Windows Update mess, black screen of death when running any restore/repair options

Carey · May 26, 2015

When rebooting after running Windows Update I got an error message and my computer went into Startup Repair, which said that Chkdsk needed to be run. Chkdsk started deleting some files and then went to a black screen. Further attemps to reboot go directly to Chkdsk, which goes to a black screen. Every attempt to repair/restore I have tried so far (repair my computer autofix, system restore, last known good configuration, safe mode) all result in a black screen after a minute or two. I finally realized that I can sometimes (but not always) boot into Windows by bypassing Chkdsk when it starts to run, but then I have other issues...explorer.exe is slow and buggy, svchost.exe using up to 3,500,000k of memory. I'm in over my head and help would be greatly appreciated thank you.

SFCFix version 2.4.3.0 by niemiro.
Start time: 2015-05-26 15:49:50.819
Microsoft Windows 7 Service Pack 1 - amd64
Not using a script file.

AutoAnalysis::
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_11.2.9600.17691_none_a819cbbe7390ae17.
FAILED: Could not repair missing store directory C:\Windows\winsxs\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.1.7601.18798_none_2515ee898f4a57d0 with error code 0x570.
FIXED: Successfully repaired missing store directory C:\Windows\winsxs\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3d8bb37f97ba22ff.

SUMMARY: All detected corruptions were successfully repaired.
AutoAnalysis:: directive completed successfully.

Successfully processed all directives.
SFCFix version 2.4.3.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2015-05-26 15:59:01.719
----------------------EOF-----------------------

CBS Log
View attachment 12682

BrianDrab · May 31, 2015

Hi and welcome to Sysnative. It looks like you started having major problems at least back to 5/20/2015.

Code:

2015-05-20 00:04:26, Error                 CBS    Failed to load offline store from boot directory: '\\?\T:\' and windows directory: '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\' [HRESULT = 0x80070570 - ERROR_FILE_CORRUPT]
2015-05-20 00:04:26, Error                 CBS    Failed to initialize store parameters with boot drive: T: and windows directory: [URL="file://\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\"]\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3\Windows\[/URL] [HRESULT = 0x80070570 - ERROR_FILE_CORRUPT]

This may be more of a hardware issue at this point than a Windows Update issue but since it's been a few days please let me know what the status is of your machine.

Carey · May 31, 2015

Hello Brian, thank you. Yes I had been trying to resolve the problem myself before seeking help.

The problem started with the batch of updates at the end of April (the last batch of updates successfully installed was on 20 April). The next time I attempted to run Updates (following week, although I don't always run them on Tuesdays, I wait until I have time to watch it run) it wouldn't boot into windows and I did a system restore. I got busy with life and didn't have time to try updates again until a few weeks later, but during those weeks the machine was rebooted successfully multiple times. It wasn't until I again attempted to run the updates, thinking that maybe the last time was fluke, that once again my machine would not boot into windows.

I haven't done anything since posting here for help because I didn't want to do anything that might affect the logs until after someone had a chance to review them. I haven't even tried rebooting.

It is a fairly new HD (less than a year old) and was fine when I scanned it a few weeks before having this problem. I know that doesn't mean much, but the timing of the problem led me to believe it's a problem with the Update from the end of April because it only happened when I attempted to run that Update?

BrianDrab · May 31, 2015

We'll take a look. Can you tell me what the date/time of the files are in the following location?

C:\windows\system32\config\RegBack

Carey · May 31, 2015

Default, Sam, Security, Software and System are 5/24/2015 at 1:16 and 1:17am
They each have a .log1 and .log2 file dated 7/19/2011 at 10:49pm

BrianDrab · May 31, 2015

You may want to make a copy of these 5 files and put them somewhere in case we need them. We don't want them to accidentally get overwritten. Don't worry about the .log files.

After that, please do the following.

Step#1 - FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

Carey · May 31, 2015

Please excuse my ignorance but I can't figure out how to make a copy of the files to an external drive, I get an error message that they are in use??

BrianDrab · May 31, 2015

Ahh, you are correct. We can't copy them direct that way and I don't want to have to reboot to do it. Ignore that step and we'll take care of it later. Go ahead and do the FRST Scan. Thanks.

Carey · May 31, 2015

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Lori (administrator) on LORI-PC on 31-05-2015 13:31:21
Running from C:\Users\Lori\Downloads
Loaded Profiles: Lori (Available Profiles: Lori)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Starfield Technologies, Inc.) C:\Program Files (x86)\Starfield\offSyncService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Nalpeiron Ltd.) C:\WINDOWS\SysWOW64\nlssrv32.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe
(Google Inc.) C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Starfield Technologies, Inc.) C:\Users\Lori\AppData\Local\Starfield\wben.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Akamai Technologies, Inc.) C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Akamai Technologies, Inc.) C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
() C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\SysWOW64\cmd.exe
() C:\Program Files (x86)\Google\Drive\nativeproxy.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Farbar) C:\Users\Lori\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-11-18] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-10] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [Google Update] => C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-18] (Google Inc.)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [Starfield Updater] => C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe [33984 2011-07-20] ()
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [wben] => C:\Users\Lori\AppData\Local\Starfield\wben.exe [1074384 2010-11-08] (Starfield Technologies, Inc.)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [LightShot] => C:\Users\Lori\AppData\Local\Skillbrains\lightshot\Lightshot.exe
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Lori\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\MountPoints2: {5882b14c-0ea6-11e2-9ea3-842b2b9df812} - J:\TL-Bootstrap.exe
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\MountPoints2: {736f5653-17cb-11e2-b51d-842b2b9df812} - J:\TL-Bootstrap.exe
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\MountPoints2: {ba248cbd-2524-11e2-bdbe-806e6f6e6963} - K:\TL-Bootstrap.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-10] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk [2011-08-19]
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Spyder3Utility.lnk [2011-07-26]
ShortcutTarget: Spyder3Utility.lnk -> C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-09-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-09-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-09-23]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2011-07-19]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2012-03-29]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = msn
HKU\S-1-5-21-38544632-2117033096-1779847156-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = msn
URLSearchHook: HKU\S-1-5-21-38544632-2117033096-1779847156-1001 - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM -> DefaultScope {170406DB-4449-4C57-9603-7D87CBC7395E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {170406DB-4449-4C57-9603-7D87CBC7395E} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {3A35F43F-CF3A-4C0E-BFEE-640D107FD412} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {3A35F43F-CF3A-4C0E-BFEE-640D107FD412} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-38544632-2117033096-1779847156-1001 -> DefaultScope {170406DB-4449-4C57-9603-7D87CBC7395E} URL =
SearchScopes: HKU\S-1-5-21-38544632-2117033096-1779847156-1001 -> {3A35F43F-CF3A-4C0E-BFEE-640D107FD412} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2013-05-22] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2011-05-13] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-30] (Oracle Corporation)
BHO-x32: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKU\S-1-5-21-38544632-2117033096-1779847156-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-03] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-10-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-30] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-06-16] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-03] (Adobe Systems)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Lori\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @starfield.com/off -> C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npoff.dll [2011-07-20] ( Starfield Technologies, Inc.)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @starfield.com/wbe -> C:\Users\Lori\AppData\Roaming\Mozilla\Plugins\npwbe.dll [2011-07-20] (Starfield Technology, Inc.)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @talk.google.com/O1DPlugin -> C:\Users\Lori\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-38544632-2117033096-1779847156-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lori\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lori\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Lori\AppData\Roaming\mozilla\plugins\npoff.dll [2011-07-20] ( Starfield Technologies, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lori\AppData\Roaming\mozilla\plugins\npwbe.dll [2011-07-20] (Starfield Technology, Inc.)
FF Extension: WBE Paste - C:\Users\Lori\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2011-07-20]
FF Extension: Web-Based Email Zoom - C:\Users\Lori\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2011-07-20]
FF Extension: MWAddon Client - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\mwaddonclient@mwaddon.com [2015-05-14]
FF Extension: TinyURL Generator - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2012-11-17]
FF Extension: YesScript - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\yesscript@userstyles.org.xpi [2013-09-01]
FF Extension: Web Developer - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-08-30]
FF Extension: Dirt Farmer's Click Trap Remover & UCut.it URL Shortner - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\{CBC19BCA-AD23-486D-BF24-37C4F13C431C}.xpi [2015-02-14]
FF Extension: Adblock Plus - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-24]
FF Extension: Greasemonkey - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\q99vp84n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-03]
FF Extension: MWAddon Client - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\vo7dkq1c.New\Extensions\mwaddonclient@mwaddon.com [2014-08-01]
FF Extension: No Name - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\vo7dkq1c.New\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-03-07]
FF Extension: No Name - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\vo7dkq1c.New\Extensions\{CBC19BCA-AD23-486D-BF24-37C4F13C431C}.xpi [2014-03-07]
FF Extension: No Name - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\vo7dkq1c.New\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-08-01]
FF Extension: MWAddon Client - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\bvwl8452.KamiAccount_PX\Extensions\mwaddonclient@mwaddon.com [2014-08-01]
FF Extension: No Name - C:\Users\Lori\AppData\Roaming\Mozilla\Firefox\Profiles\bvwl8452.KamiAccount_PX\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-08-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-04-09]
CHR Extension: (Angry Birds) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-04-09]
CHR Extension: (Google Drive) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-07]
CHR Extension: (Web Developer) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2013-04-09]
CHR Extension: (Click Trap Remover, Shortlinker and POD post) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpgpnhpamnbamgbpdhegjehippjdgd [2013-04-09]
CHR Extension: (YouTube) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-02]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2013-04-09]
CHR Extension: (Autoplayer for Mafia Wars (Facebook)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgagpckjofhomehafhognmangbjdiaap [2013-04-09]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2012-11-16]
CHR Extension: (Google Search) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-02]
CHR Extension: (Search by Image (by Google)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-04-09]
CHR Extension: (Exif Viewer) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\degoicjbkidnmcfidnohffepopnhhpkk [2013-04-09]
CHR Extension: (Circloscope Free (Inactives+)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhcfgcecigkknnimiljlbcjmnbeeodhl [2013-04-09]
CHR Extension: (Tampermonkey) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-04-09]
CHR Extension: (Context Menu URL Shortener) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecehogjcciopmihcocdchiaciibinajf [2013-04-09]
CHR Extension: (Click Trap Remover And Shortlinker) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbjnnkbagjpofgaljnneciaeihcnogno [2013-04-09]
CHR Extension: (Bookmark Manager) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2013-04-09]
CHR Extension: (Search Assistant) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn [2012-09-17]
CHR Extension: (Spockholm Mafia Toolbar) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmnlgpakocffbjcgfibfdmgmfhjgepni [2013-04-09]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-19]
CHR Extension: (Mafia Wars Addon) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2013-04-09]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-15]
CHR Extension: (ChromeReload) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\njoipeaphfnaplplihpbgndfojhdhmjo [2013-04-09]
CHR Extension: (Google Wallet) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-04-09]
CHR Extension: (MonitorTab) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ognampngfcbddbfemdapefohjiobgbdl [2013-04-09]
CHR Extension: (Blog This!) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pengoopmcjnbflcjbmoeodbmoflcgjlk [2013-04-09]
CHR Extension: (Evernote Web Clipper) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-04-09]
CHR Extension: (Gmail) - C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-02]
CHR HKU\S-1-5-21-38544632-2117033096-1779847156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Lori\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-03]
CHR HKU\S-1-5-21-38544632-2117033096-1779847156-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Lori\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe [56648 2015-03-08] (Google Inc.)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201424 2015-01-30] (Dell Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 File Backup; C:\Program Files (x86)\Starfield\offSyncService.exe [1215216 2011-02-02] (Starfield Technologies, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708104 2015-04-10] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [88576 2011-09-15] () [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-02-19] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-02-24] (REALiX(tm))
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2010-03-30] ()
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-03-13] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-03-13] (Acronis)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-04-25] (Apple, Inc.) [File not signed]
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-03-13] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 13:31 - 2015-05-31 13:33 - 00038168 _____ () C:\Users\Lori\Downloads\FRST.txt
2015-05-31 13:21 - 2015-05-31 13:21 - 02108928 _____ (Farbar) C:\Users\Lori\Downloads\FRST64 (1).exe
2015-05-30 22:34 - 2015-05-31 12:13 - 00000632 _____ () C:\Windows\Tasks\G2MUploadTask-S-1-5-21-38544632-2117033096-1779847156-1001.job
2015-05-30 22:34 - 2015-05-30 22:34 - 00003658 _____ () C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-38544632-2117033096-1779847156-1001
2015-05-27 07:16 - 2015-05-27 07:16 - 00000000 ____D () C:\Users\Lori\Downloads\M4A104 (1)
2015-05-27 07:15 - 2015-05-27 07:16 - 05687700 _____ () C:\Users\Lori\Downloads\M4A104 (1).zip
2015-05-27 07:11 - 2015-05-27 07:11 - 00000000 ____D () C:\Windows\LastGood
2015-05-27 06:59 - 2015-05-27 07:25 - 00000000 ____D () C:\RMS Express
2015-05-27 06:59 - 2015-05-27 06:59 - 00002557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RMS Express.lnk
2015-05-27 06:59 - 2015-05-27 06:59 - 00002545 _____ () C:\Users\Public\Desktop\RMS Express.lnk
2015-05-27 06:56 - 2015-05-27 06:56 - 00000000 ____D () C:\Users\Lori\Downloads\rms_express_install_1-3-3-0
2015-05-27 06:52 - 2015-05-27 06:54 - 13582628 _____ () C:\Users\Lori\Downloads\rms_express_install_1-3-3-0.zip
2015-05-27 06:45 - 2015-05-27 06:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_silabser_01009.Wdf
2015-05-27 06:31 - 2015-05-27 06:33 - 03837952 _____ () C:\Users\Lori\Downloads\CP210x_VCP_Windows (1).zip
2015-05-26 16:01 - 2015-05-26 16:47 - 00000000 ____D () C:\Users\Lori\Desktop\CBS
2015-05-26 16:01 - 2015-05-26 16:01 - 26453432 _____ () C:\Users\Lori\Desktop\CBS.zip
2015-05-26 15:59 - 2015-05-26 15:59 - 00002064 _____ () C:\Users\Lori\Desktop\SFCFix.txt
2015-05-26 15:59 - 2015-05-26 15:59 - 00000000 ____D () C:\SFCFix
2015-05-26 15:49 - 2015-05-26 15:59 - 00000000 ____D () C:\Users\Lori\AppData\Local\niemiro
2015-05-26 15:32 - 2015-05-26 15:33 - 01317376 _____ (niemiro) C:\Users\Lori\Downloads\SFCFix.exe
2015-05-17 20:58 - 2015-05-17 20:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 23:13 - 2015-05-16 23:13 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-16 22:26 - 2015-05-16 22:26 - 00015732 _____ () C:\Users\Lori\Desktop\DL_Android.txt
2015-05-16 22:26 - 2015-05-16 22:26 - 00001412 _____ () C:\Users\Lori\Desktop\DL_iOS.txt
2015-05-16 22:25 - 2015-05-16 22:25 - 00000622 _____ () C:\Users\Lori\Desktop\GDT.txt
2015-05-12 15:56 - 2015-05-12 15:57 - 00347816 _____ (Microsoft Corporation) C:\Users\Lori\Downloads\MicrosoftFixit.WinFileFolder.RNP.10834101141449465.14.1.Run.exe
2015-05-12 15:37 - 2015-05-26 17:30 - 00157696 ___SH () C:\Users\Lori\Documents\Thumbs.db
2015-05-11 16:05 - 2015-05-11 16:05 - 00001879 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2015-05-11 16:05 - 2015-05-11 16:05 - 00001867 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2015-05-11 16:05 - 2015-05-11 16:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-05-11 16:05 - 2015-05-11 16:05 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2015-05-08 12:57 - 2015-05-08 12:57 - 00000000 __SHD () C:\found.000

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-31 13:32 - 2014-03-12 06:22 - 00000000 ____D () C:\FRST
2015-05-31 13:32 - 2009-07-13 22:10 - 01931690 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 13:29 - 2011-07-21 20:09 - 00000000 ____D () C:\PX
2015-05-31 13:28 - 2011-07-20 19:08 - 00000000 ____D () C:\CrazyLori
2015-05-31 13:23 - 2015-03-09 18:03 - 00000536 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-38544632-2117033096-1779847156-1001.job
2015-05-31 13:23 - 2011-07-20 10:28 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA.job
2015-05-31 13:20 - 2012-04-06 17:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 13:15 - 2011-08-01 19:58 - 00000386 _____ () C:\Windows\Tasks\update-sys.job
2015-05-31 12:40 - 2011-09-15 06:53 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-31 11:37 - 2011-08-01 19:58 - 00000386 _____ () C:\Windows\Tasks\update-S-1-5-21-38544632-2117033096-1779847156-1001.job
2015-05-31 03:41 - 2011-07-20 12:44 - 00536391 _____ () C:\Users\Lori\Documents\WorkspaceUpdate.log
2015-05-31 02:23 - 2011-07-20 10:28 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core.job
2015-05-31 02:01 - 2014-08-18 02:00 - 00000000 ____D () C:\Users\Lori\AppData\Local\Adobe
2015-05-31 01:01 - 2011-09-20 16:49 - 00324509 _____ () C:\Windows\offSyncService.log
2015-05-30 22:34 - 2015-03-09 18:03 - 00003562 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-38544632-2117033096-1779847156-1001
2015-05-30 19:40 - 2011-09-15 06:53 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 17:49 - 2014-01-24 17:22 - 00247812 _____ () C:\Users\Lori\Documents\PerfectEffectsConduit.log
2015-05-28 17:49 - 2014-01-24 17:22 - 00070298 _____ () C:\Users\Lori\Documents\GenuineFractalsConduit.log
2015-05-28 15:58 - 2015-02-11 15:57 - 00000426 _____ () C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job
2015-05-27 07:26 - 2009-07-13 22:13 - 00006450 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-27 07:24 - 2010-09-23 08:23 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-05-27 07:06 - 2015-02-09 15:02 - 00004459 _____ () C:\Windows\setupact.log
2015-05-27 06:51 - 2009-07-13 21:45 - 00026784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-27 06:51 - 2009-07-13 21:45 - 00026784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-27 06:35 - 2012-10-17 10:04 - 00065922 _____ () C:\Windows\DPINST.LOG
2015-05-26 19:52 - 2012-05-02 16:53 - 00000000 ____D () C:\Users\Lori\Documents\Bill's Resume
2015-05-25 16:40 - 2013-04-09 13:15 - 00002362 _____ () C:\Users\Lori\Desktop\Google Chrome.lnk
2015-05-21 12:52 - 2014-07-19 21:02 - 00000000 ____D () C:\Users\Lori\Downloads\MIA_pics
2015-05-20 12:55 - 2011-11-04 22:34 - 00001578 _____ () C:\Users\Lori\Documents\wben.log
2015-05-18 09:39 - 2012-09-02 21:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 07:54 - 2012-04-08 13:29 - 00000000 ___RD () C:\Users\Lori\Dropbox
2015-05-16 23:16 - 2014-10-13 11:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 23:11 - 2012-04-08 13:27 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Dropbox
2015-05-16 23:10 - 2012-04-24 10:04 - 00000000 ___RD () C:\Users\Lori\Google Drive
2015-05-16 23:08 - 2015-02-23 14:41 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-05-16 23:08 - 2010-09-23 08:45 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2015-05-16 23:08 - 2010-09-23 08:45 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2015-05-16 23:08 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 19:35 - 2011-09-15 06:53 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 19:35 - 2011-09-15 06:53 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 02:18 - 2011-07-20 10:28 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA
2015-05-15 02:18 - 2011-07-20 10:28 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core
2015-05-12 16:05 - 2011-09-20 16:50 - 00276348 _____ () C:\Windows\PFRO.log
2015-05-11 17:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-11 16:15 - 2014-07-22 00:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-11 16:14 - 2014-07-22 00:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-11 16:14 - 2014-07-22 00:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-11 16:14 - 2012-02-01 11:01 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-11 15:37 - 2012-04-08 13:29 - 00001017 _____ () C:\Users\Lori\Desktop\Dropbox.lnk
2015-05-11 15:37 - 2012-04-08 13:27 - 00000000 ____D () C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-08 14:56 - 2011-07-19 21:03 - 00000000 ____D () C:\Users\Lori
2015-05-08 11:09 - 2014-12-11 08:32 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-08 11:09 - 2014-05-01 13:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-08 11:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-08 11:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2015-05-08 11:09 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-06 13:50 - 2011-07-21 07:31 - 00000000 ____D () C:\ProgramData\onOne Software
2015-05-06 13:50 - 2011-07-21 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\onOne Software
2015-05-06 13:46 - 2011-10-04 15:08 - 00000000 ____D () C:\Program Files\onOne Software
2015-05-06 13:46 - 2011-07-21 07:31 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2015-05-06 00:39 - 2012-04-24 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-02 09:28 - 2011-07-21 20:07 - 00000000 ____D () C:\Will

==================== Files in the root of some directories =======

2013-10-09 10:17 - 2013-10-09 10:17 - 0102000 _____ (Seagate Technology) C:\Program Files\DiscApi.dll
2013-02-27 09:45 - 2013-02-27 09:45 - 0013616 _____ () C:\Program Files\General.xss
2012-10-18 13:52 - 2012-10-18 13:52 - 0009440 _____ () C:\Program Files\IScanATA.xss
2013-08-30 10:21 - 2013-08-30 10:21 - 0180776 _____ () C:\Program Files\LoaderATA.xss
2013-08-30 10:21 - 2013-08-30 10:21 - 0120296 _____ () C:\Program Files\LoaderSCSI.xss
2012-11-29 10:31 - 2012-11-29 10:31 - 0117352 _____ () C:\Program Files\LoaderUSB.xss
2013-04-23 15:22 - 2013-04-23 15:22 - 0562718 _____ () C:\Program Files\NEWSEGLOGO.ico
2013-05-06 10:35 - 2013-05-06 10:35 - 0188828 _____ () C:\Program Files\SeaTools for DOS.EN.pdf
2013-09-26 11:26 - 2013-09-26 11:26 - 0636469 _____ () C:\Program Files\SeaTools for Windows.de-DE.pdf
2013-09-26 11:27 - 2013-09-26 11:27 - 0613194 _____ () C:\Program Files\SeaTools for Windows.en-US.pdf
2013-05-06 10:35 - 2013-05-06 10:35 - 8867840 _____ () C:\Program Files\SeaToolsDOS223ALL.ISO
2013-10-09 10:17 - 2013-10-09 10:17 - 10459760 _____ (Seagate Technology) C:\Program Files\SeaToolsforWindows.exe
2013-05-06 16:29 - 2013-05-06 16:29 - 0004295 _____ () C:\Program Files\SeaToolsforWindows.exe.config
2013-10-09 10:17 - 2013-10-09 10:17 - 0141936 _____ (Seagate Technology) C:\Program Files\SpawnCLR.dll
2012-11-20 15:51 - 2012-11-20 15:51 - 0007648 _____ () C:\Program Files\STW.xss
2013-10-09 10:17 - 2013-10-09 10:17 - 4288112 _____ (Seagate Corporation) C:\Program Files\stxcon.exe
2014-03-14 09:36 - 2014-03-14 09:36 - 0614295 _____ () C:\Program Files\uninst.exe
2013-06-26 16:57 - 2013-06-26 16:57 - 6560088 _____ (Microsoft Corporation) C:\Program Files\vcredist_x86.exe
2012-03-30 13:15 - 2012-03-30 13:16 - 0000132 _____ () C:\Users\Lori\AppData\Roaming\Adobe BMP Format CS5 Prefs
2011-07-21 12:53 - 2011-07-21 12:53 - 0000132 _____ () C:\Users\Lori\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-10-21 20:02 - 2013-10-21 20:02 - 0000132 _____ () C:\Users\Lori\AppData\Roaming\Adobe PNG Format CS6 Prefs
2011-07-21 12:55 - 2012-10-18 11:09 - 0001456 _____ () C:\Users\Lori\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-06-05 11:31 - 2015-01-16 10:03 - 0001456 _____ () C:\Users\Lori\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-08-02 13:03 - 2015-02-12 22:05 - 0007619 _____ () C:\Users\Lori\AppData\Local\Resmon.ResmonCfg
2011-08-01 19:58 - 2011-08-01 19:58 - 0000003 _____ () C:\Users\Lori\AppData\Local\updater.log
2011-08-01 19:58 - 2015-04-23 07:54 - 0002055 _____ () C:\Users\Lori\AppData\Local\UserProducts.xml
2012-04-14 16:42 - 2015-04-15 18:22 - 0001545 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdftzuj.dll
C:\Users\Lori\AppData\Local\Temp\hpusetup.exe
C:\Users\Lori\AppData\Local\Temp\Perfect_Photo_Suite_9.5.0_PE.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-24 01:16

==================== End of log ============================

Carey · May 31, 2015

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Lori at 2015-05-31 13:34:16
Running from C:\Users\Lori\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-38544632-2117033096-1779847156-500 - Administrator - Disabled)
Guest (S-1-5-21-38544632-2117033096-1779847156-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-38544632-2117033096-1779847156-1004 - Limited - Enabled)
Lori (S-1-5-21-38544632-2117033096-1779847156-1001 - Administrator - Enabled) => C:\Users\Lori

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7 64-bit (HKLM\...\{1B77B02E-17E4-4B6D-B8A1-74B29AF3D8DD}) (Version: 5.7.0 - Adobe Systems Incorporated)
Adobe Pixel Bender Toolkit 2 (HKLM-x32\...\{D5CC77BE-BC5B-424E-8E45-DF60AFF7BE9C}) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARRL Exam Review - General (HKLM-x32\...\{AE459D2F-33CC-4354-B744-0D4AEE7D5C00}) (Version: 2.0.3 - ARRL - The national association for Amateur Radio)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Bay Photo (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Bay Photo) (Version: - Bay Photo Remote Order Entry System)
Bay Photo Economy (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Bay Photo Economy) (Version: - Bay Photo Remote Order Entry System)
Best Buy pc app (Version: 3.0.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
California 24k Topo Map (HKLM-x32\...\California Topo) (Version: - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.2.11 - Canon Inc.)
Canon Internet Library for ZoomBrowser EX (HKLM-x32\...\Canon Internet Library for ZoomBrowser EX) (Version: 1.6.3.9 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.5.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.)
Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.)
ccc-core-static (x32 Version: 2010.0113.2208.39662 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{A1A724F3-F1A6-479C-AE98-208946717E2B}) (Version: 42.0.2311.39 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Data Vault (Version: 4.1.9.0 - Dell Inc.) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.1.56462 - Dell)
Dell System Detect - 1 (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
Dell System Detect (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\9204f5692a8faf3b) (Version: 5.5.0.19 - Dell)
Diamond Mine Deluxe 1.83 (HKLM-x32\...\Diamond Mine Deluxe 1.83) (Version: - )
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dropbox (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DxO FilmPack 3 (HKLM\...\{6E98BFB0-55E3-4D3C-8C10-B44F6063535E}) (Version: 3.4.94.0 - DxO Labs)
EasySetPackage (HKLM-x32\...\{266725C1-716F-43AC-BBFB-4201131ED656}) (Version: 2.4 - LG Soft India)
Elevated Installer (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
EOSCount ActiveX control (HKLM-x32\...\{63B230BF-D745-4ECC-B773-EA25A9AFDC36}) (Version: 2.3.4 - Sergey Vasilevskiy)
EOSInfo (HKLM-x32\...\{CC23FF9A-989C-4DEB-8970-50E6E4862315}) (Version: 0.2.0 - astrojargon.net)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Evernote v. 4.6.6 (HKLM-x32\...\{6146B9DC-C33D-11E2-BDE1-984BE15F174E}) (Version: 4.6.6.8360 - Evernote Corp.)
FileZilla Client 3.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.1 - FileZilla Project)
Fusion 2.2.2 (HKLM-x32\...\{4D8122DA-CFB4-4375-AF8F-DC4DA0F15C88}) (Version: 2.2.2 - NS-Point.com)
Garmin City Navigator North America v8 (HKLM-x32\...\{A75949C3-DC28-42CA-9C56-24C002B93D89}) (Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{01b90f4a-c495-47c4-a33b-1391f41398ce}) (Version: 4.0.16.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.16.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{58FA5D40-E35A-47ED-8AFA-68CCC758559E}) (Version: 6.15.11 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version: - Friedemann Schmidt)
Google Chrome (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Chrome Backup 1.8.0.141 (HKLM-x32\...\{52291FC0-33D3-4A18-9587-5115225545D8}_is1) (Version: - )
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )
GoToMeeting 7.2.0.2759 (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\GoToMeeting) (Version: 7.2.0.2759 - CitrixOnline)
GPSBabel 1.4.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version: - GPSBabel)
GSAK 8.1.0.10 (Final) (HKLM-x32\...\GSAK_is1) (Version: - CWE computer services)
HostsMan 4.1.96 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.1.96.0 - abelhadigital.com)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{70BF6489-4E33-4AFE-90B6-9A8120E6EEA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.021 - HTC Corporation)
HTC Sync (HKLM-x32\...\{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}) (Version: 3.2.20 - HTC Corporation)
HWiNFO32 Version 4.50 (HKLM-x32\...\HWiNFO32_is1) (Version: 4.50 - Martin Malík - REALiX)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
ImageJ 1.47v (HKLM\...\ImageJ_is1) (Version: - NIH)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.2 (HKLM-x32\...\Inkscape) (Version: 0.48.2 - )
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - )
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lightshot-5.2.1.1 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.2.1.1 - Skillbrains)
Mahjong Towers II (HKLM-x32\...\Mahjong Towers II) (Version: - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MCP-4A (HKLM-x32\...\{4CBC4137-823A-4D3F-ACCA-060C5C1A4D92}) (Version: 1.03.0013 - JVC KENWOOD Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{D553E8CC-5C56-4B06-AC1A-A443DFF31092}) (Version: 6.3.9723.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}) (Version: 1.4.915.1 - Fitipower)
Multimedia Card Reader (x32 Version: 1.4.915.1 - Fitipower) Hidden
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.8 - Google)
nik Color Efex Pro 2.0 Promo III (HKLM-x32\...\nik Color Efex Pro 2.0 Promo III) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.3 - )
PC Inspector smart recovery (HKLM-x32\...\{C9A87D86-FDFD-418B-BF96-EF09320973B3}) (Version: 4.50 - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Perfect Effects 3 Free (HKLM-x32\...\{B8D92680-34AC-4B76-8D95-7E95B11B5121}) (Version: 3.0.2 - onOne Software)
Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software)
Perfect Photo Suite 7.5 (HKLM-x32\...\{6727F16E-6BF0-4E73-AC73-958A382AA09E}) (Version: 7.5 - onOne Software)
Perfect Photo Suite 9 (HKLM-x32\...\Perfect Photo Suite 9 PE) (Version: 9.5.0 - on1)
Perfect Resize 7.0.2 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 7.0.2 - onOne Software)
Photomatix Pro version 4.2.4 (HKLM\...\PhotomatixPro42x64_is1) (Version: 4.2.4 - HDRsoft Sarl)
PhotoME Beta-Release (HKLM-x32\...\PhotoME Beta-Release_is1) (Version: 0.8ß2 - Jens Duttke)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PLUS Embedder and Reader - Beta v0.8.5 (HKLM-x32\...\{4D3C6B24-B347-4550-BA8A-4C072BE02FD6}) (Version: 1.0.13 - ImageSpan)
Poladroid (HKLM-x32\...\{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}) (Version: 0.9.6.0 - Poladroid.net)
ProjectLibre (HKLM-x32\...\{E29A4ED9-3192-4D72-A2E2-9C32B512714D}) (Version: 1.5.19.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform)
RescuePRO 3.5 (HKLM-x32\...\{81B109ED-6ECA-49FF-9238-8E31FA5DB1A9}_is1) (Version: - LC Technology International, Inc.)
RescuePRO 4.2.2.4 (HKLM-x32\...\{66AB532A-AF83-4EEF-B692-D8B80D518A08}_is1) (Version: 4.2.2.4 - LC Technology International, Inc.)
RMS Express (HKLM-x32\...\{93EDD4EF-B076-4625-A497-06803F9F5CD1}) (Version: 1.1.0 - Winlink 2000)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Seagate DiscWizard (HKLM-x32\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spotify (HKLM-x32\...\Spotify) (Version: 0.5.2 - )
Spotify (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\Spotify) (Version: 0.8.1.76.g4773b858 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
Stellarium 0.12.0 (HKLM-x32\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TextTwist Deluxe (HKLM-x32\...\TextTwist Deluxe) (Version: - GameHouse, Inc.)
The Photographer's Ephemeris (HKLM-x32\...\Flexrise.9F3FBFC56E7DF11606748B3513468A7A7FB809D1.1) (Version: 1.1.0 - UNKNOWN)
The Photographer's Ephemeris (x32 Version: 1.1.0 - UNKNOWN) Hidden
Time-Lapse Tool (HKLM-x32\...\{EEF086F9-EF64-4CF0-BC30-7F68D3CF8227}) (Version: 1.1.681 - AI Devs)
Topaz Adjust 4 (64-bit) (HKLM-x32\...\Topaz Adjust 4 (64-bit)) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (64-bit) (Version: 4.1.0 - Topaz Labs) Hidden
Topaz Adjust 4 (HKLM-x32\...\Topaz Adjust 4) (Version: 4.1.0 - Topaz Labs)
Topaz Adjust 4 (x32 Version: 4.1.0 - Topaz Labs) Hidden
Topaz Adjust 5 (64-bit) (HKLM-x32\...\Topaz Adjust 5 (64-bit)) (Version: 5.0.0 - Topaz Labs)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.0.0 - Topaz Labs)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (64-bit) (HKLM-x32\...\Topaz DeJpeg 4 (64-bit)) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (64-bit) (Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs)
Topaz DeJpeg 4 (x32 Version: 4.0.2 - Topaz Labs) Hidden
Topaz DeNoise 5 (64-bit) (HKLM-x32\...\Topaz DeNoise 5 (64-bit)) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (64-bit) (Version: 5.0.1 - Topaz Labs) Hidden
Topaz DeNoise 5 (HKLM-x32\...\Topaz DeNoise 5) (Version: 5.0.1 - Topaz Labs)
Topaz DeNoise 5 (x32 Version: 5.0.1 - Topaz Labs) Hidden
Topaz Detail 2 (64-bit) (HKLM-x32\...\Topaz Detail 2 (64-bit)) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (64-bit) (Version: 2.0.5 - Topaz Labs) Hidden
Topaz Detail 2 (HKLM-x32\...\Topaz Detail 2) (Version: 2.0.5 - Topaz Labs)
Topaz Detail 2 (x32 Version: 2.0.5 - Topaz Labs) Hidden
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (64-bit) (HKLM-x32\...\Topaz InFocus (64-bit)) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (64-bit) (Version: 1.0.0 - Topaz Labs) Hidden
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs)
Topaz InFocus (x32 Version: 1.0.0 - Topaz Labs) Hidden
Topaz Lens Effects (64-bit) (HKLM-x32\...\Topaz Lens Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz Lens Effects (64-bit) (Version: 1.1.0 - Topaz Labs) Hidden
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.1.0 - Topaz Labs)
Topaz Lens Effects (x32 Version: 1.1.0 - Topaz Labs) Hidden
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.2.1 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.2.1 - Topaz Labs) Hidden
Topaz ReMask 3 (HKLM-x32\...\Topaz ReMask 3) (Version: 3.2.1 - Topaz Labs)
Topaz ReMask 3 (x32 Version: 3.2.1 - Topaz Labs) Hidden
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 3 (64-bit) (HKLM-x32\...\Topaz Simplify 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 3 (HKLM-x32\...\Topaz Simplify 3) (Version: 3.0.2 - Topaz Labs)
Topaz Simplify 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz Simplify 4 (64-bit) (HKLM-x32\...\Topaz Simplify 4 (64-bit)) (Version: 4.0.1 - Topaz Labs)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.1 - Topaz Labs)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TwitterLocal (HKLM-x32\...\net.twitterlocal.onair.A589D10E991C524019173F7ADEB73C85B538C40C.1) (Version: 2.1 - UNKNOWN)
TwitterLocal (x32 Version: 2.1 - UNKNOWN) Hidden
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VirtualRig Studio 2.3 Trial (HKLM\...\VirtualRig Studio 2.3 Trial) (Version: 2.3.537 - VirtualRig Studio Ltd.)
WD Quick View (HKLM-x32\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Laboratories (silabenm) Ports (12/10/2012 6.6.1.0) (HKLM\...\D680DEE0F68D64EC53D0C5769879D15D387054CC) (Version: 12/10/2012 6.6.1.0 - Silicon Laboratories)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Workspace Desktop (HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\workspacedesktop) (Version: - Starfield Technologies)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}\InprocServer32 -> C:\Users\Lori\AppData\Local\Starfield\gdeditwrapperax64.dll (Starfield Technologies, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}\InprocServer32 -> C:\Users\Lori\AppData\Local\Starfield\wbetoolsax64.dll (Starfield Technology, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Lori\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-38544632-2117033096-1779847156-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Lori\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

11-05-2015 23:49:00 Scheduled Checkpoint
13-05-2015 16:19:36 Windows Update
16-05-2015 22:23:11 Windows Update
19-05-2015 23:25:10 Windows Update
23-05-2015 23:29:26 Windows Update
25-05-2015 09:41:17 Windows Modules Installer
25-05-2015 09:46:04 Windows Modules Installer
27-05-2015 06:58:03 Installed RMS Express
27-05-2015 23:27:56 Windows Update
31-05-2015 01:13:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-02-16 09:34 - 00000884 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 Mafia Demon
127.0.0.1 www.mafiademon.net

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D92F2F8-8BD5-4765-BA48-2CCB150DA577} - System32\Tasks\{3802F4FB-1472-40D0-B382-A79C6F40AA8C} => pcalua.exe -a D:\USB\新版驱动\PL2303_Prolific_DriverInstaller_v1.7.0.exe -d D:\USB\新版驱动
Task: {3EA478FF-E280-4B04-ADDE-EB36F9130B8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {4628935D-FDA3-48EC-86B3-F2E3E9D6E10A} - System32\Tasks\{190129BF-F4CE-4873-AE7F-246665BFDB97} => Chrome.exe
Task: {493FE5C5-DBAC-4B22-B676-9B718A8CF5B8} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-02-19] (Microsoft)
Task: {522AC286-ABD5-4F61-B38E-8D65FBCBB4DE} - System32\Tasks\{ED4031CC-B09F-42FB-9C8A-A16444F62BB3} => Chrome.exe
Task: {541D392C-2684-4263-8F26-8DFF76A60862} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {65AC5F58-4971-435E-A412-6BAD0C1A1CF8} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {66E139AE-29D6-4655-B34B-58AFED1F35EF} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17] ()
Task: {7A47609F-E7DF-4879-80A4-FD789DBF0630} - System32\Tasks\update-S-1-5-21-38544632-2117033096-1779847156-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {80CE2F06-3CDF-4B49-8C8D-0EF9840E38FB} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {811FF30B-B452-41DC-A3F3-7EBE0A586CC7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {88277173-1CC6-4719-89A0-2472FFBD48A9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {8ED9C94A-4039-4AF4-B54C-26C39FE8BF9A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA => C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {906FA99E-92C8-45F5-B9EB-F65338CFA356} - System32\Tasks\{D3736B0A-EE36-4B4A-AC17-C3FD8A60B726} => Chrome.exe
Task: {931B4968-62E2-4B5B-9899-E1E5C5C5A43D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2013-02-23] ()
Task: {9726F221-73C2-4675-83B6-25358B1C1BBC} - System32\Tasks\{0B5D780A-047F-4A6F-96CA-C5835BD2A50E} => pcalua.exe -a C:\Users\Lori\Desktop\relevance-win-setup-1.2.2.exe -d C:\Users\Lori\Desktop
Task: {98CED05F-295C-409E-9C38-CBE27D03B5D1} - System32\Tasks\AdobeAAMUpdater-1.0-Lori-PC-Lori => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {98DEBE38-8093-4EA3-BC6B-660A9099D31D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core => C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {A43AA9A3-FA98-4DAD-97C7-2B7220BA8928} - System32\Tasks\G2MUpdateTask-S-1-5-21-38544632-2117033096-1779847156-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {A965836D-C4E4-4D37-B716-D093F6DFE84A} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-20] (Microsoft Corporation)
Task: {AA00EB91-413C-495F-ADA7-19DAAC41CE82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {B7910AFD-EF77-492B-8C09-1207DE0684A5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C58C86DC-7186-476F-BA31-B255EC744A27} - System32\Tasks\{2B6601DB-03E1-4FDA-937E-3DDE8C2018B6} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2013-10-09] (ATI Technologies Inc.)
Task: {DF13695A-0050-4EC9-9D22-B989D6FCA06A} - System32\Tasks\{ACF9B4D7-37DD-4FA8-9573-1C363F120FC0} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2013-10-09] (ATI Technologies Inc.)
Task: {FA8545EE-BB92-4382-AD3F-DA415452BB7C} - System32\Tasks\G2MUploadTask-S-1-5-21-38544632-2117033096-1779847156-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe [2015-05-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dell SupportAssistAgent AutoUpdate.job => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-38544632-2117033096-1779847156-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-38544632-2117033096-1779847156-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2759\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001Core.job => C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-38544632-2117033096-1779847156-1001UA.job => C:\Users\Lori\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-38544632-2117033096-1779847156-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-09-15 12:06 - 2011-09-15 12:06 - 00088576 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-08-19 15:41 - 2009-12-04 17:15 - 00062976 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK64.dll
2010-09-23 08:23 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2011-07-20 12:43 - 2011-07-20 12:43 - 00033984 _____ () C:\Users\Lori\AppData\Local\Starfield\workspaceupdate.exe
2011-08-19 15:41 - 2009-12-22 12:30 - 00159744 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
2010-07-26 22:17 - 2010-07-07 16:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility.exe
2014-10-15 07:35 - 2014-10-15 07:35 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\c29d8779b3a3599f44e21e017541cd0c\VistaBridgeLibrary.ni.dll
2011-08-19 15:41 - 2009-12-22 12:31 - 00024576 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
2015-04-28 11:27 - 2015-04-28 11:27 - 00077640 _____ () C:\Program Files (x86)\Google\Drive\nativeproxy.exe
2010-01-02 07:42 - 2010-01-02 07:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-07-18 14:04 - 2011-07-18 14:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2011-08-19 15:41 - 2009-12-22 12:30 - 00057344 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK.dll
2011-08-19 15:41 - 2009-12-22 12:30 - 00012288 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EngRes.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00139264 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Appearance Pak.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00147456 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RegEx.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00868352 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\RBScript.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00098304 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\Shell.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00762368 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\XML.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00266240 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CGamma.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00065536 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\CSensor.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00028672 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll
2010-07-26 22:17 - 2010-07-07 16:00 - 00025600 _____ () C:\Program Files (x86)\Datacolor\Spyder3Pro\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll
2015-05-16 23:10 - 2015-05-16 23:10 - 00043008 _____ () c:\users\lori\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdftzuj.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00750080 _____ () C:\Users\Lori\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00047616 _____ () C:\Users\Lori\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00865280 _____ () C:\Users\Lori\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 14:45 - 2015-03-04 14:45 - 00200704 _____ () C:\Users\Lori\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-05-16 23:09 - 2015-05-16 23:09 - 00098816 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32api.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00110080 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\pywintypes27.dll
2015-05-16 23:09 - 2015-05-16 23:09 - 00364544 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\pythoncom27.dll
2015-05-16 23:09 - 2015-05-16 23:09 - 00045568 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_socket.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 01161216 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_ssl.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00320512 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32com.shell.shell.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00713216 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_hashlib.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 01175040 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._core_.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00805888 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._gdi_.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00811008 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._windows_.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 01062400 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._controls_.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00735232 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._misc_.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00682496 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\pysqlite2._sqlite.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00128512 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_elementtree.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00127488 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\pyexpat.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00087552 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_ctypes.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00119808 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32file.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00108544 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32security.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00007168 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\hashobjs_ext.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00017408 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\usb_ext.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00167936 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32gui.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00018432 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32event.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00013824 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\common.time34.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00036864 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_psutil_windows.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00038912 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32inet.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00011264 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32crypt.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00070656 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._html2.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00027136 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_multiprocessing.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00020480 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\_yappi.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00035840 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32process.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00686080 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\unicodedata.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00122368 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._wizard.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00024064 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32pipe.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00010240 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\select.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00025600 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32pdh.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00525640 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\windows._lib_cacheinvalidation.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00017408 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32profile.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00022528 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\win32ts.pyd
2015-05-16 23:09 - 2015-05-16 23:09 - 00078336 _____ () C:\Users\Lori\AppData\Local\Temp\_MEI49482\wx._animate.pyd
2012-04-14 17:39 - 2012-04-14 17:39 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-04-14 17:39 - 2012-04-14 17:39 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-06-18 13:08 - 2013-06-18 13:08 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS:nlsPreferences
AlternateDataStreams: C:\Users\Lori\Downloads\jonnystyle.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lori\Downloads\Matts-Signature-Collection-Presets.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lori\Downloads\Perfect_Photo_Suite_9.0.2_PE.exe:com.dropbox.attributes
AlternateDataStreams: C:\Users\Lori\Downloads\Weatherly-Presets.zip:com.dropbox.attributes

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-38544632-2117033096-1779847156-1001\...\dell.com -> dell.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-38544632-2117033096-1779847156-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: SupportAssistAgent => 2
MSCONFIG\startupreg: AdobeBridge => "C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe" -stealth
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Best Buy pc app => C:\Users\Lori\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Lori\AppData\Local\Apps\2.0\3V3T3KEM.E92\8YW0PH9Y.WDM\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
MSCONFIG\startupreg: DiscWizardMonitor.exe => "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: instanteyedropper => "C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: Seagate Scheduler2 Service => "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: WD Quick View => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B4DE9EC4-61CF-46BB-9215-D9CE034E8E59}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{6C9A5D98-6FAB-48D6-ADFC-A768BD060134}] => (Allow) svchost.exe
FirewallRules: [{2D97F8C2-7827-4D98-AFBA-E9F29AE19547}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{501AFECC-1D94-4AB6-9B6A-2AC0923407EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{765DE2EC-D682-4F51-92B3-11AAE568F3D1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2D05FF54-68CB-4801-9B6C-598194B713E2}] => (Allow) LPort=2869
FirewallRules: [{DB472D77-B0C9-482C-8945-A170913AC453}] => (Allow) LPort=1900
FirewallRules: [{4CE3AD80-C487-45DF-8844-244405BD0096}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{09C9FFE5-751D-4763-91EA-ED4765ABE593}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A658DE1B-94E6-434C-90FA-C06ACC82A0C9}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7B442007-92E0-48AE-9358-8CD803302844}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{3DAF0270-4CA1-43EC-8E32-189C6E80AE0A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\DeviceSetup.exe
FirewallRules: [{F9DA7C72-0827-4687-B98E-91C60C237B9A}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [{92DBAACB-2B51-48AE-A227-9E13ED200B27}] => (Allow) C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPNetworkCommunicator.exe
FirewallRules: [TCP Query User{12318B93-C853-4A43-B9E4-22C0050836EC}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [UDP Query User{BC33A476-DAB1-4CAF-B6A6-A8265473E4B4}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [TCP Query User{96F9D8F9-A94A-4ABC-8261-84945C45E814}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{4B776B8A-551A-4E55-8861-BC2730437E12}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{CC0F84A9-567D-4EC5-A928-04E2C375EBA8}] => (Allow) C:\Users\Lori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{38AF815D-4E17-4B6C-A774-7C2D1C6879F6}] => (Allow) C:\Users\Lori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{5FF77A91-15A4-4511-9554-8D8E9AF61E9C}] => (Allow) C:\Users\Lori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{57BE86C7-D2D4-478B-B432-9A8B7A4EBBDD}] => (Allow) C:\Users\Lori\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{3DC51AC9-5547-4575-99CA-863DE06B9DE9}] => (Allow) C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{206F0C03-92F2-4153-B0A8-7A7102314558}] => (Allow) C:\Users\Lori\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{9237F069-E609-476C-9928-4C747D0B7F24}C:\users\lori\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lori\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{36204BA5-F171-4A2A-89EE-CFF06FE45FD4}C:\users\lori\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\lori\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{837CDE38-DE5C-4A2D-8DEE-8943F47323D5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdater.exe
FirewallRules: [{5F1ED191-4DCA-478D-A0DE-52799C1B5CA0}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{86DA87DE-1F81-41E0-9EE3-29734DAC20C3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{A28EB9BC-F50B-4B40-B02C-80AE2146DE51}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{4BBEE57D-7C24-4E27-91A9-E2C0B5504FA3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{CDC3B864-D231-4F06-8CC0-AA381ABBDBBE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
FirewallRules: [{2E401729-06F7-45C0-B763-F99177D55A1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0CA00723-77B5-4D5F-A595-04F8882CCFCA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{81E75F2F-7DB9-4254-B84B-BD634131E57D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69C81411-91C9-4EDB-8732-8D74DB57A6AE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{8309386E-6159-4C0B-A57A-8ED743EF12AE}C:\program files\onone software\perfect effects free\perfecteffects.exe] => (Allow) C:\program files\onone software\perfect effects free\perfecteffects.exe
FirewallRules: [UDP Query User{881A54EE-5959-4ABD-82D0-5EB3C9971EB4}C:\program files\onone software\perfect effects free\perfecteffects.exe] => (Allow) C:\program files\onone software\perfect effects free\perfecteffects.exe
FirewallRules: [TCP Query User{4179E7D8-2485-45BD-9FCF-036911B8B85F}C:\users\lori\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lori\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{1E707747-19B5-4A2E-BED9-035DA1737D31}C:\users\lori\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\lori\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{09C89599-FCC7-42C8-B47A-508446312F62}C:\users\lori\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lori\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{B808F1C8-0235-4AB2-BC55-EE8F2886E6B3}C:\users\lori\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\lori\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{AD0688C4-7C19-4803-BC38-50B94618C80E}C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe] => (Allow) C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe
FirewallRules: [UDP Query User{B701FC3D-88E9-4174-B645-7FB3F73E99DD}C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe] => (Allow) C:\program files\onone software\perfect photo suite 7\perfect photo suite 7.exe
FirewallRules: [TCP Query User{99A110C3-505F-427D-9F99-295FA3EB6D66}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{D21F1ED7-DF69-4707-9D8C-E24720F25712}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [TCP Query User{A224523B-4C4B-43BA-831F-11489F29B1FE}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [UDP Query User{C83CF691-A80A-497F-BC98-284D3552DFC2}C:\program files\onone software\perfect effects 8\perfect effects 8.exe] => (Allow) C:\program files\onone software\perfect effects 8\perfect effects 8.exe
FirewallRules: [TCP Query User{0E1A2B02-6C1A-427B-A872-2FF0FDC9D309}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [UDP Query User{0FF97938-98CB-4DDF-B440-A9E277460B64}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe
FirewallRules: [{9DF156CF-F6AD-40A5-9A1A-FB86B6CE302B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{05606103-BE80-4C90-AE39-8B96E0A182B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{904B72BC-8AF3-4CC5-B193-EF9C4A84DE6D}] => (Allow) C:\Users\Lori\AppData\Local\Temp\7zS39E2\HPDiagnosticCoreUI.exe
FirewallRules: [{5560C407-DE8E-4B55-967F-9B67D67628D2}] => (Allow) C:\Users\Lori\AppData\Local\Temp\7zS39E2\HPDiagnosticCoreUI.exe
FirewallRules: [{C8F85F9A-EAD5-4E99-A2D7-684C16AB44D5}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\42.0.2311.39\remoting_host.exe
FirewallRules: [{E0185BA4-8B0C-4DFE-A15B-93F09AD6C6E8}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{935A5552-02FC-488B-8EF0-4501663EB6AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{0C8C8F94-09E7-4B29-8436-058490965BA6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{35BD51F3-D66F-4079-8663-8867CF895CDB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4EE507A0-4AAD-46BE-87CA-98D9186D5045}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{E3F60058-EDA1-4E97-A81D-A46E90F2B14C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0C17AAFC-36A1-4EC7-9D83-FA9D42F08A97}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B491547E-EDF7-416C-BB56-9991CBD2C572}] => (Allow) LPort=49173
FirewallRules: [{07CCBFA6-A0CB-4567-A053-5580B4E63DE3}] => (Allow) LPort=5000
FirewallRules: [{8D02E8B6-3B8D-4E87-95BC-28757113C6DF}] => (Allow) C:\Users\Lori\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/31/2015 00:54:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/30/2015 01:16:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/29/2015 01:37:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/28/2015 09:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
Faulting module name: NPSWF32_17_0_0_169.dll, version: 17.0.0.169, time stamp: 0x5529db53
Exception code: 0x80000003
Fault offset: 0x00358d1d
Faulting process id: 0x1e70
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (05/28/2015 01:03:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (05/27/2015 07:26:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/27/2015 07:26:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/27/2015 07:12:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Lightroom.exe version 5.7.0.10 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b08

Start Time: 01d0988706d15765

Termination Time: 41

Application Path: C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\Lightroom.exe

Report Id: 5c62529e-047a-11e5-ba6f-842b2b9df812

Error: (05/27/2015 07:09:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/27/2015 07:09:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

System errors:
=============
Error: (05/31/2015 00:59:24 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (05/30/2015 10:18:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (05/30/2015 01:08:06 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (05/29/2015 03:36:34 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (05/29/2015 03:30:24 AM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (05/29/2015 01:42:14 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (05/28/2015 01:11:20 AM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume OS.

Error: (05/27/2015 03:08:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (05/27/2015 03:08:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (05/27/2015 07:11:28 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk6\DR9.

Microsoft Office:
=========================
Error: (05/31/2015 00:54:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/30/2015 01:16:02 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/29/2015 01:37:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/28/2015 09:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe38.0.1.561155541a90NPSWF32_17_0_0_169.dll17.0.0.1695529db538000000300358d1d1e7001d099c4139eebebC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll6f76f354-05bb-11e5-ba6f-842b2b9df812

Error: (05/28/2015 01:03:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (05/27/2015 07:26:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/27/2015 07:26:16 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (05/27/2015 07:12:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Lightroom.exe5.7.0.10b0801d0988706d1576541C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.7\Lightroom.exe5c62529e-047a-11e5-ba6f-842b2b9df812

Error: (05/27/2015 07:09:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (05/27/2015 07:09:39 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz
Percentage of memory in use: 21%
Total physical RAM: 16343.08 MB
Available physical RAM: 12840.05 MB
Total Pagefile: 34773.64 MB
Available Pagefile: 28866.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1852.1 GB) (Free:171.54 GB) NTFS
Drive f: (EOS_DIGITAL) (Removable) (Total:29.8 GB) (Free:21.47 GB) FAT32
Drive i: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:295.15 GB) NTFS
Drive l: (My Book) (Fixed) (Total:1862.98 GB) (Free:656.52 GB) NTFS
Drive m: (TOSHIBA EXT) (Fixed) (Total:931.41 GB) (Free:659.35 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:4.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive z: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2555.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1A4D04FD)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1852.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: BC4A84B5)

Partition: GPT Partition Type.

========================================================
Disk: 3 (Size: 29.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 00021365)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 931.5 GB) (Disk ID: 3947961A)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 8.

==================== End of log ============================

BrianDrab · May 31, 2015

It definitely looks like your disk is failing or at the very least very corrupt. We need to find a way to get chkdsk to complete. If we can't I don't see any other option other than backing up your data and then re-formatting/re-installing. So please make sure your data is backed up. Let's try a few things first however.

SFC Scan

Click on the Start

button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following commands into it, press enter after each

sfc /scannow

Wait for this to finish before you continue

copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Carey · May 31, 2015

"There is a system repair pending which requires a reboot to complete. Restart Windows and run sfc again."

I think I'm stuck if I can't get that chkdsk to complete. :banghead:

Updated cbs.txt in case it does any good, zipped file was too big to attach here, dropbox link https://www.dropbox.com/s/fr1cii74jgj38c4/cbs (2).zip?dl=0

BrianDrab · May 31, 2015

Make sure your data is backed up and let's do an offline chkdsk (unless you already tried it).

Offline Chkdsk
1. Reboot your computer and begin tapping F8 on the keyboard as it restarts.
2. this should bring you to the Advanced Boot Options screen and one of the options should be "Repair Your Computer". (If you don't have this option stop and let me know).
View attachment 12840

3. Hit enter on Repair Your Computer.
4. Select a keyboard layout and enter username/password if prompted.
5. Click on Command Prompt in the System Recovery Options window.
6. Type notepad in the command prompt window and hit enter.
7. Select the File menu and choose Open. Double click on Computer so you see all of your drive letters. You will see drive letter X: as well as others. Identify which one is your Local Disk. It won't be X.
8. Now you can cancel out of this window. You can also close notepad.
9. Now type the following into the command prompt window and hit enter.
chkdsk d: /R<------please ensure you change the letter d to the drive letter you identified previously.

Let's see if it runs to completion.

Carey · May 31, 2015

I have not tried an offline chkdsk, learn a new trick every day.

I'm going to do a fresh data backup before I run it. I was slowly working my way through upgrading all of my drives to larger ones shortly before this happened, so I want to make sure I have a complete set in one place just in case. That will take a few hours I'm sure. As soon as that is done I'll try running the offline chkdsk and report back.

Thanks so much for your help and patience!

Carey · Jun 1, 2015

Okay, so...when I rebooted my computer started configuring Windows updates and when finished I let chkdsk run which again failed (black screen) after deleting some corrupt attribute records. I attempted to run the offline chkdsk per your directions but got error message "Chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPEN HANDLES would then be invalid blah blah blah" so I said "N" and rebooted again. Again my computer configured Windows updates and this time I bypassed chkdsk. I then ran chkdsk from within Windows (read only) and it got further than it has in the past. It made note of several errors detected in index $130 (files 13354 and 604233) before it ran into an error and said that since I ran in read only mode it couldn't continue. I tried running with /R from within Windows and again got the message that the volume is in use by another process.

BrianDrab · Jun 1, 2015

Follow my directions to do it offline but when prompted with "Chkdsk cannot run because the volume is in use by another process. Chkdsk may run if this volume is dismounted first. ALL OPEN HANDLES would then be invalid blah blah blah" answer YES.

Carey · Jun 1, 2015

chkdsk started restoring a LOT of files (Stage 3 I think), they were flying by like lightning, and then I got a black screen again. Ran it again and got black screen almost immediately. Ran it again and got black screen when it started running Stage 3.

I'm starting to wonder if it's actually just turning off my monitor, there's no command prompt just a black screen and now I notice that the power light on the monitor is slowly flashing, but I can't get it to power back on. I'm going to leave as is for a while in case chkdsk is still actually running, and tomorrow I'm going to pick up a new monitor. This one has been buggy with not waking from sleep mode so I need to replace it anyway.

BrianDrab · Jun 1, 2015

Sounds good. That's a very weird symptom so I hope it's the monitor.

Carey · Jun 11, 2015

Sorry for disappearing, I was on deadline with a client project that I needed to get wrapped up before I risked crashing my computer again, and then life got in the way.

It seems that as I suspected, my monitor was going into sleep mode and I think chkdsk was still running in the background. I didn't know how long it needed to run with all of the repairs it was making, but each time I let it run for an hour or so with the monitor asleep it showed more progress the next time I ran it. I was afraid to let it run overnight because the CPU fan was running pretty hard. When I thought chkdsk had finally made it all the way through I tried booting into Windows normally and let chkdsk run when it started. The monitor went into sleep mode and I let it run for about an hour and a half. When I came back the power light on the tower was flashing orange so now I'm wondering if the PSU is causing some of my problems and needs to be replaced/upgraded. (I decided not to replace monitor just yet.)

I restarted again and this time Windows booted up normally without needing to run chkdsk first.

But that puts me back to my original problem - both times in the past that I have tried to run the updates from the end of April, I had similar problems both times. And now I have 6-7 weeks of updates to get through!
Should I just start doing the updates one by one now and see what happens, or is there something else I should check first?

BrianDrab · Jun 11, 2015

The first step would be to do the following.

SFC Scan

Click on the Start

button and in the search box, type Command Prompt
When you see Command Prompt on the list, right-click on it and select Run as administrator
When command prompt opens, copy and paste the following commands into it, press enter after each

sfc /scannow

Wait for this to finish before you continue

copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt
This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Windows Update mess, black screen of death when running any restore/repair options

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus

Active member

Active member

Emeritus

Active member

Emeritus

Active member

Active member

Emeritus

Active member

Emeritus

Active member

Emeritus