000 ____D C:\Program Files\jZip
2016-06-08 14:52 - 2013-03-22 17:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-08 09:57 - 2013-03-21 18:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-08 09:47 - 2014-04-21 15:34 - 00000000 ____D C:\Users\dcarlson\AppData\Local\IE Tab
2016-06-07 17:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-06-07 16:17 - 2014-02-13 10:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-07 12:31 - 2016-03-21 15:10 - 00000000 ____D C:\Users\dcarlson\Documents\LEGO Creations
2016-06-03 02:13 - 2015-12-17 17:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-06-01 14:26 - 2011-06-06 19:47 - 00747760 _____ C:\Windows\system32\perfh00C.dat
2016-06-01 14:26 - 2011-06-06 19:47 - 00747500 _____ C:\Windows\system32\perfh00A.dat
2016-06-01 14:26 - 2011-06-06 19:47 - 00159400 _____ C:\Windows\system32\perfc00A.dat
2016-06-01 14:26 - 2011-06-06 19:47 - 00150506 _____ C:\Windows\system32\perfc00C.dat
2016-06-01 14:26 - 2010-11-20 17:01 - 02572712 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-01 14:26 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-06-01 14:21 - 2009-07-14 00:33 - 00411528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-01 14:18 - 2011-04-11 21:34 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-01 14:18 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-01 13:47 - 2013-03-18 11:22 - 00000912 _____ C:\Windows\system32\config\netlogon.ftl
2016-06-01 11:16 - 2009-07-13 22:04 - 00000478 _____ C:\Windows\win.ini
2016-06-01 10:58 - 2013-03-21 17:42 - 00000000 ____D C:\Users\dcarlson\Documents\Queries
2016-06-01 10:27 - 2016-03-18 13:56 - 00000000 ____D C:\Windows\ccmcache
2016-05-31 17:01 - 2013-03-21 14:20 - 00000000 ____D C:\Users\dcarlson
2016-05-31 13:58 - 2013-04-30 09:52 - 00000000 ____D C:\ProgramData\WebEx

==================== Files in the root of some directories =======

2013-03-25 10:40 - 2013-03-25 10:40 - 0053248 _____ () C:\Program Files\MD5_SHA-1 Utility.exe
2013-03-26 17:14 - 2013-03-26 17:14 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2013-05-13 10:03 - 2013-05-13 10:04 - 0000000 _____ () C:\Users\dcarlson\AppData\Roaming\bitlord_log.txt
2013-04-26 11:08 - 2014-07-16 14:33 - 0038483 _____ () C:\Users\dcarlson\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-04-26 10:18 - 2014-01-16 12:31 - 0038487 _____ () C:\Users\dcarlson\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-04-05 14:10 - 2014-01-08 14:30 - 0000616 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.Desktop.Exception.log
2013-04-05 14:08 - 2013-04-05 14:08 - 0001147 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-04-05 14:10 - 2013-04-05 14:10 - 0000000 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-13 10:08 - 2013-05-13 10:08 - 0000218 _____ () C:\Users\dcarlson\AppData\Local\recently-used.xbel
2015-10-30 10:19 - 2016-05-12 11:43 - 0007609 _____ () C:\Users\dcarlson\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\dcarlson\CTX.DAT
C:\Users\dcarlson\en_res.dll
C:\Users\dcarlson\es_res.dll
C:\Users\dcarlson\fr_res.dll
C:\Users\dcarlson\grm_res.dll
C:\Users\dcarlson\it_res.dll
C:\Users\dcarlson\jp_res.dll
C:\Users\dcarlson\mfc80u.dll
C:\Users\dcarlson\msvcr80.dll
C:\Users\dcarlson\PCPE Setup.exe
C:\Users\dcarlson\pt_res.dll
C:\Users\dcarlson\ResourceReader.dll
C:\Users\dcarlson\ru_res.dll
C:\Users\dcarlson\zh_res.dll


Some files in TEMP:
====================
C:\Users\dcarlson\AppData\Local\Temp\aro.exe
C:\Users\dcarlson\AppData\Local\Temp\atgpcdec.dll
C:\Users\dcarlson\AppData\Local\Temp\BlackBerryDesktopSoftware.exe
C:\Users\dcarlson\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\dcarlson\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\dcarlson\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpinune2.dll
C:\Users\dcarlson\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\dcarlson\AppData\Local\Temp\java-installer.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\dcarlson\AppData\Local\Temp\jre499B.exe
C:\Users\dcarlson\AppData\Local\Temp\jre9614.exe
C:\Users\dcarlson\AppData\Local\Temp\jreCE13.exe
C:\Users\dcarlson\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\dcarlson\AppData\Local\Temp\log4net.dll
C:\Users\dcarlson\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\dcarlson\AppData\Local\Temp\SAS6_Update.exe
C:\Users\dcarlson\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\dcarlson\AppData\Local\Temp\STWSetup.exe
C:\Users\dcarlson\AppData\Local\Temp\SyncRestarter.exe
C:\Users\dcarlson\AppData\Local\Temp\sync_upgrader.exe
C:\Users\dcarlson\AppData\Local\Temp\tmpF3EA.exe
C:\Users\dcarlson\AppData\Local\Temp\ytb.exe
C:\Users\dcarlson\AppData\Local\Temp\_is5206.exe
C:\Users\dcarlson\AppData\Local\Temp\_is6E8A.exe
C:\Users\dcarlson\AppData\Local\Temp\_isCD3D.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 00:21

==================== End of FRST.txt ============================

 

Addtion log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01
Ran by DCarlson (2016-06-21 15:08:23)
Running from C:\Users\dcarlson\Desktop
Microsoft Windows 7 Enterprise Service Pack 1 (X86) (2013-03-18 15:24:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963794469-864693218-885105118-500 - Administrator - Enabled) => C:\Users\Administrator
CMPC_User (S-1-5-21-963794469-864693218-885105118-1001 - Administrator - Enabled) => C:\Users\CMPC_User
Guest (S-1-5-21-963794469-864693218-885105118-501 - Limited - Disabled)
IT_Admin (S-1-5-21-963794469-864693218-885105118-1002 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.3 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
BBSAK (HKLM\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{24F228C2-3505-49FC-A53F-4D39FAB3F32D}) (Version: 4.0.4758.0 - Box, Inc.)
Box Sync (Version: 4.0.4443.0 - Box Inc.) Hidden
BrickStock (HKLM\...\{6BEDCBFA-B948-4B32-8A0E-23FD541EE11E}) (Version: 1.2.11 - brickstock.patrickbrans.com)
Brother MFL-Pro Suite MFC-7820N (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM\...\{A9E5526A-ADE4-4B13-A76B-59C3B4A31D4B}) (Version: 28.10.0.16277 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Clarify + ADS Add-on (HKLM\...\Clarify_ADS) (Version: 6.0.1.19 - CompuCom Systems, Inc.)
ClarifyCRM 6.0.1.19 Client for Oracle (HKLM\...\{EC759F47-D73E-4987-A857-3E6070737453}) (Version: 6.0 - )
Collectorz.com Book Collector (HKLM\...\Collectorz.com Book Collector) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Configuration Manager Client (Version: 5.00.8239.1000 - Microsoft Corporation) Hidden
Cool Timer 4.9.1 (HKLM\...\Cool Timer_is1) (Version: - Harmony Hollow Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Dropbox) (Version: 4.4.29 - Dropbox, Inc.)
Dukto R6 (HKLM\...\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1) (Version: R6 - Emanuele Colombo)
Elevated Installer (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Flip (HKLM\...\{DF49D66D-D2D3-46DA-878B-F0BFC7795276}) (Version: 1.0.2.14 - Belkin Corporation)
FreeFileSync 5.15 (HKLM\...\FreeFileSync) (Version: 5.15 - Zenju)
FVD Converter 1.0.2 (HKLM\...\FVD Converter_is1) (Version: - flashvideodownloader.org)
Garmin BaseCamp (HKLM\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.10 (HKLM\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{7C14EFF4-6BD4-4398-AF8D-41F40F8D71F1}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Neoteris_Host_Checker) (Version: 8.0.10.35099 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.23727 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM\...\Juniper Network Connect 8.0) (Version: 8.0.10.35099 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Juniper_Setup_Client) (Version: 8.0.10.54879 - Juniper Networks)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
jZip (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\jZip) (Version: 2.0.0.131826 - Bandoo Media Inc) <==== ATTENTION
LDraw All-In-One-Installer 2015-02 (HKLM\...\LDraw2015-02) (Version: 2015-02 - LDraw.org)
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Lenovo Patch Utility (HKLM\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Agent (HKLM\...\{76473CBB-FE8D-4E3A-9591-CD6EFB621063}) (Version: 4.8.0.1938 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
Message Center Plus (HKLM\...\{2378B277-5261-4E0F-B5EC-BDFC080D598E}) (Version: 3.4.0001.00 - Lenovo Group Limited)
MetaFrame Presentation Server Web Client for Win32 (HKLM\...\Citrix ICA Web Client) (Version: - )
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM\...\Office14.AccessRT) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4498 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD0-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.120 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E149-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.120 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.1.1 (x86 en-GB)) (Version: 45.1.1 - Mozilla)
Nexthink Collector (HKLM\...\{926B5872-F9C3-4795-902D-B32FF75DCB67}) (Version: 5.2.08000 - Nexthink S.A.)
Nexthink Updater (HKLM\...\{89688D5A-2BD9-4697-BCEA-F0B0F1A50A4A}) (Version: 5.2.00066 - Nexthink S.A.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.1.0600 - Oracle Corporation)
PL/SQL Developer (HKLM\...\PL/SQL Developer [80687277]) (Version: - )
Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.40 - )
PowerChute Personal Edition 3.0.2 (HKLM\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Qlock Pro (HKLM\...\Qlock) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.6005) (HKLM\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snow Inventory Client (HKLM\...\{6346017B-CA2F-44BC-9A0D-055FADE7C9EF}) (Version: 3.7.02 - Snow Software AB)
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
System Information Reporter (HKLM\...\{36CD0606-5C32-457A-B3CA-40B8EBD04689}) (Version: 1.0.0.204 - McAfee)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.11 - Lenovo)
WebEx Productivity Tools (HKLM\...\{AAF23BB1-2DCB-411A-A0A7-0A118C827ABF}) (Version: 2.32.1201.16851 - Cisco WebEx LLC)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1216\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AC4F465-9A3C-4347-9F78-90C69C688F02} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)
Task: {0F04EFED-C352-42F0-A8B2-9ED8317DAF37} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0F106BD9-AED8-4AE0-BA87-2AD579F74D13} - System32\Tasks\{4456B143-1F5A-4703-9446-C860A58E6978} => pcalua.exe -a "C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OH2KH9\JavaSetup8u65.exe" -d C:\Users\dcarlson\Desktop
Task: {1425240F-3062-4FC0-9683-33663F4B9244} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {17C64809-494B-4DB1-9B65-9827A0F9F720} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {2140C494-E984-409D-A9B1-D78FF0A172FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {26C282E8-8A2C-423D-A04F-A92CE581768E} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {3A5938D4-1DD1-4DA2-B808-401CF6CE5EC2} - System32\Tasks\{83E6F0F8-52C5-428B-9D76-BB91AF007DA7} => pcalua.exe -a C:\Users\dcarlson\Desktop\Windows-KB841290-x86-ENU.exe -d C:\Users\dcarlson\Desktop
Task: {5CB69242-2794-4616-9A1C-96064358EDF6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7B9E480A-2F9F-4CC9-84B8-6D381B140F10} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7C4C1872-D156-4F76-B69A-AEB935379C1B} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-09] (Lenovo Group Limited)
Task: {89434955-0163-4DC6-BE9A-E086E0774BF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {8ABFF4C5-7D8C-451D-B7EA-A42A5FB5A5ED} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9B6F2090-B636-4F72-BB34-C61D08AD9611} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B1257EDB-E25D-48E0-819D-72D90C9B996C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)
Task: {B490AB66-CEA1-4EF3-9016-490E6F3A8FCA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-04-14] (Microsoft Corporation)
Task: {C0861AFE-F176-43EB-8A1F-CDDFA0A8F246} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {CBF42251-2F6F-4174-B664-618FC23D456D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E77DB122-0E92-479E-AD69-93770C7E9790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FAD9C7E4-9293-4804-89ED-9C09245EA56A} - System32\Tasks\VisualBeeRecovery => C:\Users\dcarlson\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe <==== ATTENTION
Task: {FF083A89-8F10-493D-A2A2-B065CD827142} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core.job => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA.job => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-06-19 11:00 - 2013-06-19 11:00 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2013-10-22 17:19 - 2013-10-22 17:19 - 00092456 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 00094208 _____ () C:\Program Files\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2013-03-22 19:50 - 2013-01-09 07:40 - 00084480 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-03-07 04:07 - 2011-03-07 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 00094208 _____ () C:\Program Files\Common Files\Research in Motion\Tunnel Manager\libxpmux.dll
2015-12-12 12:32 - 2016-05-05 06:09 - 00034768 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-06-03 14:56 - 2016-05-05 06:10 - 00019408 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-06-03 14:56 - 2016-05-05 06:09 - 00116688 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 12:32 - 2016-05-05 06:09 - 00093640 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 12:32 - 2016-05-05 06:09 - 00018376 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 12:32 - 2016-05-31 14:34 - 00019760 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00105928 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-06-03 14:56 - 2016-05-05 06:09 - 00392144 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 12:32 - 2016-05-31 14:34 - 00381752 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 12:32 - 2016-05-05 06:09 - 00692688 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00020816 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 12:32 - 2016-05-05 06:10 - 00123856 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 01682760 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00020808 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 12:32 - 2016-05-31 14:34 - 00021840 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00038696 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-06-03 14:56 - 2016-05-05 06:11 - 00020936 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00024528 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00114640 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00124880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00021832 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00024016 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00175560 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00030160 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00043472 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00048592 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00023872 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-06-03 14:56 - 2016-05-05 06:09 - 00134088 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00026456 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00057808 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00024016 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-06-03 14:56 - 2016-05-31 14:33 - 00246592 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00028616 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00052024 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-12 12:32 - 2016-05-05 06:09 - 00134608 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-06-03 14:56 - 2016-05-05 06:10 - 00240584 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00020800 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00019776 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00020800 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00020280 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 12:32 - 2016-05-31 14:34 - 00023376 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00350152 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 21:16 - 2016-05-31 14:34 - 00022352 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00024392 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-06-03 14:56 - 2016-05-05 06:12 - 00036296 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\librsync.dll
2016-06-03 14:56 - 2016-05-31 14:34 - 00084280 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-06-03 14:56 - 2016-05-31 14:34 - 01826096 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 12:32 - 2016-05-05 06:10 - 00083912 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\sip.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 03928880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 01971504 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00531248 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00132912 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00223544 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00207672 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 12:32 - 2016-05-05 06:11 - 00060880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32print.pyd
2015-12-12 12:32 - 2016-05-31 14:34 - 00024904 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00546096 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-06-03 14:56 - 2016-05-31 14:34 - 00357680 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2012-04-02 23:06 - 2012-04-02 23:06 - 04142080 _____ () C:\Program Files\Qlock\qlock.exe
2016-05-19 15:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-05-02 13:38 - 2002-11-26 14:43 - 00106496 ____N () C:\Windows\system32\BrMuSNMP.dll
2015-05-20 13:00 - 2015-05-20 13:00 - 00688888 _____ () C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2016-06-17 21:11 - 2016-06-15 05:15 - 01745560 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-17 21:11 - 2016-06-15 05:15 - 00091288 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.103\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]

 

Remainder of addition.log:

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => " "= "Service "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => " "= "Driver "
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => " "= "Service "

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7812 more sites.

IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\att.com -> *.teleconference.att.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\brainshark.com -> brainshark.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\cisco.com -> cisco.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\concursolutions.com -> concursolutions.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\desktop-shipping.com -> desktop-shipping.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\fidelity.com -> fidelity.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\ge.com -> *.gecits.ge.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\hrdpt.com -> *.compucom.hrdpt.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\ingrammicro.ca -> ingrammicro.ca
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\ingrammicro.com -> ingrammicro.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\livemeeting.com -> livemeeting.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\medco.com -> medco.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\spw099cmgr101 -> hxxp://spw099cmgr101
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\synnex.ca -> synnex.ca
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\synnex.com -> synnex.com
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\techdata.ca -> techdata.ca
IE trusted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\techdata.com -> techdata.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\1-2005-search.com -> www.1-2005-search.com

There are 12629 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:04 - 2013-05-03 16:59 - 00447225 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15345 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-415762479-31080894-1349916565-56332\Control Panel\Desktop\\Wallpaper -> C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.226.10.193 - 24.226.10.194
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{70D9243A-16AD-41C4-ACA7-67D4D6B367CC}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{B224B7FB-10E0-4FA6-B373-D4BAD871C12E}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi.exe
FirewallRules: [{D5FEA481-C1A2-4A44-99DF-121B0A7A6274}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{A7199697-4D1A-4D9D-92AC-E9B1E6AB2D18}] => (Allow) C:\Program Files\Microsoft Lync\communicator.exe
FirewallRules: [{AA9D4814-ACF5-4AB1-B7CB-0FBA9C830240}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{BC815849-36B4-4164-91D5-85AFEE9DE60D}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{10C20614-5CBA-4321-B536-B9B7305DFBD0}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{259C21C3-49F7-44C7-BFFE-8E797DE9C059}] => (Allow) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
FirewallRules: [{B336B316-4813-4B7D-9CCC-EE798EB390E7}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{9B47246D-6CEF-44DB-BB2E-15633BD0F1C0}] => (Allow) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [TCP Query User{41D08BB2-DDA6-4D4F-AF8B-34417AA4F8FE}C:\users\dcarlson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{E108BF58-4FFD-4312-A5D5-C99F5E983C30}C:\users\dcarlson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{7F9906B1-A39E-4772-B1BF-112469683499}C:\users\dcarlson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{29B603D0-5FA3-44E4-B2A9-6428FD8CF09C}C:\users\dcarlson\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [{663A047D-65E8-44E3-A550-1C6E00A993E1}] => (Block) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [{76B04000-4FB7-409B-B0DF-C3A3F2F5045D}] => (Block) C:\users\dcarlson\appdata\local\akamai\netsession_win.exe
FirewallRules: [{8196BC63-90FB-4DD9-AF05-830D7FE9AD46}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{83A6C6AA-8AEC-44D0-8299-7FDB62494402}] => (Allow) LPort=2869
FirewallRules: [{F912A0E4-4597-4773-B354-A7FB05DAA0CF}] => (Allow) LPort=1900
FirewallRules: [{C30A4230-CF97-40C1-9157-B1DCA7881BAF}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{7CB823E1-45BE-4FF3-BB08-EDAF04753F55}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{3262C9E3-9053-4E07-A024-3340675A92B8}] => (Allow) LPort=4481
FirewallRules: [{98B866A9-ED4B-4A1B-8B5D-73CBCACD3688}] => (Allow) LPort=4481
FirewallRules: [{23839938-7032-43E7-BF64-A3CB049C3FD7}] => (Allow) LPort=4482
FirewallRules: [{28800957-72D5-4C20-AE39-A033AF334832}] => (Allow) LPort=4482
FirewallRules: [{F3156B07-631A-4014-B831-5F49BC460898}] => (Allow) C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [{EA3C5359-F846-4B64-8812-B7001C52ED20}] => (Allow) C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\dtUser.exe
FirewallRules: [TCP Query User{1C242AF4-28BA-4C42-A7F8-F3F4DC3AE3C6}C:\program files\dukto\dukto.exe] => (Allow) C:\program files\dukto\dukto.exe
FirewallRules: [UDP Query User{0C8864A9-3B70-425C-A6DE-5D4E18EA9481}C:\program files\dukto\dukto.exe] => (Allow) C:\program files\dukto\dukto.exe
FirewallRules: [{F5BA8590-42B0-446C-851C-4873D374F6E5}] => (Allow) C:\Windows\System32\lxcccoms.exe
FirewallRules: [{6AEFE55D-1AF7-44C8-A2B1-16D2F362B6E3}] => (Allow) C:\Windows\System32\lxcccoms.exe
FirewallRules: [{CC006189-334E-4482-B5AF-BD22D5681451}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe
FirewallRules: [{38A1E7E0-00EA-4A6D-8ADC-03AFA00427B3}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxccpswx.exe
FirewallRules: [{E793BFAD-E7EA-4E81-86CF-7418836C096B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{8ED79445-9914-49E0-A2E6-BC84609C053B}] => (Allow) LPort=54925
FirewallRules: [{83171D20-3110-4A0F-B35A-6661A2615A85}] => (Allow) LPort=5910
FirewallRules: [TCP Query User{B486AE54-BD7A-4016-957B-745DC1AD7F5F}C:\users\dcarlson\appdata\local\crossloop\crossloopconnect.exe] => (Allow) C:\users\dcarlson\appdata\local\crossloop\crossloopconnect.exe
FirewallRules: [UDP Query User{EAD15331-4807-44D7-8AE0-E96E5FD49D34}C:\users\dcarlson\appdata\local\crossloop\crossloopconnect.exe] => (Allow) C:\users\dcarlson\appdata\local\crossloop\crossloopconnect.exe
FirewallRules: [{CEEA29DF-0A2D-4CC7-8873-8EDFC26C62A7}] => (Allow) C:\Program Files\BitLord 2\Bitlord files\bitlord.exe
FirewallRules: [{B484680F-DD57-4B27-9962-7664F5C9B7C5}] => (Allow) C:\Program Files\BitLord 2\Bitlord files\bitlord.exe
FirewallRules: [{86242C0E-A029-4212-B480-97BEE2901FCF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{395A0FCF-7369-484D-B89B-136A11184F18}C:\program files\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files\wondershare\allmytube\urlreqservice.exe
FirewallRules: [UDP Query User{5100A058-C345-42F7-981E-11C1E8E25AD9}C:\program files\wondershare\allmytube\urlreqservice.exe] => (Allow) C:\program files\wondershare\allmytube\urlreqservice.exe
FirewallRules: [{03727BE5-288C-4DE8-94B2-C0FB504D6396}] => (Allow) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRServer.exe
FirewallRules: [{F1F3B52A-5D53-435E-A990-81B9A96D8745}] => (Allow) C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
FirewallRules: [{1D6FD91C-6EFA-4CCF-A5CB-264EC9511381}] => (Allow) C:\Program Files\Splashtop\Splashtop Remote\SERVER\DataProxy.exe
FirewallRules: [TCP Query User{A08B57EF-0B92-4308-BBB8-FACCAF947A62}C:\users\dcarlson\desktop\easy_search_utility_4500.exe] => (Allow) C:\users\dcarlson\desktop\easy_search_utility_4500.exe
FirewallRules: [UDP Query User{739A5841-FD53-49B9-8865-C0DCC69BC322}C:\users\dcarlson\desktop\easy_search_utility_4500.exe] => (Allow) C:\users\dcarlson\desktop\easy_search_utility_4500.exe
FirewallRules: [{F8635BC9-4582-48BF-818B-43F6848C1CBD}] => (Allow) C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1A54AFEA-6AD6-46A0-8BEB-B8FA60473437}] => (Allow) C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A11231A8-FF51-4EAF-830C-850982F0CF5A}C:\users\dcarlson\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dcarlson\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{E665E063-E1A3-4C86-B1AF-CDE977A3F428}C:\users\dcarlson\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\dcarlson\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{8B6A373A-F9B2-43F2-9956-1ADEAF7F4DE4}] => (Allow) tunmgr.exe
FirewallRules: [{665455E2-9AF2-4486-AD51-724C492DDAD9}] => (Allow) tunmgr.exe
FirewallRules: [{5ECB1DE1-8821-4BA2-BD6B-68785E11EA80}] => (Allow) mDNSResponder.exe
FirewallRules: [{FB3A168B-B4CD-482E-951C-C3721A9A84B7}] => (Allow) mDNSResponder.exe
FirewallRules: [{270DF461-6434-49AA-801F-0CCD9E32B342}] => (Allow) C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe
FirewallRules: [{3B373F6A-B9EE-427D-9643-87DABEFFB633}] => (Allow) C:\Program Files\Common Files\Research In Motion\tunnel manager\PeerManager.exe
FirewallRules: [{F54997CD-B0C5-4CE7-85FD-549C32E2DD18}] => (Allow) C:\Program Files\BlackBerry\BlackBerry Blend\desktopinvokeproxy.exe
FirewallRules: [{A07B5DA5-24D4-4A51-A0CE-D7BE23721BDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{822E3A5D-B204-4C59-8840-18CF6EF79429}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BA06ABE8-7C26-4D35-82D1-AF647030CAE3}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{4F310F8F-6856-4317-A7CC-B48F467A0BB3}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{7D843DA0-2619-4AAC-9A28-2D1FB0B67996}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{5A23357A-D4A6-41E8-832C-BAB2EEC5AE03}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{2753A03A-C5E3-4E25-9492-A303704EB8AC}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{31DC0B16-0E62-4A1F-865D-E670078D5515}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{AF7D6F74-9A34-4A2F-BAA3-D3EC01D8EB75}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{1A1EB850-B4A6-4556-A6A4-02EF59386900}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{8FAF0C32-6036-4599-8E72-CEEFBD4BE693}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{6CABCACD-3318-4E1B-88A4-4EDEFE262723}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{D2B02A11-41AF-435F-8E59-A6C219428653}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{1C0DBE26-BACC-4E3B-82C9-81FE8623BC2B}] => (Allow) C:\Program Files\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{C4CC7B8B-3E4B-49F1-95FE-7D9BADB6073A}] => (Allow) C:\Windows\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{F00C5C16-4548-41F4-9BB3-D5459EC19CAD}] => (Allow) LPort=54925
FirewallRules: [{9F465D28-26B7-4BD3-938D-813BA4128944}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{838985B1-62D0-4FDB-96B0-64D7828D701C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2016 03:12:06 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:12:06.881]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:10:57 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:10:57.833]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:09:48 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:09:48.808]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:08:39 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:08:39.768]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:07:30 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:07:30.720]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:06:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:06:21.662]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:05:12 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:05:12.629]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:04:03 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:04:03.609]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:02:54 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:02:54.601]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]

Error: (06/21/2016 03:01:45 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2016/06/21 15:01:45.597]: [00006828]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.0.3]


System errors:
=============
Error: (06/21/2016 02:39:27 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain COMPUCOM due to the following:
%%1311 = There are currently no logon servers available to service the logon request.


This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/21/2016 01:06:33 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.

Error: (06/21/2016 01:06:08 PM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.


CodeIntegrity:
===================================
Date: 2015-11-29 20:37:56.766
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-29 20:37:56.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-25 17:23:46.627
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-25 17:23:46.614
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-21 20:45:44.965
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-21 20:45:44.950
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-17 19:07:10.803
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-17 19:07:10.783
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-13 17:25:56.135
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-11-13 17:25:56.116
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-lua_31bf3856ad364e35_6.1.7601.17514_none_a851c71dbb0d8483\consent.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 72%
Total physical RAM: 3497.23 MB
Available physical RAM: 979.07 MB
Total Virtual: 6992.79 MB
Available Virtual: 3065.85 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:465.46 GB) (Free:256.45 GB) NTFS
Drive g: (NUVI) (Removable) (Total:1.89 GB) (Free:1.89 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0619DEE1)
Partition 1: (Not Active) - (Size=465.5 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Thank you sir.
Ok, here's an update.
Tried to uninstall jzip. It says it's already uninstalled and do I want to remove the entry from the Programs list. But the directory is still there with the files.
Also couldn't get RogueKiller to complete successfully. It blue screened once and crashed three other times. All three crashes occurred on a .ico file of all strange things.

I didn't run anything further down in the list,
Wanted to wait for direction.

 

Here is the MBAM LOG. Going to run Adwcleaner now.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/1/2016
Scan Time: 3:37 PM
Logfile: MBAM_LOG_20160701.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.01.07
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: DCarlson

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 405493
Time Elapsed: 53 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 11
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, Quarantined, [0ad13ae45a4043f3f4808ee618eaba46],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, Quarantined, [0ad13ae45a4043f3f4808ee618eaba46],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\CLASSES\Toolbar.CT3292575, Quarantined, [6b70fd218b0f0234030fb9d9857ec33d],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CJFDIHNEPJINBOKDDDMKNFOPPFAEPBHC, Quarantined, [f9e232ec33678aacda62f9e18e74f50b],
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B83B57B3-1A82-4DEA-BA4A-6813FBEB75A2}, Quarantined, [1ac1df3feab03600e2a1bf1fd0336898],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\TRACING\cltmng_RASAPI32, Quarantined, [9b4027f79406cc6ae7da4b86ba48ab55],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\TRACING\cltmng_RASMANCS, Quarantined, [1cbfb36bd4c684b2a41d716069994eb2],
PUP.Optional.VisualBee, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FAD9C7E4-9293-4804-89ED-9C09245EA56A}, Delete-on-Reboot, [7863130b33677eb88329f5fc6e95817f],
PUP.Optional.VisualBee, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\VisualBeeRecovery, Delete-on-Reboot, [fdde5cc28c0e42f4c8c85188d03206fa],
PUP.Optional.Conduit, HKU\S-1-5-21-415762479-31080894-1349916565-56332\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, Quarantined, [d30857c70b8f15210e18a9f4699a2fd1],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-415762479-31080894-1349916565-56332\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\CJFDIHNEPJINBOKDDDMKNFOPPFAEPBHC, Quarantined, [defdbd617c1e84b257e64f8b2ed444bc],

Registry Values: 4
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjfdihnepjinbokdddmknfoppfaepbhc|path, C:\Users\dcarlson\AppData\Local\CRE\cjfdihnepjinbokdddmknfoppfaepbhc.crx, Quarantined, [f9e232ec33678aacda62f9e18e74f50b]
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{B83B57B3-1A82-4DEA-BA4A-6813FBEB75A2}|AppPath, C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1, Quarantined, [1ac1df3feab03600e2a1bf1fd0336898]
PUP.Optional.VisualBee, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FAD9C7E4-9293-4804-89ED-9C09245EA56A}|Path, \VisualBeeRecovery, Delete-on-Reboot, [7863130b33677eb88329f5fc6e95817f]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-415762479-31080894-1349916565-56332\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cjfdihnepjinbokdddmknfoppfaepbhc|path, C:\Users\dcarlson\AppData\Local\CRE\cjfdihnepjinbokdddmknfoppfaepbhc.crx, Quarantined, [defdbd617c1e84b257e64f8b2ed444bc]

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.VisualBee, C:\ProgramData\VisualBee, Quarantined, [10cba678b4e693a37b312b7dcb3720e0],
PUP.Optional.SearchResultsTB, C:\Users\dcarlson\AppData\LocalLow\searchresultstb, Quarantined, [a338c757c0da67cfa26404b93cc614ec],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome\content, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome\content\widgets, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome\content\widgets\net.vmn.www.RadioBeta, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome\widgets, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\chrome\widgets\net.vmn.www.RadioBeta, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Conduit, C:\Users\dcarlson\AppData\LocalLow\Conduit, Quarantined, [d3086ab44258c373243abb0c7290bb45],
PUP.Optional.Conduit, C:\Users\dcarlson\AppData\LocalLow\Conduit\Community Alerts, Quarantined, [d3086ab44258c373243abb0c7290bb45],
PUP.Optional.Conduit, C:\Users\dcarlson\AppData\LocalLow\Conduit\Community Alerts\Log, Quarantined, [d3086ab44258c373243abb0c7290bb45],

Files: 15
PUP.Optional.Conduit, C:\Program Files\Cool Timer\Harmony_Hollow_Software.exe, Quarantined, [697264ba35651a1cdc67c9ec6e9356aa],
PUP.Optional.InstallCore, C:\$Recycle.Bin\S-1-5-21-415762479-31080894-1349916565-56332\$RUNXHM1.exe, Quarantined, [528943db574372c4c903ff2c649d55ab],
PUP.Optional.VisualBee, C:\Windows\System32\Tasks\VisualBeeRecovery, Quarantined, [8b500c126436171f5c08489f7989e51b],
PUP.Optional.Wajam, C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage, Quarantined, [48930c121981f73f8c02e3d88083c53b],
PUP.Optional.Wajam, C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.wajam.com_0.localstorage-journal, Quarantined, [18c3e43a5941d363791579428380ca36],
PUP.Optional.VisualBee, C:\ProgramData\VisualBee\VisualBeeDB.exe, Quarantined, [10cba678b4e693a37b312b7dcb3720e0],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\apnuserid.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\appid.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\dtx.ini, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\geodata.xml, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\guid.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\log.txt, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\preferences.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\sysid.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],
PUP.Optional.Bandoo.AppFlsh, C:\Users\dcarlson\AppData\LocalLow\ilividtoolbargaw\trackid.dat, Quarantined, [08d30816dac066d0e1dc01c304fe6a96],

Physical Sectors: 0
(No malicious items detected)


(end)

 

ADWCleaner Log:

# AdwCleaner v5.201 - Logfile created 01/07/2016 at 18:54:47
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-01.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (X86)
# Username : DCarlson - ON-NW7-189991
# Running from : C:\Users\dcarlson\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[+] Folder Deleted : C:\ProgramData\Browser Manager
[-] Folder Deleted : C:\ProgramData\wincert
[#] Folder Deleted : C:\ProgramData\Application Data\Browser Manager
[#] Folder Deleted : C:\ProgramData\Application Data\wincert
[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\Yahoo!\yset
[-] Folder Deleted : C:\Windows\ms
[-] Folder Deleted : C:\Users\dcarlson\AppData\Local\Temp\jZip
[-] Folder Deleted : C:\Users\dcarlson\AppData\Local\Temp\WebUpdater
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\DCarlson\AppData\Local\apn
[-] Folder Deleted : C:\Users\DCarlson\AppData\Local\jZip
[-] Folder Deleted : C:\Users\DCarlson\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\DCarlson\Favorites\Search
[-] Folder Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[#] Folder Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp
[#] Folder Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp

***** [ Files ] *****

[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
[#] File Deleted : C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppPath\jZip.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Value Deleted : HKLM\SOFTWARE\RegisteredApplications [jZip]
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo
[-] Key Deleted : HKLM\SOFTWARE\Classes\jZip.file
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Key Deleted : HKCU\Software\ilivid
[-] Key Deleted : HKCU\Software\ilividtoolbargaw
[-] Key Deleted : HKCU\Software\jZip
[-] Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
[-] Key Deleted : HKCU\Software\StartSearch
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ilividtoolbargaw
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\jZip
[-] Key Deleted : HKLM\SOFTWARE\VBMZ
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F3156B07-631A-4014-B831-5F49BC460898}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{EA3C5359-F846-4B64-8812-B7001C52ED20}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{CEEA29DF-0A2D-4CC7-8873-8EDFC26C62A7}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B484680F-DD57-4B27-9962-7664F5C9B7C5}]

***** [ Web browsers ] *****

[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.ca
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.ca
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : netflix.ca

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11153 bytes] - [01/07/2016 18:54:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [11183 bytes] - [01/07/2016 18:20:02]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11301 bytes] ##########

 

Here is the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Enterprise x86
Ran by DCarlson (Administrator) on Fri 07/01/2016 at 19:25:23.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 21

Successfully deleted: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13U5TBO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O00HPPY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OE3KNCC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COIZ26UA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OH2KH9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9VLBDSR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFU4T81D (Temporary Internet Files Folder)
Successfully deleted: C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2S1D90G (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13U5TBO7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O00HPPY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OE3KNCC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COIZ26UA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OH2KH9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9VLBDSR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XFU4T81D (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z2S1D90G (Temporary Internet Files Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/01/2016 at 19:29:06.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I have a corporate version of McAfee running and can't disable it. What to do?

 

RogueKiller still wouldn't run. It crashed on an .ico file again.

Here is the combofix log:

ComboFix 16-06-30.01 - DCarlson 07/02/2016 12:52:46.1.4 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3497.2416 [GMT -4:00]
Running from: c:\users\dcarlson\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\ntuser.pol
c:\users\dcarlson\AppData\Roaming\64dlls.exe
c:\users\dcarlson\AppData\Roaming\intel64.exe
c:\users\dcarlson\AppData\Roaming\Kernel32.exe
c:\users\dcarlson\AppData\Roaming\localsys64.exe
c:\users\dcarlson\AppData\Roaming\ntos.exe
c:\users\dcarlson\AppData\Roaming\oembios.exe
c:\users\dcarlson\AppData\Roaming\sdra64.exe
c:\users\dcarlson\AppData\Roaming\sdra73.exe
c:\users\dcarlson\AppData\Roaming\swin32.exe
c:\users\dcarlson\AppData\Roaming\twex.exe
c:\users\dcarlson\AppData\Roaming\twext.exe
c:\users\dcarlson\AppData\Roaming\win32avs.exe
c:\users\dcarlson\AppData\Roaming\wsnpoema.exe
c:\users\dcarlson\ResourceReader.dll
c:\windows\system32\out.txt . . . . Failed to delete
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v4.0.30319\WsatConfig.exe
.
.
((((((((((((((((((((((((( Files Created from 2016-06-02 to 2016-07-02 )))))))))))))))))))))))))))))))
.
.
2016-07-02 17:49 . 2016-07-02 17:49 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8DBFDA-5C5E-4223-B7EB-F896BF0EFF69}\offreg.3188.dll
2016-07-02 17:10 . 2016-07-02 17:10 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8DBFDA-5C5E-4223-B7EB-F896BF0EFF69}\offreg.3168.dll
2016-07-02 17:10 . 2016-07-02 17:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-07-02 17:09 . 2016-07-02 17:09 -------- d-----w- c:\users\CMPC_User\AppData\Local\temp
2016-07-02 17:09 . 2016-07-02 17:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2016-07-02 17:09 . 2016-07-02 17:09 -------- d-----w- c:\users\admdssg\AppData\Local\temp
2016-07-02 16:52 . 2016-07-02 16:52 -------- d-----w- C:\Quarantine
2016-07-01 22:19 . 2016-07-01 22:54 -------- d-----w- C:\AdwCleaner
2016-07-01 19:30 . 2016-07-01 22:16 170200 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-07-01 19:29 . 2016-03-10 18:09 53120 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-07-01 19:29 . 2016-03-10 18:08 126336 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-07-01 19:29 . 2016-07-01 20:58 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2016-06-30 16:10 . 2015-10-13 04:50 712640 ----a-w- c:\windows\system32\drivers\ndis.sys
2016-06-30 16:07 . 2015-07-15 17:59 78784 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2016-06-30 16:07 . 2015-07-15 17:54 10752 ----a-w- c:\windows\system32\msmmsp.dll
2016-06-30 16:06 . 2015-07-15 17:55 1159168 ----a-w- c:\windows\system32\sysmain.dll
2016-06-30 16:03 . 2015-10-29 17:50 5120 ----a-w- c:\windows\system32\shimeng.dll
2016-06-30 16:03 . 2015-10-29 17:49 295936 ----a-w- c:\windows\system32\apphelp.dll
2016-06-30 16:03 . 2015-10-29 17:49 62464 ----a-w- c:\windows\system32\aelupsvc.dll
2016-06-30 16:03 . 2015-10-29 17:49 20992 ----a-w- c:\windows\system32\sdbinst.exe
2016-06-30 16:03 . 2015-07-09 17:42 67584 ----a-w- c:\windows\system32\dwmapi.dll
2016-06-30 16:03 . 2015-07-09 17:42 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2016-06-30 16:00 . 2015-07-16 19:12 856064 ----a-w- c:\windows\system32\rdvidcrl.dll
2016-06-30 16:00 . 2015-07-16 19:12 53248 ----a-w- c:\windows\system32\tsgqec.dll
2016-06-30 16:00 . 2015-07-16 19:12 6131200 ----a-w- c:\windows\system32\mstscax.dll
2016-06-30 16:00 . 2015-07-16 15:14 355840 ----a-w- c:\windows\system32\wksprt.exe
2016-06-30 15:56 . 2015-08-05 17:41 751104 ----a-w- c:\windows\system32\schedsvc.dll
2016-06-30 15:56 . 2015-09-01 17:52 868864 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2016-06-30 15:56 . 2015-09-01 17:52 348672 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2016-06-30 15:56 . 2015-09-01 17:52 104448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2016-06-30 15:56 . 2015-09-01 17:52 181760 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2016-06-30 15:56 . 2015-09-01 17:50 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2016-06-30 15:54 . 2015-08-27 17:58 1391104 ----a-w- c:\windows\system32\msxml6.dll
2016-06-30 15:54 . 2015-08-27 17:51 2048 ----a-w- c:\windows\system32\msxml6r.dll
2016-06-30 15:53 . 2015-07-09 17:42 179712 ----a-w- c:\windows\system32\notepad.exe
2016-06-30 15:53 . 2015-07-09 17:42 179712 ----a-w- c:\windows\notepad.exe
2016-06-30 15:52 . 2015-10-13 16:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2016-06-30 15:52 . 2015-10-13 16:31 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2016-06-30 15:49 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
2016-06-30 15:48 . 2015-07-30 17:57 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2016-06-30 15:47 . 2015-08-05 16:58 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2016-06-30 15:47 . 2015-08-05 17:40 15872 ----a-w- c:\windows\system32\icaapi.dll
2016-06-30 15:47 . 2015-07-01 20:30 206848 ----a-w- c:\windows\system32\WebClnt.dll
2016-06-30 15:47 . 2015-07-01 20:30 82432 ----a-w- c:\windows\system32\davclnt.dll
2016-06-30 15:46 . 2015-08-06 17:44 1498624 ----a-w- c:\windows\system32\ExplorerFrame.dll
2016-06-30 15:45 . 2015-07-22 17:53 635392 ----a-w- c:\windows\system32\tdh.dll
2016-06-30 15:45 . 2015-07-22 16:38 41984 ----a-w- c:\windows\system32\UtcResources.dll
2016-06-30 15:45 . 2015-07-22 17:53 937984 ----a-w- c:\windows\system32\diagtrack.dll
2016-06-30 15:31 . 2016-01-22 06:02 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-06-30 15:31 . 2016-01-22 06:02 290816 ----a-w- c:\program files\Common Files\System\Ole DB\msdaora.dll
2016-06-30 15:31 . 2016-01-22 06:04 642048 ----a-w- c:\windows\system32\CPFilters.dll
2016-06-30 15:31 . 2016-01-22 06:04 535040 ----a-w- c:\windows\system32\EncDec.dll
2016-06-30 15:31 . 2016-01-22 06:02 114176 ----a-w- c:\windows\system32\mtxoci.dll
2016-06-30 15:28 . 2015-12-20 18:45 2745856 ----a-w- c:\windows\system32\rdpcorets.dll
2016-06-30 15:28 . 2015-12-20 18:45 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2016-06-30 15:28 . 2015-12-20 16:16 221184 ----a-w- c:\windows\system32\rdpudd.dll
2016-06-30 15:25 . 2016-01-06 18:43 126464 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\rtscom.dll
2016-06-30 15:25 . 2016-01-06 18:41 939520 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2016-06-30 15:25 . 2016-01-06 18:41 1415168 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2016-06-30 15:25 . 2016-01-06 18:41 274944 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkDiv.dll
2016-06-30 15:25 . 2016-01-06 18:41 216064 ----a-w- c:\windows\system32\InkEd.dll
2016-06-30 15:22 . 2016-01-07 17:35 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-06-30 15:02 . 2016-05-18 16:10 306688 ----a-w- c:\windows\system32\gdi32.dll
2016-06-30 15:01 . 2016-05-12 14:54 2397696 ----a-w- c:\windows\system32\win32k.sys
2016-06-30 14:50 . 2016-05-11 15:19 351744 ----a-w- c:\windows\system32\winhttp.dll
2016-06-30 14:50 . 2016-05-11 14:52 188928 ----a-w- c:\windows\system32\drivers\netbt.sys
2016-06-30 14:50 . 2016-05-11 15:19 206336 ----a-w- c:\windows\system32\ws2_32.dll
2016-06-30 14:50 . 2016-05-11 15:19 231424 ----a-w- c:\windows\system32\mswsock.dll
2016-06-30 14:50 . 2016-05-11 15:01 26624 ----a-w- c:\windows\system32\netbtugc.exe
2016-06-30 14:49 . 2016-05-12 15:18 70144 ----a-w- c:\windows\system32\winipsec.dll
2016-06-30 14:49 . 2016-05-12 15:18 274944 ----a-w- c:\windows\system32\polstore.dll
2016-06-30 14:49 . 2016-05-12 15:18 351744 ----a-w- c:\windows\system32\IPSECSVC.DLL
2016-06-30 14:49 . 2016-05-12 15:18 606720 ----a-w- c:\windows\system32\gpsvc.dll
2016-06-30 14:49 . 2016-05-12 15:18 591872 ----a-w- c:\windows\system32\gpprefcl.dll
2016-06-30 14:49 . 2016-05-12 15:18 79360 ----a-w- c:\windows\system32\gpapi.dll
2016-06-30 14:49 . 2016-05-12 15:18 44032 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2016-06-30 14:49 . 2016-05-12 14:57 30720 ----a-w- c:\windows\system32\gpscript.dll
2016-06-30 14:49 . 2016-05-12 14:57 24576 ----a-w- c:\windows\system32\gpscript.exe
2016-06-30 14:46 . 2016-05-13 21:54 308456 ----a-w- c:\windows\system32\atmfd.dll
2016-06-30 14:46 . 2016-05-13 21:49 26112 ----a-w- c:\windows\system32\lpk.dll
2016-06-30 14:46 . 2016-05-13 21:49 70656 ----a-w- c:\windows\system32\fontsub.dll
2016-06-30 14:46 . 2016-05-13 21:49 10240 ----a-w- c:\windows\system32\dciman32.dll
2016-06-30 14:46 . 2016-05-13 21:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2016-06-30 14:45 . 2016-05-11 15:19 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2016-06-29 19:16 . 2016-07-02 16:34 -------- d-----w- c:\users\dcarlson\AppData\Local\CrashDumps
2016-06-29 18:41 . 2016-06-29 18:41 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8DBFDA-5C5E-4223-B7EB-F896BF0EFF69}\offreg.4592.dll
2016-06-29 18:41 . 2016-07-02 00:58 24688 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-06-29 18:40 . 2016-06-29 18:40 -------- d-----w- c:\programdata\RogueKiller
2016-06-21 19:05 . 2016-06-21 19:13 -------- d-----w- C:\FRST
2016-06-21 08:08 . 2016-06-21 08:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8DBFDA-5C5E-4223-B7EB-F896BF0EFF69}\offreg.7208.dll
2016-06-21 07:59 . 2016-05-27 18:01 9464104 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6B8DBFDA-5C5E-4223-B7EB-F896BF0EFF69}\mpengine.dll
2016-06-14 16:58 . 2016-06-14 16:58 -------- d-----w- c:\users\dcarlson\AppData\Roaming\Ing. Michael Lachmann
2016-06-14 16:58 . 2016-06-14 16:58 -------- d-----w- c:\users\dcarlson\AppData\Local\LPub3D Software
2016-06-14 16:58 . 2016-06-15 20:06 -------- d-----w- c:\users\dcarlson\AppData\Roaming\LDCad
2016-06-14 16:57 . 2016-06-14 16:57 -------- d-----w- c:\users\dcarlson\AppData\Local\Michael Heidemann
2016-06-14 16:47 . 2016-06-14 16:58 -------- d-----w- c:\program files\LDraw
2016-06-14 16:32 . 2016-06-14 16:47 -------- d-----w- c:\windows\LDraw
2016-06-08 13:57 . 2016-06-08 13:57 -------- d-----w- c:\program files\iPod
2016-06-08 13:57 . 2016-06-08 13:57 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-06-16 18:24 . 2013-07-15 15:25 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-06-16 18:24 . 2013-03-18 19:53 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-06-13 23:31 . 2011-06-06 23:25 400040 ------w- c:\windows\system32\MpSigStub.exe
2016-05-03 14:09 . 2014-02-12 18:12 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2016-04-14 15:38 . 2016-06-01 15:21 105192 ----a-w- c:\windows\system32\consent.exe
2016-04-14 15:33 . 2016-06-01 15:21 337408 ----a-w- c:\windows\system32\msihnd.dll
2016-04-14 15:33 . 2016-06-01 15:21 25088 ----a-w- c:\windows\system32\msimsg.dll
2016-04-14 15:33 . 2016-06-01 15:21 2365440 ----a-w- c:\windows\system32\msi.dll
2016-04-14 15:33 . 2016-06-01 15:21 1806848 ----a-w- c:\windows\system32\authui.dll
2016-04-14 15:33 . 2016-06-01 15:21 47104 ----a-w- c:\windows\system32\appinfo.dll
2016-04-14 15:11 . 2016-06-01 15:21 73216 ----a-w- c:\windows\system32\msiexec.exe
2016-04-14 13:49 . 2016-06-01 15:23 603648 ----a-w- c:\windows\system32\d3d10level9.dll
2016-04-09 06:59 . 2016-06-01 15:17 3998952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-04-09 06:59 . 2016-06-01 15:17 3943144 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-04-09 06:59 . 2016-06-01 15:12 730344 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2016-04-09 06:59 . 2016-06-01 15:12 218856 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2016-04-09 06:57 . 2016-06-01 15:17 1310528 ----a-w- c:\windows\system32\ntdll.dll
2016-04-09 06:54 . 2016-06-01 15:17 43008 ----a-w- c:\windows\system32\srclient.dll
2016-04-09 06:54 . 2016-06-01 15:17 400896 ----a-w- c:\windows\system32\srcore.dll
2016-04-09 06:54 . 2016-06-01 15:17 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-04-09 06:54 . 2016-06-01 15:17 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-04-09 06:54 . 2016-06-01 15:12 107520 ----a-w- c:\windows\system32\cdd.dll
2016-04-09 06:54 . 2016-06-01 15:17 6656 ----a-w- c:\windows\system32\apisetschema.dll
2016-04-09 06:54 . 2016-06-01 15:17 50688 ----a-w- c:\windows\system32\appidapi.dll
2016-04-09 06:54 . 2016-06-01 15:17 644096 ----a-w- c:\windows\system32\advapi32.dll
2016-04-09 05:42 . 2016-06-01 15:17 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2016-04-09 05:42 . 2016-06-01 15:17 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-04-09 05:42 . 2016-06-01 15:17 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-04-09 05:42 . 2016-06-01 15:17 29696 ----a-w- c:\windows\system32\appidsvc.dll
2016-04-09 05:40 . 2016-06-01 15:17 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-04-09 05:37 . 2016-06-01 15:17 69632 ----a-w- c:\windows\system32\smss.exe
2016-04-09 04:20 . 2016-06-01 15:20 1230848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2016-04-06 10:36 . 2016-06-01 15:16 19968 ----a-w- c:\windows\system32\jnwmon.dll
2016-04-06 10:36 . 2016-06-01 15:16 22528 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
2013-03-26 21:14 . 2013-03-26 21:14 448512 ----a-w- c:\program files\TFC.exe
2013-03-25 14:40 . 2013-03-25 14:40 53248 ----a-w- c:\program files\MD5_SHA-1 Utility.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt1"]
@= "{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt2"]
@= "{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt3"]
@= "{FB314EDD-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt4"]
@= "{FB314EDE-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt5"]
@= "{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt6"]
@= "{FB314EDF-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt7"]
@= "{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ "DropboxExt8"]
@= "{FB314EE0-A251-47B7-93E1-CDD82E34AF8B} "
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2016-06-13 20:10 211264 ----a-w- c:\users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncFileLocked]
@= "{1b9c95e1-ce36-3737-81c8-1ec9807f03c1} "
[HKEY_CLASSES_ROOT\CLSID\{1b9c95e1-ce36-3737-81c8-1ec9807f03c1}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncNotSynced]
@= "{e22ccf16-2db6-3de8-9a2c-acb66b571b69} "
[HKEY_CLASSES_ROOT\CLSID\{e22ccf16-2db6-3de8-9a2c-acb66b571b69}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncProblem]
@= "{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} "
[HKEY_CLASSES_ROOT\CLSID\{84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0000BoxSyncSynced]
@= "{01fcd170-7f0a-3b6a-b992-66a7a20289b5} "
[HKEY_CLASSES_ROOT\CLSID\{01fcd170-7f0a-3b6a-b992-66a7a20289b5}]
2010-11-20 21:29 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp "= "c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-04-08 1399208]
"OfficeSyncProcess "= "c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2015-09-02 721504]
"Dropbox Update "= "c:\users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-26 134512]
"PTIM.exe "= "c:\program files\WebEx\Productivity Tools\PTIM.exe" [2016-05-16 820160]
"PTOneClick "= "c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2016-05-16 574912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Communicator "= "c:\program files\Microsoft Lync\communicator.exe" [2016-03-14 12119872]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2012-08-27 144704]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2012-08-27 180032]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2012-08-27 188736]
"NUSB3MON "= "c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"PWMTRV "= "c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2013-01-09 4449576]
"AcWin7Hlpr "= "c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2013-10-22 63784]
"ACTray "= "c:\program files\Lenovo\Access Connections\ACTray.exe" [2013-10-22 432424]
"Eraser "= "c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"ConnectionCenter "= "c:\program files\Citrix\ICA Client\concentr.exe" [2012-03-28 309184]
"BCSSync "= "c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"RIMBBLaunchAgent.exe "= "c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2014-10-31 443640]
"RIM PeerManager "= "c:\program files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe" [2015-05-26 4730616]
"McAfeeUpdaterUI "= "c:\program files\McAfee\Common Framework\udaterui.exe" [2015-02-10 337776]
"ShStatEXE "= "c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2015-08-21 244080]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2016-04-01 596504]
"BrMfcWnd "= "c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3 "= "c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2016-06-01 164152]
"Malwarebytes Anti-Malware "= "c:\program files\Malwarebytes Anti-Malware\BusinessMessaging.exe" [2016-07-01 3219456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp "= "c:\program files\Garmin\Express Tray\ExpressTray.exe" [2016-04-08 1399208]
.
c:\users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2016-6-29 24105936]
PowerChute Personal Edition.lnk - c:\program files\APC\PowerChute Personal Edition\PowerChute.exe [2012-1-24 1992056]
qlock.lnk - c:\program files\Qlock\qlock.exe [2012-4-2 4142080]
ScreenHunter 6.0 Free.lnk - c:\program files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe [2013-3-26 8867840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2012-4-1 1110816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
"SoftwareSASGeneration "= 1 (0x1)
"HideFastUserSwitching "= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentProgForNewUserInStartMenu "= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=" "
.
R1 nxtdrv;Nexthink Collector;c:\windows\system32\DRIVERS\nxtdrv.sys [2014-11-17 210192]
R2 Nexthink Service;Nexthink Collector Service;c:\windows\system32\nxtsvc.exe [2014-11-17 522000]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2013-06-19 92112]
R3 blackberryncm;BlackBerryNCM Service;c:\windows\system32\DRIVERS\blackberryncm6.sys [2014-09-08 22016]
R3 BoxSyncUpdateService;Box Sync Update Service;c:\program files\Box\Box Sync\SyncUpdaterService.exe [2014-02-14 22016]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-04-01 504360]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2014-03-19 65232]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2013-01-09 280640]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-09-29 238248]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2010-04-07 223960]
R3 Garmin Device Interaction Service;Garmin Device Interaction Service;c:\program files\Garmin\Device Interaction Service\GarminService.exe [2016-04-08 792592]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-05-20 102912]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe [2012-08-02 48744]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe [2012-08-02 48744]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2015-10-16 100632]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2013-01-09 1665832]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2013-01-09 1664296]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
R3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-02-07 660504]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 usbrndis6;USB RNDIS6 Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-24 1343400]
R4 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\SERVER\SRService.exe [2013-09-02 790368]
R4 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2013-08-07 609056]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2013-01-09 25416]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2015-10-16 223520]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-03-19 64800]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2016-06-07 142648]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 APC Data Service;APC Data Service;c:\program files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
S2 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe [2015-04-14 513208]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2012-08-24 127072]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2015-10-16 242408]
S2 Nexthink Updater;Nexthink Updater;c:\windows\system32\nxtupdater.exe [2014-07-08 284432]
S2 RIM MDNS;RIM MDNS;c:\program files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [2015-03-19 396024]
S2 RIM Tunnel Service;BlackBerry Link Communication Manager;c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe service [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc86.sys [2011-03-23 75264]
S2 SnowInventoryClient;Snow Inventory Client;c:\program files\INVENTORYCLIENT\client.exe [2014-12-07 3402752]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2012-12-18 116368]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2012-12-04 125504]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-06-19 557968]
S3 BlackBerry Device Manager;BlackBerry Device Manager;c:\program files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2014-10-31 588024]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 289792]
S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys [2015-10-16 315576]
S3 mfeaacsk;McAfee Inc. mfeaacsk;c:\windows\system32\drivers\mfeaacsk.sys [2015-10-16 59584]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2015-10-16 380504]
S3 mfeplk;McAfee Inc. mfeplk;c:\windows\system32\drivers\mfeplk.sys [2015-10-16 61736]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-08-04 7517696]
S3 rimvndis;BlackBerry Virtual Private Network;c:\windows\system32\Drivers\rimvndis6.sys [2015-03-19 14848]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-10-18 38200]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\B616CCAF-9BE1-E410-70CD-16C176D7269C]
2016-04-14 15:11 73216 ----a-w- c:\windows\System32\msiexec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-06-29 18:06 1248072 ----a-w- c:\program files\Google\Chrome\Application\51.0.2704.106\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-05-03 14:41 287416 ----a-w- c:\program files\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-15 18:24]
.
2016-07-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core.job
- c:\users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26 12:20]
.
2016-07-02 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA.job
- c:\users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26 12:20]
.
2016-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-23 19:17]
.
2016-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-11-23 19:17]
.
.
------- Supplementary Scan -------
.
uStart Page = about:Tabs
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: cisco.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\*.compucom
Trusted Zone: hrdpt.com\*.compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
Trusted Zone: att.com\*.teleconference
Trusted Zone: brainshark.com
Trusted Zone: cisco.com
Trusted Zone: concursolutions.com
Trusted Zone: desktop-shipping.com
Trusted Zone: fidelity.com
Trusted Zone: ge.com\*.gecits
Trusted Zone: hrdpt.com\*.compucom
Trusted Zone: hrdpt.com\*.compucomdev
Trusted Zone: ingrammicro.ca
Trusted Zone: ingrammicro.com
Trusted Zone: livemeeting.com
Trusted Zone: medco.com
Trusted Zone: synnex.ca
Trusted Zone: synnex.com
Trusted Zone: techdata.ca
Trusted Zone: techdata.com
TCP: DhcpNameServer = 24.226.10.193 24.226.10.194 24.226.1.94
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} - hxxps://168.87.141.232/CACHE/stc/1/binaries/vpnweb.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} - hxxps://transfer.compucom.com/COM/MOVEitUploadWizard7.0.0.ocx
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,2e,28,0d,79,46,c3,44,82,a3,a1,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e1,2e,28,0d,79,46,c3,44,82,a3,a1,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_192_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\certpoleng.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\APC\PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\progra~1\LENOVO\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\CCM\CcmExec.exe
c:\program files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Lenovo\Zoom\TPSCREX.EXE
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\progra~1\Lenovo\HOTKEY\SHTCTKY.EXE
c:\progra~1\LENOVO\HOTKEY\tpnumlkd.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\windows\CCM\SCNotification.exe
c:\windows\System32\rundll32.exe
c:\program files\Eraser\Eraser.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\WebEx\PRODUC~1\ptSrv.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Common Files\Research In Motion\nginx\nginx.exe
c:\program files\Common Files\Research In Motion\nginx\nginx.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft Lync\UcMapi.exe
c:\program files\Lenovo\message center plus\mcplaunch.exe
c:\windows\system32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2016-07-02 14:16:02 - machine was rebooted
ComboFix-quarantined-files.txt 2016-07-02 18:15
.
Pre-Run: 299,971,919,872 bytes free
Post-Run: 301,892,804,608 bytes free
.
- - End Of File - - 1CE6EA6133827BFFA912A6DC8B48121E
A36C5E4F47E84449FF07ED3517B43A31

 

I also tried running RogueKiller again. It blue screened the PC. Things do seem to be running a little better but there is still a lot of harddrive activity when there shouldn't be. Like right now I have nothing open but Chrome and it's churning away doing something.

 

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-06-2016 01
Ran by DCarlson (administrator) on ON-NW7-189991 (03-07-2016 19:41:56)
Running from C:\Users\dcarlson\Desktop
Loaded Profiles: DCarlson (Available Profiles: DCarlson & CMPC_User & Administrator)
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Juniper Networks, Inc.) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nexthink S.A.) C:\Windows\System32\nxtupdater.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(Apple Inc.) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Lenovo) C:\Program Files\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\communicator.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo) C:\Program Files\Lenovo\Access Connections\ACTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
(BlackBerry Limited) C:\Program Files\Common Files\Research in Motion\Tunnel Manager\PeerManager.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(Lenovo Group Limited) C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\BusinessMessaging.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\PTIM.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Cisco WebEx LLC) C:\Program Files\WebEx\Productivity Tools\ptSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Qlock\qlock.exe
(Wisdom Software Inc. ) C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(Lenovo) C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Lync\UcMapi.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Common Files\Research in Motion\nginx\nginx.exe
() C:\Program Files\Common Files\Research in Motion\nginx\nginx.exe
(Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Blackfish Software) C:\Users\dcarlson\AppData\Local\IE Tab\9.6.7.1\ietabhelper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Snow Software AB) C:\Program Files\INVENTORYCLIENT\client.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Communicator] => C:\Program Files\Microsoft Lync\communicator.exe [12119872 2016-03-14] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-10-22] (Lenovo)
HKLM\...\Run: [ACTray] => C:\Program Files\Lenovo\Access Connections\ACTray.exe [432424 2013-10-22] (Lenovo)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443640 2014-10-31] (BlackBerry Limited)
HKLM\...\Run: [RIM PeerManager] => C:\Program Files\Common Files\Research In Motion\Tunnel Manager\PeerManager.exe [4730616 2015-05-26] (BlackBerry Limited)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [337776 2015-02-10] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [244080 2015-08-20] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-06-01] (Apple Inc.)
HKLM\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-07-01] (Malwarebytes)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%\System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [1399208 2016-04-08] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [Dropbox Update] => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-26] (Dropbox, Inc.)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [PTIM.exe] => C:\Program Files\WebEx\Productivity Tools\PTIM.exe [820160 2016-05-15] (Cisco WebEx LLC)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Run: [PTOneClick] => C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe [574912 2016-05-15] (Cisco WebEx LLC)
HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Policies\Explorer: [ClearRecentProgForNewUserInStartMenu] 1
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ "DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ "DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-06-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-03-23]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-06-29]
ShortcutTarget: Dropbox.lnk -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerChute Personal Edition.lnk [2013-03-23]
ShortcutTarget: PowerChute Personal Edition.lnk -> C:\Program Files\APC\PowerChute Personal Edition\PowerChute.exe (Schneider Electric)
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk [2013-03-25]
ShortcutTarget: qlock.lnk -> C:\Program Files\Qlock\qlock.exe ()
Startup: C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Free.lnk [2013-03-26]
ShortcutTarget: ScreenHunter 6.0 Free.lnk -> C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94
Tcpip\..\Interfaces\{7D6C841A-0250-4743-A962-B17638BC381E}: [DhcpNameServer] 24.226.10.193 24.226.10.194 24.226.1.94

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-415762479-31080894-1349916565-56332\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-415762479-31080894-1349916565-56332\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKLM -> DefaultScope {C2BAE1FA-6009-452A-9F5C-6141E21A68C9} URL =
SearchScopes: HKU\S-1-5-21-415762479-31080894-1349916565-56332 -> {A5D8E0B0-EE38-40CB-B531-3D5101459618} URL = hxxps://ca.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-03] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20151016092748.dll [2015-10-16] (McAfee, Inc.)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files\WebEx\Productivity Tools\ptonecli.dll [2016-05-15] (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-03] (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll [2016-05-15] (Cisco WebEx LLC)
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} hxxp://citrix.compucom.local/Citrix/MetaFrame/ICAWEB_common/en/ica32/wficat.cab
DPF: {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://168.87.141.232/CACHE/stc/1/binaries/vpnweb.cab
DPF: {B25AB9F1-B8A2-4072-8964-00C7EDF99750} hxxps://transfer.compucom.com/COM/MOVEitUploadWizard7.0.0.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://compucom.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://remote.compucom.com/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin: @IPCWebComponents -> C:\Program Files\IPCWebComponents\npIPCReg.dll [2014-04-07] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2015-05-22] ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-415762479-31080894-1349916565-56332: @citrixonline.com/appdetectorplugin -> C:\Users\dcarlson\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-10-08] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-03-14] ()
FF Plugin ProgramFiles/Appdata: C:\Users\dcarlson\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-28] (Cisco WebEx LLC)
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files\Common Files\McAfee\SystemCore [2016-07-03] [not signed]

Chrome:
=======
CHR Profile: C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Keeper Web App) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnglfciifmgnafcgkkngkeopldlialb [2015-10-16]
CHR Extension: (YouTube) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifcnoebhbpdndjendfkpehpfbglgfkc [2014-03-14]
CHR Extension: (Google Search) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-04-27]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-06-29]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-28]
CHR Extension: (Store) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmbaalodpmjjhpobkgljnelbpblnikkp [2014-06-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\dcarlson\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2016-06-07] (SUPERAntiSpyware.com)
R2 AcPrfMgrSvc; C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe [133416 2013-10-22] (Lenovo)
R2 AcSvc; C:\Program Files\Lenovo\Access Connections\AcSvc.exe [272680 2013-10-22] (Lenovo)
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
R3 BlackBerry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [22016 2014-02-14] (Box Inc.) [File not signed]
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1240760 2015-04-14] (Microsoft Corporation)
R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [513208 2015-04-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [276288 2012-08-27] (Intel Corporation)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [684144 2015-03-20] (Juniper Networks, Inc.)
S3 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [792592 2016-04-08] (Garmin Ltd. or its subsidiaries)
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [127072 2012-08-24] (Lenovo Group Limited)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [129904 2015-02-10] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [220784 2015-10-16] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [208936 2015-08-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [242408 2015-10-16] (McAfee, Inc.)
S2 Nexthink Service; C:\Windows\system32\nxtsvc.exe [522000 2014-11-17] (Nexthink S.A.)
R2 Nexthink Updater; C:\Windows\system32\nxtupdater.exe [284432 2014-07-08] (Nexthink S.A.)
S3 PwmEWSvc; C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE [1664296 2013-01-09] (Lenovo Group Limited)
R2 RIM MDNS; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [396024 2015-03-19] (Apple Inc.)
R2 RIM Tunnel Service; C:\Program Files\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1355000 2015-05-26] (BlackBerry Limited)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
S3 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [243896 2015-04-14] (Microsoft Corporation)
R2 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client.exe [3402752 2014-12-07] (Snow Software AB) [File not signed]
S4 SplashtopRemoteService; C:\Program Files\Splashtop\Splashtop Remote\SERVER\SRService.exe [790368 2013-09-02] (Splashtop Inc.)
S4 SSUService; C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe [609056 2013-08-07] (Splashtop Inc.)
R2 TPHKLOAD; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [116368 2012-12-18] (Lenovo Group Limited)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [557968 2013-06-19] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-06-19] (Cisco Systems, Inc.)
S3 blackberryncm; C:\Windows\System32\DRIVERS\blackberryncm6.sys [22016 2014-09-08] (BlackBerry)
S3 btwampfl; C:\Windows\system32\drivers\btwampfl.sys [504360 2012-04-01] (Broadcom Corporation.)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx86.sys [31744 2013-04-04] (CSR plc.) [File not signed]
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2013-12-19] (Juniper Networks)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-21] (Intel Corporation)
S3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [315576 2015-10-16] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [59584 2015-10-16] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [269872 2015-10-16] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [79992 2015-10-16] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [380504 2015-10-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [658528 2015-10-16] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [61736 2015-10-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100632 2015-10-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [223520 2015-10-16] (McAfee, Inc.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7517696 2011-08-03] (Intel Corporation)
S1 nxtdrv; C:\Windows\System32\DRIVERS\nxtdrv.sys [210192 2014-11-17] (Nexthink S.A.)
R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2015-04-14] (Microsoft Corporation)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb.sys [68608 2014-05-06] (BlackBerry Limited)
R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14848 2015-03-19] (BlackBerry Limited)
R2 risdxc; C:\Windows\System32\DRIVERS\risdxc86.sys [75264 2011-03-23] (REDC)
S3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114304 2015-06-07] (Power Software Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [38200 2012-10-18] (Synaptics Incorporated)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2013-03-09] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-07-02] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43120 2013-06-19] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\dcarlson\AppData\Local\Temp\catchme.sys [X]
U3 mfeavfk01; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 19:41 - 2016-07-03 19:43 - 00033111 _____ C:\Users\dcarlson\Desktop\FRST.txt
2016-07-02 14:16 - 2016-07-02 14:16 - 00038435 _____ C:\ComboFix.txt
2016-07-02 12:52 - 2016-07-02 12:52 - 00000000 ____D C:\Quarantine
2016-07-02 12:36 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2016-07-02 12:36 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2016-07-02 12:36 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-07-02 12:36 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-07-02 12:36 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-07-02 12:36 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2016-07-02 12:36 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2016-07-02 12:36 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2016-07-02 12:35 - 2016-07-02 14:17 - 00000000 ____D C:\Qoobox
2016-07-02 12:35 - 2016-07-02 14:01 - 00000000 ____D C:\Windows\erdnt
2016-07-01 20:37 - 2016-07-01 20:37 - 05659337 ____R (Swearware) C:\Users\dcarlson\Desktop\ComboFix.exe
2016-07-01 19:23 - 2016-07-01 19:23 - 01610816 _____ (Malwarebytes) C:\Users\dcarlson\Desktop\JRT.exe
2016-07-01 18:19 - 2016-07-01 18:54 - 00000000 ____D C:\AdwCleaner
2016-07-01 15:40 - 2016-07-01 15:41 - 03712064 _____ C:\Users\dcarlson\Desktop\adwcleaner_5.201.exe
2016-07-01 15:30 - 2016-07-01 18:16 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-01 15:30 - 2016-07-01 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-01 15:29 - 2016-07-01 16:58 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-07-01 15:29 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-07-01 15:29 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-07-01 15:24 - 2016-07-01 15:24 - 00001208 _____ C:\Users\dcarlson\Desktop\LEGO Digital Designer.lnk
2016-06-30 12:10 - 2015-10-13 00:50 - 00712640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-06-30 12:07 - 2015-07-15 13:59 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-06-30 12:07 - 2015-07-15 13:54 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-06-30 12:06 - 2015-07-15 13:55 - 01159168 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-06-30 12:03 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-06-30 12:03 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-06-30 12:03 - 2015-10-29 13:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2016-06-30 12:03 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-06-30 12:03 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-06-30 12:03 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-06-30 12:00 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-06-30 12:00 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-06-30 12:00 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-06-30 12:00 - 2015-07-16 11:14 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2016-06-30 11:56 - 2015-08-05 13:41 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-06-30 11:54 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-06-30 11:54 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2016-06-30 11:53 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2016-06-30 11:53 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2016-06-30 11:52 - 2015-10-13 12:31 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-06-30 11:52 - 2015-10-13 12:31 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-06-30 11:49 - 2015-07-14 22:55 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-06-30 11:48 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-30 11:47 - 2015-08-05 13:40 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2016-06-30 11:47 - 2015-08-05 12:58 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2016-06-30 11:47 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2016-06-30 11:47 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2016-06-30 11:46 - 2015-08-06 13:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-30 11:46 - 2015-08-06 13:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-30 11:45 - 2015-07-22 13:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-06-30 11:45 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-06-30 11:45 - 2015-07-22 12:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-06-30 11:31 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-06-30 11:31 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-06-30 11:31 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-06-30 11:31 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-06-30 11:28 - 2015-12-20 14:45 - 02745856 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-06-30 11:28 - 2015-12-20 14:45 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2016-06-30 11:28 - 2015-12-20 12:16 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-06-30 11:25 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-06-30 11:22 - 2016-01-07 13:35 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-06-30 11:03 - 2016-05-12 11:22 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-30 11:03 - 2016-05-12 11:22 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-30 11:03 - 2016-05-12 11:18 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-30 11:03 - 2016-05-12 11:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-30 11:03 - 2016-05-12 10:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-30 11:03 - 2016-05-12 10:52 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-30 11:03 - 2016-05-12 10:52 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-30 11:03 - 2016-05-12 10:52 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-30 11:03 - 2016-05-12 10:52 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-30 11:03 - 2016-05-12 10:52 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-30 11:03 - 2016-05-12 10:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-30 11:03 - 2016-05-12 10:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-30 11:03 - 2016-05-12 10:51 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-30 11:03 - 2016-05-12 10:51 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-30 11:03 - 2016-05-12 09:04 - 00370784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-30 11:03 - 2016-05-12 09:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-30 11:02 - 2016-05-18 12:10 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-30 11:01 - 2016-05-12 10:54 - 02397696 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-30 10:50 - 2016-05-11 11:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-30 10:50 - 2016-05-11 11:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-30 10:50 - 2016-05-11 11:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-30 10:50 - 2016-05-11 11:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-30 10:50 - 2016-05-11 10:52 - 00188928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-30 10:49 - 2016-05-12 11:18 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-30 10:49 - 2016-05-12 11:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-30 10:49 - 2016-05-12 11:18 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-30 10:49 - 2016-05-12 11:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-30 10:49 - 2016-05-12 11:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-30 10:49 - 2016-05-12 11:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-30 10:49 - 2016-05-12 11:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-30 10:49 - 2016-05-12 10:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-30 10:49 - 2016-05-12 10:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-30 10:48 - 2016-05-23 18:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-30 10:48 - 2016-05-21 12:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-30 10:48 - 2016-05-20 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-30 10:48 - 2016-05-20 18:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-30 10:48 - 2016-05-20 17:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-30 10:48 - 2016-05-20 17:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-30 10:48 - 2016-05-20 17:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-30 10:48 - 2016-05-20 17:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-30 10:48 - 2016-05-20 17:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-30 10:48 - 2016-05-20 17:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-30 10:48 - 2016-05-20 17:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-30 10:48 - 2016-05-20 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-30 10:48 - 2016-05-20 17:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-30 10:48 - 2016-05-20 17:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-30 10:48 - 2016-05-20 17:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-30 10:48 - 2016-05-20 17:44 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-30 10:48 - 2016-05-20 17:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-30 10:48 - 2016-05-20 17:36 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-30 10:48 - 2016-05-20 17:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-30 10:48 - 2016-05-20 17:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-30 10:48 - 2016-05-20 17:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-30 10:48 - 2016-05-20 17:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-30 10:48 - 2016-05-20 17:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-30 10:48 - 2016-05-20 17:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-30 10:48 - 2016-05-20 17:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-30 10:48 - 2016-05-20 17:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-30 10:48 - 2016-05-20 17:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-30 10:48 - 2016-05-20 17:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-30 10:48 - 2016-05-20 17:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-30 10:48 - 2016-05-20 17:09 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-30 10:48 - 2016-05-20 17:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-30 10:48 - 2016-05-20 17:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-30 10:48 - 2016-05-20 16:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-30 10:48 - 2016-05-20 16:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-30 10:48 - 2016-05-20 16:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-30 10:46 - 2016-05-13 17:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-30 10:46 - 2016-05-13 17:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-30 10:46 - 2016-05-13 17:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-30 10:46 - 2016-05-13 17:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-30 10:46 - 2016-05-13 17:27 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-30 10:45 - 2016-05-11 11:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-30 10:34 - 2016-06-30 10:34 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lego
2016-06-30 10:33 - 2016-06-30 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lego
2016-06-29 15:16 - 2016-07-02 12:34 - 00000000 ____D C:\Users\dcarlson\AppData\Local\CrashDumps
2016-06-29 14:41 - 2016-07-02 16:11 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-06-29 14:40 - 2016-06-29 14:40 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-29 14:13 - 2016-06-29 14:14 - 19927624 _____ C:\Users\dcarlson\Desktop\RogueKiller.exe
2016-06-29 09:48 - 2016-06-29 09:48 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-21 15:05 - 2016-07-03 19:41 - 00000000 ____D C:\FRST
2016-06-21 15:04 - 2016-06-21 15:04 - 01738240 _____ (Farbar) C:\Users\dcarlson\Desktop\FRST.exe
2016-06-14 12:58 - 2016-06-15 16:06 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\LDCad
2016-06-14 12:58 - 2016-06-14 12:58 - 00001889 _____ C:\Users\dcarlson\Desktop\LPub3D 1.3.4.591.2.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001873 _____ C:\Users\dcarlson\Desktop\LDGlite 1.3.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001859 _____ C:\Users\dcarlson\Desktop\LDView 4.1.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001859 _____ C:\Users\dcarlson\Desktop\LDFind 1.3.5.3.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001841 _____ C:\Users\dcarlson\Desktop\MLCad 3.5.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00001841 _____ C:\Users\dcarlson\Desktop\LDCad 1.5.lnk
2016-06-14 12:58 - 2016-06-14 12:58 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Ing. Michael Lachmann
2016-06-14 12:58 - 2016-06-14 12:58 - 00000000 ____D C:\Users\dcarlson\AppData\Local\LPub3D Software
2016-06-14 12:57 - 2016-06-14 12:57 - 00000000 ____D C:\Users\dcarlson\AppData\Local\Michael Heidemann
2016-06-14 12:47 - 2016-06-14 12:58 - 00000000 ____D C:\Users\Public\Documents\LDraw
2016-06-14 12:47 - 2016-06-14 12:58 - 00000000 ____D C:\Program Files\LDraw
2016-06-14 12:47 - 2016-06-14 12:47 - 00000000 ____D C:\Users\dcarlson\Documents\LDraw
2016-06-14 12:32 - 2016-06-14 12:47 - 00000000 ____D C:\Windows\LDraw
2016-06-08 09:57 - 2016-06-08 09:57 - 00000000 ____D C:\Program Files\iTunes
2016-06-08 09:57 - 2016-06-08 09:57 - 00000000 ____D C:\Program Files\iPod

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-03 19:31 - 2015-06-26 08:20 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA.job
2016-07-03 19:22 - 2013-09-18 14:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-03 19:04 - 2013-11-23 08:40 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-03 18:47 - 2009-07-14 00:34 - 00024032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-03 18:47 - 2009-07-14 00:34 - 00024032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-03 18:04 - 2013-11-23 08:40 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-03 06:30 - 2015-06-26 08:20 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core.job
2016-07-02 16:46 - 2013-03-18 12:58 - 00000532 _____ C:\Windows\SMSCFG.ini
2016-07-02 16:44 - 2015-01-23 11:36 - 00000000 ___RD C:\Users\dcarlson\Dropbox
2016-07-02 16:41 - 2013-03-21 17:42 - 00000000 ___RD C:\Users\dcarlson\Documents\Scanned Documents
2016-07-02 16:41 - 2013-03-21 14:23 - 00000000 ____D C:\Users\dcarlson\Tracing
2016-07-02 16:40 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-02 13:46 - 2009-07-13 22:04 - 00000215 _____ C:\Windows\system.ini
2016-07-02 13:11 - 2009-07-13 22:03 - 87556096 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-07-02 13:11 - 2009-07-13 22:03 - 26476544 _____ C:\Windows\system32\config\SYSTEM.bak
2016-07-02 13:11 - 2009-07-13 22:03 - 05505024 _____ C:\Windows\system32\config\DEFAULT.bak
2016-07-02 13:11 - 2009-07-13 22:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-07-02 13:05 - 2013-03-21 14:20 - 00000000 ____D C:\Users\dcarlson
2016-07-02 13:00 - 2013-03-22 13:31 - 00000000 ____D C:\ProgramData\TEMP
2016-07-02 12:49 - 2013-03-26 12:16 - 00075571 _____ C:\Windows\system32\PCPELog.txt
2016-07-01 19:19 - 2011-06-06 19:47 - 00747760 _____ C:\Windows\system32\perfh00C.dat
2016-07-01 19:19 - 2011-06-06 19:47 - 00747500 _____ C:\Windows\system32\perfh00A.dat
2016-07-01 19:19 - 2011-06-06 19:47 - 00159400 _____ C:\Windows\system32\perfc00A.dat
2016-07-01 19:19 - 2011-06-06 19:47 - 00150506 _____ C:\Windows\system32\perfc00C.dat
2016-07-01 19:19 - 2010-11-20 17:01 - 02572712 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-01 19:19 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\inf
2016-07-01 18:54 - 2015-11-30 11:02 - 00000000 ____D C:\Program Files\Yahoo!
2016-07-01 16:59 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\TAPI
2016-07-01 15:30 - 2014-03-18 17:13 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Malwarebytes
2016-07-01 15:29 - 2014-03-18 17:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-06-30 19:56 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2016-06-30 19:14 - 2009-07-14 00:33 - 00411528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-30 19:12 - 2009-07-13 22:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-06-30 19:05 - 2013-03-22 17:51 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Tools
2016-06-30 19:05 - 2013-03-22 14:38 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-06-30 18:58 - 2013-04-05 12:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-30 18:57 - 2013-03-21 15:33 - 00000000 ____D C:\Users\dcarlson\Documents\Exchange
2016-06-30 17:24 - 2013-03-18 11:22 - 00000912 _____ C:\Windows\system32\config\netlogon.ftl
2016-06-30 16:37 - 2016-06-01 10:59 - 00000000 ____D C:\Program Files\LDD_Manager
2016-06-30 15:53 - 2013-05-02 13:02 - 00000000 ____D C:\Users\dcarlson\AppData\LocalLow\WebEx
2016-06-30 11:07 - 2016-03-18 13:56 - 00000000 ____D C:\Windows\ccmcache
2016-06-30 10:59 - 2013-03-18 16:38 - 00000039 _____ C:\Windows\vbaddin.ini
2016-06-30 10:37 - 2013-03-22 14:38 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Tools
2016-06-29 15:38 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\security
2016-06-29 09:49 - 2015-01-23 11:33 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Dropbox
2016-06-21 14:00 - 2013-04-30 09:54 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\Webex
2016-06-17 13:22 - 2013-03-21 17:42 - 00000000 ____D C:\Users\dcarlson\Documents\Personal
2016-06-17 11:35 - 2016-05-31 17:01 - 00000000 ____D C:\Users\dcarlson\brickstock-cache
2016-06-16 14:24 - 2013-07-15 11:25 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-06-16 14:24 - 2013-03-18 15:53 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-06-16 10:10 - 2013-03-21 16:10 - 00000000 ____D C:\Users\dcarlson\Documents\Clarify
2016-06-15 13:00 - 2016-03-21 15:10 - 00000000 ____D C:\Users\dcarlson\AppData\Roaming\LEGO Company
2016-06-15 12:57 - 2013-03-22 13:31 - 00000000 ____D C:\Program Files\SpywareBlaster
2016-06-14 13:45 - 2016-05-11 11:57 - 00000000 ____D C:\Users\dcarlson\Documents\Lego
2016-06-13 19:31 - 2011-06-06 19:25 - 00400040 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-10 12:04 - 2013-03-21 14:20 - 00000000 ____D C:\Users\dcarlson\AppData\Local\ElevatedDiagnostics
2016-06-08 18:19 - 2015-06-26 08:20 - 00000000 ____D C:\Users\dcarlson\AppData\Local\Dropbox
2016-06-08 14:52 - 2013-03-22 17:18 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-06-08 09:57 - 2013-03-21 18:13 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-06-08 09:47 - 2014-04-21 15:34 - 00000000 ____D C:\Users\dcarlson\AppData\Local\IE Tab
2016-06-07 16:17 - 2014-02-13 10:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-06-07 12:31 - 2016-03-21 15:10 - 00000000 ____D C:\Users\dcarlson\Documents\LEGO Creations
2016-06-03 11:03 - 2016-06-02 10:07 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2016-06-03 02:13 - 2015-12-17 17:32 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2013-03-25 10:40 - 2013-03-25 10:40 - 0053248 _____ () C:\Program Files\MD5_SHA-1 Utility.exe
2013-03-26 17:14 - 2013-03-26 17:14 - 0448512 _____ (OldTimer Tools) C:\Program Files\TFC.exe
2013-05-13 10:03 - 2013-05-13 10:04 - 0000000 _____ () C:\Users\dcarlson\AppData\Roaming\bitlord_log.txt
2013-04-26 11:08 - 2014-07-16 14:33 - 0038483 _____ () C:\Users\dcarlson\AppData\Roaming\Comma Separated Values (DOS).ADR
2013-04-26 10:18 - 2014-01-16 12:31 - 0038487 _____ () C:\Users\dcarlson\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-04-05 14:10 - 2014-01-08 14:30 - 0000616 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.Desktop.Exception.log
2013-04-05 14:08 - 2013-04-05 14:08 - 0001147 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-04-05 14:10 - 2013-04-05 14:10 - 0000000 _____ () C:\Users\dcarlson\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-05-13 10:08 - 2013-05-13 10:08 - 0000218 _____ () C:\Users\dcarlson\AppData\Local\recently-used.xbel
2015-10-30 10:19 - 2016-05-12 11:43 - 0007609 _____ () C:\Users\dcarlson\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\dcarlson\CTX.DAT
C:\Users\dcarlson\en_res.dll
C:\Users\dcarlson\es_res.dll
C:\Users\dcarlson\fr_res.dll
C:\Users\dcarlson\grm_res.dll
C:\Users\dcarlson\it_res.dll
C:\Users\dcarlson\jp_res.dll
C:\Users\dcarlson\mfc80u.dll
C:\Users\dcarlson\msvcr80.dll
C:\Users\dcarlson\PCPE Setup.exe
C:\Users\dcarlson\pt_res.dll
C:\Users\dcarlson\ru_res.dll
C:\Users\dcarlson\zh_res.dll


Some files in TEMP:
====================
C:\Users\dcarlson\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-17 00:21

==================== End of FRST.txt ============================

 

Here is the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-06-2016 01
Ran by DCarlson (2016-07-03 19:44:16)
Running from C:\Users\dcarlson\Desktop
Microsoft Windows 7 Enterprise Service Pack 1 (X86) (2013-03-18 15:24:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-963794469-864693218-885105118-500 - Administrator - Enabled) => C:\Users\Administrator
CMPC_User (S-1-5-21-963794469-864693218-885105118-1001 - Administrator - Enabled) => C:\Users\CMPC_User
Guest (S-1-5-21-963794469-864693218-885105118-501 - Limited - Disabled)
IT_Admin (S-1-5-21-963794469-864693218-885105118-1002 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Akamai) (Version: - Akamai Technologies, Inc)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.3 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AT&T Connect Participant Application v9.0.82 (HKLM\...\{1F3A6960-8470-4C84-820C-EBFFAF4DA580}) (Version: 9.0.82 - AT&T Inc.)
BBSAK (HKLM\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
BlackBerry 10 Desktop Software (Blend, Link, Drivers) (HKLM\...\{c33e77db-89b5-4abf-a1d1-97f8b35347e1}) (Version: 1.2.0.52 - BlackBerry)
BlackBerry Blend (Version: 1.2.0.50 - BlackBerry Ltd.) Hidden
BlackBerry Communication Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Drivers (Version: 8.0.0.143 - BlackBerry Ltd.) Hidden
BlackBerry Link (Version: 1.2.4.39 - BlackBerry) Hidden
BlackBerry Link Remover (Version: 1.2.4.0 - BlackBerry Ltd.) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Box Sync (HKLM\...\{24F228C2-3505-49FC-A53F-4D39FAB3F32D}) (Version: 4.0.4758.0 - Box, Inc.)
Box Sync (Version: 4.0.7571.0 - Box Inc.) Hidden
BrickStock (HKLM\...\{6BEDCBFA-B948-4B32-8A0E-23FD541EE11E}) (Version: 1.2.11 - brickstock.patrickbrans.com)
Brother MFL-Pro Suite MFC-7820N (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CadStd (HKLM\...\CadStd) (Version: 3.7.4 - Apperson & Daughters)
Cisco AnyConnect Secure Mobility Client (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04059 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04059 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM\...\{A9E5526A-ADE4-4B13-A76B-59C3B4A31D4B}) (Version: 28.10.0.16277 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
Clarify + ADS Add-on (HKLM\...\Clarify_ADS) (Version: 6.0.1.19 - CompuCom Systems, Inc.)
ClarifyCRM 6.0.1.19 Client for Oracle (HKLM\...\{EC759F47-D73E-4987-A857-3E6070737453}) (Version: 6.0 - )
Collectorz.com Book Collector (HKLM\...\Collectorz.com Book Collector) (Version: - )
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.5 - Conexant)
Configuration Manager Client (Version: 5.00.8239.1000 - Microsoft Corporation) Hidden
Cool Timer 4.9.1 (HKLM\...\Cool Timer_is1) (Version: - Harmony Hollow Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Dropbox) (Version: 5.4.24 - Dropbox, Inc.)
Dukto R6 (HKLM\...\{386C0311-B146-4CE0-89E5-8469A3583156}}_is1) (Version: R6 - Emanuele Colombo)
Elevated Installer (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Eraser 6.0.10.2620 (HKLM\...\{A45C5EC7-F13E-4414-99BE-47373935C0FE}) (Version: 6.0.2620 - The Eraser Project)
FileZilla Client 3.8.0 (HKLM\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
Flip (HKLM\...\{DF49D66D-D2D3-46DA-878B-F0BFC7795276}) (Version: 1.0.2.14 - Belkin Corporation)
FreeFileSync 5.15 (HKLM\...\FreeFileSync) (Version: 5.15 - Zenju)
FVD Converter 1.0.2 (HKLM\...\FVD Converter_is1) (Version: - flashvideodownloader.org)
Garmin BaseCamp (HKLM\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.10 (HKLM\...\{FCDB42FC-A70B-4041-877F-D73E16DE4345}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM\...\{2639b4f0-83b4-4f3d-942f-e4ba22a40b9b}) (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.1.19.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM\...\{F0D44E64-51EE-4888-A1FD-F13108B75A43}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToMeeting 5.9.0.1216 (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\GoToMeeting) (Version: 5.9.0.1216 - CitrixOnline)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IPCWebComponents 3.0.0.1 (HKLM\...\{4740E1B2-51CF-4083-8976-D6B3B5A5064F}_is1) (Version: 3.0.0.1 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{7C14EFF4-6BD4-4398-AF8D-41F40F8D71F1}) (Version: 12.4.1.6 - Apple Inc.)
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Juniper Networks Host Checker (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Neoteris_Host_Checker) (Version: 8.0.10.35099 - Juniper Networks)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.23727 - Juniper Networks)
Juniper Networks Network Connect 8.0 (HKLM\...\Juniper Network Connect 8.0) (Version: 8.0.10.35099 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-415762479-31080894-1349916565-56332\...\Juniper_Setup_Client) (Version: 8.0.10.54879 - Juniper Networks)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
LDraw All-In-One-Installer 2015-02 (HKLM\...\LDraw2015-02) (Version: 2015-02 - LDraw.org)
LEGO Digital Designer (HKLM\...\New LEGO Digital Designer) (Version: - LEGO A/S)
Lenovo Patch Utility (HKLM\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Agent (HKLM\...\{76473CBB-FE8D-4E3A-9591-CD6EFB621063}) (Version: 4.8.0.1938 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.06000 - McAfee, Inc.)
Message Center Plus (HKLM\...\{2378B277-5261-4E0F-B5EC-BDFC080D598E}) (Version: 3.4.0001.00 - Lenovo Group Limited)
MetaFrame Presentation Server Web Client for Win32 (HKLM\...\Citrix ICA Web Client) (Version: - )
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM\...\Office14.AccessRT) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4498 - Microsoft Corporation)
Microsoft Money 2004 (HKLM\...\{1D643CD0-4DD6-11D7-A4E0-000874180BB3}) (Version: 12.0.120 - Microsoft)
Microsoft Money 2004 System Pack (HKLM\...\{8C64E149-54BA-11D6-91B1-00500462BE80}) (Version: 12.0.120 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 45.1.1.5990 - Mozilla)
Mozilla Thunderbird 45.1.1 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 45.1.1 (x86 en-GB)) (Version: 45.1.1 - Mozilla)
Nexthink Collector (HKLM\...\{926B5872-F9C3-4795-902D-B32FF75DCB67}) (Version: 5.2.08000 - Nexthink S.A.)
Nexthink Updater (HKLM\...\{89688D5A-2BD9-4697-BCEA-F0B0F1A50A4A}) (Version: 5.2.00066 - Nexthink S.A.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Oracle Data Provider for .NET Help (HKLM\...\{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}) (Version: 11.1.0600 - Oracle Corporation)
PL/SQL Developer (HKLM\...\PL/SQL Developer [80687277]) (Version: - )
Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.40 - )
PowerChute Personal Edition 3.0.2 (HKLM\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PowerISO (HKLM\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Qlock Pro (HKLM\...\Qlock) (Version: - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Secunia PSI (3.0.0.6005) (HKLM\...\Secunia PSI) (Version: 3.0.0.6005 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Snow Inventory Client (HKLM\...\{6346017B-CA2F-44BC-9A0D-055FADE7C9EF}) (Version: 3.7.02 - Snow Software AB)
Splashtop Software Updater (HKLM\...\Splashtop Software Updater) (Version: 1.5.6.14 - Splashtop Inc.)
Splashtop Streamer (HKLM\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 2.4.5.2 - Splashtop Inc.)
SpywareBlaster 5.5 (HKLM\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
System Information Reporter (HKLM\...\{36CD0606-5C32-457A-B3CA-40B8EBD04689}) (Version: 1.0.0.204 - McAfee)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Access Connections (HKLM\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.11 - Lenovo)
WebEx Productivity Tools (HKLM\...\{DC31712E-3457-42E8-BAD9-B5E073FAFA26}) (Version: 2.40.8001.10013 - Cisco WebEx LLC)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version: - Wisdom Software Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{795B06EA-58E8-482C-AF11-A7E4E34DA16F}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{7A162288-DE78-473C-A6BA-23FF17F768E9}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1216\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{8CC82228-2200-4D22-9859-B762582F6D31}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\InstallDetect8557.OCX (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{E169D2B5-9411-47B9-A473-345A3FB57090}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\ATT Connect\Participant\AxWebInstaller8750.ocx (Interwise)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-415762479-31080894-1349916565-56332_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\dcarlson\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AC4F465-9A3C-4347-9F78-90C69C688F02} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)
Task: {0F04EFED-C352-42F0-A8B2-9ED8317DAF37} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {0F106BD9-AED8-4AE0-BA87-2AD579F74D13} - System32\Tasks\{4456B143-1F5A-4703-9446-C860A58E6978} => pcalua.exe -a "C:\Users\dcarlson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7OH2KH9\JavaSetup8u65.exe" -d C:\Users\dcarlson\Desktop
Task: {1425240F-3062-4FC0-9683-33663F4B9244} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {17C64809-494B-4DB1-9B65-9827A0F9F720} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {2140C494-E984-409D-A9B1-D78FF0A172FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {26C282E8-8A2C-423D-A04F-A92CE581768E} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-04-08] ()
Task: {3A5938D4-1DD1-4DA2-B808-401CF6CE5EC2} - System32\Tasks\{83E6F0F8-52C5-428B-9D76-BB91AF007DA7} => pcalua.exe -a C:\Users\dcarlson\Desktop\Windows-KB841290-x86-ENU.exe -d C:\Users\dcarlson\Desktop
Task: {5CB69242-2794-4616-9A1C-96064358EDF6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7B9E480A-2F9F-4CC9-84B8-6D381B140F10} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7C4C1872-D156-4F76-B69A-AEB935379C1B} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2013-01-09] (Lenovo Group Limited)
Task: {89434955-0163-4DC6-BE9A-E086E0774BF2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-16] (Adobe Systems Incorporated)
Task: {8ABFF4C5-7D8C-451D-B7EA-A42A5FB5A5ED} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9B6F2090-B636-4F72-BB34-C61D08AD9611} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {B1257EDB-E25D-48E0-819D-72D90C9B996C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-26] (Dropbox, Inc.)
Task: {B490AB66-CEA1-4EF3-9016-490E6F3A8FCA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-04-14] (Microsoft Corporation)
Task: {C0861AFE-F176-43EB-8A1F-CDDFA0A8F246} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {CBF42251-2F6F-4174-B664-618FC23D456D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {E77DB122-0E92-479E-AD69-93770C7E9790} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {FF083A89-8F10-493D-A2A2-B065CD827142} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332Core.job => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-415762479-31080894-1349916565-56332UA.job => C:\Users\dcarlson\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-06-19 11:00 - 2013-06-19 11:00 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 01047864 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2016-05-19 15:28 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-05-02 13:38 - 2002-11-26 14:43 - 00106496 ____N () C:\Windows\system32\BrMuSNMP.dll
2013-10-22 17:19 - 2013-10-22 17:19 - 00092456 _____ () C:\Program Files\Lenovo\Access Connections\AcWrpc.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 00094208 _____ () C:\Program Files\Common Files\Research In Motion\Tunnel Manager\libxpmux.dll
2013-03-22 19:50 - 2013-01-09 07:40 - 00084480 ____N () C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
2014-03-28 05:35 - 2014-03-28 05:35 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2011-03-07 04:07 - 2011-03-07 04:07 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-03-19 12:22 - 2015-03-19 12:22 - 00094208 _____ () C:\Program Files\Common Files\Research in Motion\Tunnel Manager\libxpmux.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2016-06-29 14:07 - 2016-06-23 11:08 - 01747784 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.106\libglesv2.dll
2016-06-29 14:07 - 2016-06-23 11:07 - 00093512 _____ () C:\Program Files\Google\Chrome\Application\51.0.2704.106\libegl.dll
2016-06-29 09:48 - 2016-05-25 13:03 - 00034768 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-06-29 09:47 - 2016-05-25 13:03 - 00134088 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-06-29 09:47 - 2016-05-25 13:04 - 00019408 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-06-29 09:47 - 2016-05-25 13:03 - 00116688 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-06-29 09:48 - 2016-05-25 13:03 - 00093640 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-06-29 09:48 - 2016-05-25 13:03 - 00018376 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\select.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00019760 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00105928 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-06-29 09:47 - 2016-05-25 13:03 - 00392144 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-06-29 09:48 - 2016-06-13 16:13 - 00381752 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-06-29 09:48 - 2016-05-25 13:03 - 00692688 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00020816 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-06-29 09:48 - 2016-05-25 13:04 - 00123856 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 01682760 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00020808 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00021840 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00052024 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00038696 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-06-29 09:47 - 2016-05-25 13:05 - 00020936 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00024528 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00114640 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00124880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00021832 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00024016 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00175560 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00030160 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00043472 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00048592 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00023872 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00026456 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00057808 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00024016 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00246592 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00028616 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00020800 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00019776 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00020800 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-06-29 09:48 - 2016-05-25 13:03 - 00134608 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2016-06-29 09:47 - 2016-05-25 13:04 - 00240584 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00020280 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00023376 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00350152 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00022352 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00024392 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-06-29 09:47 - 2016-05-25 13:05 - 00036296 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\librsync.dll
2016-06-29 09:47 - 2016-06-13 16:13 - 00084280 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-06-29 09:47 - 2016-06-13 16:13 - 01826096 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-06-29 09:48 - 2016-05-25 13:04 - 00083912 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\sip.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 03928880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 01971504 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00531248 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00132912 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00223544 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00207672 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-06-29 09:48 - 2016-05-25 13:05 - 00060880 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-06-29 09:48 - 2016-06-13 16:13 - 00024904 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00546096 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-06-29 09:47 - 2016-06-13 16:13 - 00357680 _____ () C:\Users\dcarlson\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2012-04-02 23:06 - 2012-04-02 23:06 - 04142080 _____ () C:\Program Files\Qlock\qlock.exe
2015-05-20 13:00 - 2015-05-20 13:00 - 00688888 _____ () C:\Program Files\Common Files\Research In Motion\nginx\nginx.exe