petunia

No MB alerts thus far since I started this process but, as I previously advised, I've only been using my admin-enabled account. Nope...but, with your concurrence, I'll start using the non-admin account again and will advise of any further MB alerts.

Step 2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Home x64 Ran by Jakey (Administrator) on Sat 10/22/2016 at 16:39:21.28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D25C08B-F220-4922-8314-3708746786E5} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 10/22/2016 at 16:40:47.08 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Step 3 # AdwCleaner v6.030 - Logfile created 22/10/2016 at 16:51:02 # Updated on 19/10/2016 by Malwarebytes # Database : 2016-10-22.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Jakey - JAKEY-PC # Running from : C:\Users\Jakey\Desktop\AdwCleaner.exe # Mode: Clean # Support : hxxps://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Program Files (x86)\Common Files\freemake shared ***** [ Files ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA [-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\75E5AA0712A68B24B9F5F870C12C56DA [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\75E5AA0712A68B24B9F5F870C12C56DA [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\75E5AA0712A68B24B9F5F870C12C56DA [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com [-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\dotomi.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\iad-usadmm.dotomi.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\dotomi.com [#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\iad-usadmm.dotomi.com ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3269 Bytes] - [22/10/2016 16:51:02] C:\AdwCleaner\AdwCleaner[S0].txt - [3467 Bytes] - [22/10/2016 16:46:36] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3415 Bytes] ########## Step 4 Sophos scan was clean Step 5 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016 Ran by Jakey (25-10-2016 15:54:15) Running from C:\Users\Jakey\Desktop Windows 10 Home Version 1607 (X64) (2016-09-24 10:13:12) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3792002820-1963542561-2699509262-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3792002820-1963542561-2699509262-503 - Limited - Disabled) Guest (S-1-5-21-3792002820-1963542561-2699509262-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3792002820-1963542561-2699509262-1003 - Limited - Enabled) Jakey (S-1-5-21-3792002820-1963542561-2699509262-1001 - Administrator - Enabled) => C:\Users\Jakey Jakey_2 (S-1-5-21-3792002820-1963542561-2699509262-1004 - Limited - Enabled) => C:\Users\Jakey_2 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Ansel (Version: 372.70 - NVIDIA Corporation) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) BCL easyConverter SDK 3 (Word Version) 64 (HKLM\...\{350CC85B-CA59-4F85-909D-8E4CDBF532FA}) (Version: 3.0.64 - BCL Technologies) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.2930.0 - CyberLink Corp.) CyberLink PowerDirector 12 (Version: 12.0.2930.0 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.5.0.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.5.0.0 - Dell Inc.) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6817.107 - Dell) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.) Ditto (HKLM\...\Ditto_is1) (Version: - Scott Brogden) Easy Photo Scan (HKLM-x32\...\{1A6DED1E-A024-455D-AA82-203D6B3B0CBC}) (Version: 1.00.0006 - Seiko Epson Corporation) Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{4B22C430-7EA8-4534-8358-376FD900B953}) (Version: 3.10.0042 - Seiko Epson Corporation) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.53.00 - SEIKO EPSON CORPORATION) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.34.00 - SEIKO EPSON CORPORATION) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON XP-830 Series Printer Uninstall (HKLM\...\EPSON XP-830 Series) (Version: - Seiko Epson Corporation) Epson XP-830 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-830 User’s Guide_is1) (Version: 1.0 - ) EpsonNet Print (HKLM\...\{15A0F113-BF2C-4C12-8AA8-42AE0D9AE1C9}) (Version: 3.1.2.0 - SEIKO EPSON Corporation) Ezvid (HKLM-x32\...\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1) (Version: 1.003 - Ezvid, inc.) Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.) Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden Family Tree Maker 2014 (HKLM\...\{6948B4FD-92E3-4069-B9E2-9216E1347DA3}) (Version: 22.0.1468 - Software MacKiev) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) iCloud (HKLM\...\{CE29BC77-C5AE-49D8-A8C0-FDAF6ACF74DF}) (Version: 6.0.1.41 - Apple Inc.) Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.2.1001 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan) iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.) Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 49.0 (x64 en-US) (HKLM\...\Mozilla Firefox 49.0 (x64 en-US)) (Version: 49.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.0.6103 - Mozilla) NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.70 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 372.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.70 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Paint Shop Pro 7 Try And Buy (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd) PDF-XChange Lite 2012 (HKLM\...\{25CFCE3C-5C95-49CB-B63A-E2861E6C0C98}_is1) (Version: 5.0.273.2 - Tracker Software Products Ltd) PingPlotter 5 (x32 Version: 5.02.3.1931 - Pingman Tools, LLC) Hidden PingPlotter 5 5.02.3 (HKLM-x32\...\PingPlotter 5 5.02.3.1931) (Version: 5.02.3.1931 - Pingman Tools, LLC) Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.3.723.2015 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) SoundTouch (HKLM-x32\...\{A1D1A19C-7C1E-4654-BC08-62D2950070E1}) (Version: 12.0.10.14848 - BOSE) Sweet Home 3D version 4.4 (HKLM\...\Sweet Home 3D_is1) (Version: - eTeks) TextPad 7 (HKLM\...\{0A9A9C45-9334-4887-A76F-A79CE5C748A7}) (Version: 7.6.2 - Helios) TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3792002820-1963542561-2699509262-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jakey\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3792002820-1963542561-2699509262-1001_Classes\CLSID\{8A791F0C-C63C-4EC5-B97F-FBCE74EDBC54}\InprocServer32 -> C:\Program Files\TextPad 7\System\shellext64.dll () ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0F406BFF-F4FF-47D4-A195-EB7D38D3FBAB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {25A74F71-65D8-472D-8C51-1DB5977ADE05} - System32\Tasks\EPSON XP-830 Series Update {637E52FB-50F4-49E6-B2B8-6DF65E8B7D85} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {3166AF8A-B621-4445-AE85-9729CA209500} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {33B5B983-CD1F-472F-8905-4252187C1A3F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3BBEC361-0F22-4317-830D-EEC95C1CB954} - System32\Tasks\{05666E99-817D-4349-A755-41F81419D319} => pcalua.exe -a "J:\Graphics\Jasc Paint Shop Pro\Paint Shop Pro 7 AE ESD\instmsia.exe" -d "J:\Graphics\Jasc Paint Shop Pro\Paint Shop Pro 7 AE ESD" Task: {3CEBA629-A71C-471A-82E5-D5F65873CDD8} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {479D7012-3A6D-4BA0-A00C-0D796696C418} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {4E68644F-260B-4C78-818B-9C4CD1D8D70D} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation) Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7F117179-2CFE-409B-AB33-70F9F9D608C5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {964A3BD3-9404-447E-979F-4586FDCDE7B7} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {97EEFF00-12B5-4104-B9A9-CEC138A4C5B7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {9C82E376-D451-4F38-98EE-9E38B4A283E7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {9EE47632-6BB6-4A7F-A0ED-BE8C5D43E055} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {A0AC3974-E890-4B90-9A6E-61C6D92A6E69} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {A10856FD-3650-4837-8329-B2919104D23C} - System32\Tasks\{0FD30CAC-8509-4DF1-B23C-A2C425074D1A} => pcalua.exe -a "J:\Graphics\Jasc Paint Shop Pro\Paint Shop Pro 7 AE ESD\setup.exe" -d "J:\Graphics\Jasc Paint Shop Pro\Paint Shop Pro 7 AE ESD" Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A9C09DC4-E67B-4EF5-AC05-2DC002A70931} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B96CEC7E-59D1-442C-AB1D-2E491D8D643F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {C251D6F4-2ABF-43B9-A524-0F806611403D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {C44BC707-6896-447A-85EB-5B3968CC9FBF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {CB0B48E5-7C05-4857-B502-F88D1A547324} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {D2E654D2-EB4B-42B5-9E20-A5A2565E520D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {DFADCFE1-388D-4F56-89E2-8AE4C018EFA4} - System32\Tasks\EPSON XP-830 Series Update {32F5D219-14F1-46AE-9F42-9410B3EB4486} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F717DFA5-5088-4ADB-9C43-A68D12F3B782} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jakey\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\EPSON XP-830 Series Update {32F5D219-14F1-46AE-9F42-9410B3EB4486}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE:/EXE:{32F5D219-14F1-46AE-9F42-9410B3EB4486} /F:UpdateWORKGROUP\JAKEY-PC$ Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\WINDOWS\Tasks\EPSON XP-830 Series Update {637E52FB-50F4-49E6-B2B8-6DF65E8B7D85}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSPKE.EXE:/EXE:{637E52FB-50F4-49E6-B2B8-6DF65E8B7D85} /F:Update WORKGROUP\JAKEY-PC$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-09-30 08:26 - 2016-09-15 13:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-24 05:40 - 2016-08-25 17:12 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-04-24 06:04 - 2011-02-28 18:37 - 00095008 _____ () C:\WINDOWS\System32\Primomonnt.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2014-07-16 11:49 - 2012-08-08 21:36 - 00390672 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2016-07-19 11:39 - 2016-06-14 16:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-09-30 08:26 - 2016-09-15 13:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-10-02 14:43 - 2016-10-02 14:43 - 01864384 _____ () C:\Users\Jakey\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\amd64\ClientTelemetry.dll 2016-02-27 13:13 - 2016-02-27 13:13 - 00117384 _____ () C:\Program Files\TextPad 7\System\shellext64.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-09-24 09:32 - 2016-09-24 09:32 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-11 19:54 - 2016-10-05 05:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-11 19:55 - 2016-10-05 05:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2014-10-04 04:21 - 2014-06-06 21:43 - 01880064 _____ () C:\Program Files\Ditto\Ditto.exe 2016-10-19 17:33 - 2016-10-19 17:33 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-10-19 17:33 - 2016-10-19 17:33 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-10-19 17:33 - 2016-10-19 17:33 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-10-11 19:55 - 2016-10-05 05:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-11 19:55 - 2016-10-05 05:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-11 19:55 - 2016-10-05 05:13 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-10-11 19:55 - 2016-10-05 05:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-11 19:55 - 2016-10-05 05:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-19 11:39 - 2016-06-14 16:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-09-01 18:12 - 2016-09-01 18:12 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll 2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2016-10-02 14:42 - 2016-10-02 14:43 - 01383616 _____ () C:\Users\Jakey\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\ClientTelemetry.dll 2016-10-02 14:43 - 2016-10-02 14:43 - 00118976 _____ () C:\Users\Jakey\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_2\FileSyncViews.dll 2015-10-16 06:14 - 2015-10-16 06:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3792002820-1963542561-2699509262-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\Dell_XPS_silverswirl.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{F5E8483C-5A7E-4D1C-8480-F55970D40A7C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{1FDDB4FA-5B0C-4639-8984-36C3FC6DCAD9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{C7E1B7C0-632C-45FB-B4C1-CF2825BB835B}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch music server.exe FirewallRules: [{6DD06750-8EAE-4895-951B-930D8783E145}] => (Allow) C:\Program Files (x86)\SoundTouch\SoundTouch.exe FirewallRules: [{0A385AE3-B34B-42F9-910E-DCB1A1B1698F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{338DF592-6A21-44E2-9C47-70921C60BDCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{02FFF627-368C-408C-AD72-1FB7E7675226}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{6FA3FD33-4EE4-4A13-80A4-E7AE3368FFBA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{F0614780-84F5-4FD7-BAB1-46DDE88B2041}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{AEE259B7-69CD-4C4C-A7D9-1053E828E84E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{54EF2A30-D9B4-4FD8-BEAE-2D94B58C0C8D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D6CD74F9-7B94-4F70-8D92-B3DF09CA6FBC}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe FirewallRules: [{A1DAFF2D-D773-4CC6-9FDC-4684CD04973D}] => (Allow) C:\Games\World_of_Warplanes\worldofwarplanes.exe FirewallRules: [{ACF05945-5091-4F64-932B-210C36BDB3D5}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe FirewallRules: [{A851239B-55CF-477A-A39F-88ED1536900B}] => (Allow) C:\Games\World_of_Warplanes\WoWPLauncher.exe FirewallRules: [{2EEB92F5-4F46-41AA-BDB7-47C9E8484DDF}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{7BE09EEC-12B0-4040-A9BB-033B6B8D12CE}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe FirewallRules: [{EDFB320D-7A5C-452F-BB72-79350074823D}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [{09001329-F553-45BF-AB57-27D370A0FDAA}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe FirewallRules: [UDP Query User{54A59021-6DB8-4B42-BD38-9AAE8067716F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [TCP Query User{6D426B28-1D42-4EB0-B1C7-95D941613230}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{E3F822D0-8322-465E-9257-21ECF06FA6B4}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE FirewallRules: [{BD9F89AA-1A4B-43CA-A24A-9B6E6C70D414}] => (Allow) D:\Network\EpsonNetSetup\ENEASYAPP.EXE FirewallRules: [{12D6E1E3-FB5A-4A61-A801-1B93500B0232}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{70BCCE01-9D50-4644-9E10-95F5CE4DF7A0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe FirewallRules: [{0E0F7EEC-7F29-4D1D-8873-4F52DEC3426E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{DAF9C5EB-A280-442B-A0E2-1EB1CA4AF389}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{EE4C97DD-5A0D-412B-A30F-94967B89D223}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{F3FD09C8-0C88-4180-B553-0C6C01008E9A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D371C34B-533D-4D8F-8569-23AB6DB383CE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{0CF04F06-C4BC-42B8-8369-1BEAD676FEF3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{B99CE79B-A8A3-4181-B5C0-85FD2C7872CC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{3868197C-7B11-4688-8C16-8984EECECDD6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{2F0B3808-96C0-480D-8049-0A75AC7BA5BA}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{7CAFB73C-6B79-4493-A97B-1CC425A71828}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe FirewallRules: [{4C496F29-5F20-43AB-9680-BAC50D64E8CB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [{AF2097E2-A652-4882-B094-AAC6178BCDBE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe FirewallRules: [TCP Query User{2899C825-0C85-4B33-AAC3-E97E632AD1F1}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe FirewallRules: [UDP Query User{555901ED-F07D-46E9-9C67-3038A79780DF}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe FirewallRules: [{D4BA4A28-2E56-45A7-9133-59594C4CD15A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{26E0DD97-2DB3-4650-BDD1-3E4F7E624A28}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe FirewallRules: [{DB301E08-91D3-4A63-B342-409A8C2260B3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{C0781251-0D6D-405B-A106-A5E10D9D7866}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe FirewallRules: [{57FCFD7C-A1BA-4C2E-A6EC-ACF8617D4E9A}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE FirewallRules: [{837CFE99-2555-4C97-B165-70FD6B06BF50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{5B9E4696-8761-4424-877A-1C1FB132D0E6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe FirewallRules: [{4329F95C-14A9-4318-A41B-14C55E00D647}] => (Allow) C:\Users\Jakey\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{9ED70C3F-A369-4B3A-83AF-DE9F8F205FDF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{2FAB7691-75C1-47F6-817D-FA315557FC66}] => (Allow) LPort=2869 FirewallRules: [{59E2E6D6-6941-4A37-B495-BB959F906DAF}] => (Allow) LPort=1900 FirewallRules: [{C04FF885-9B8A-45CE-ACC2-6764352CE656}] => (Allow) C:\Users\Jakey\AppData\Local\Temp\7zS44CC.tmp\SymNRT.exe FirewallRules: [{7CC1C124-3184-463B-846D-2DC8F28F806A}] => (Allow) C:\Users\Jakey\AppData\Local\Temp\7zS44CC.tmp\SymNRT.exe FirewallRules: [{204A1DC6-2D39-4746-98CF-6CF56BF7C598}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{FD697A23-7FAE-4E34-BA74-C8E086427C3E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe FirewallRules: [{DAA85C8F-314C-4EE8-8D2E-2D8B6BC79393}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [{74C30C9B-E1F1-4E58-BF3D-BE56D634E614}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe FirewallRules: [TCP Query User{466C7F27-6DA0-4BB5-9D51-3A9BDB73A5EF}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe FirewallRules: [UDP Query User{64F936A8-D172-4FE9-BE68-A105272531D0}C:\program files\ditto\ditto.exe] => (Block) C:\program files\ditto\ditto.exe FirewallRules: [{BC5B5C2D-440D-4392-ACED-EDB1B0AED580}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6B01B3C2-CE34-46DF-9353-582F8775E6DF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{C983EE5B-E306-43F5-8B4F-9958C8681BAD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{29A9FC7A-884F-4538-812E-8E5B43E5DE0B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{552A0E41-302C-47AB-9D04-0D012B2809DD}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 09-10-2016 19:27:12 Scheduled Checkpoint 18-10-2016 06:33:26 Windows Update 22-10-2016 16:39:24 JRT Pre-Junkware Removal 25-10-2016 12:46:40 Installed Sophos Virus Removal Tool. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/25/2016 12:46:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (10/25/2016 12:22:18 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 12:22:18 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 12:22:18 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 12:22:18 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 01:54:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 01:54:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 01:54:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 01:54:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (10/25/2016 01:54:55 AM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (10/22/2016 04:53:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/22/2016 04:53:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/22/2016 04:53:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/22/2016 04:52:25 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (10/22/2016 04:51:26 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (10/22/2016 04:50:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (10/22/2016 04:50:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2016 04:50:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intuit Update Service v4 service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2016 04:50:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s). Error: (10/22/2016 04:50:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s). CodeIntegrity: =================================== Date: 2016-10-25 15:53:25.177 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 15:53:25.174 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 13:13:23.084 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-25 13:13:23.081 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-23 03:12:08.818 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-23 03:12:08.814 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-22 16:44:31.604 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-22 16:44:31.600 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-22 03:10:26.784 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-10-22 03:10:26.768 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz Percentage of memory in use: 36% Total physical RAM: 8143.22 MB Available physical RAM: 5206.47 MB Total Virtual: 16335.22 MB Available Virtual: 12231 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:910.29 GB) (Free:710.65 GB) NTFS Drive d: (Jul 26 2016) (CDROM) (Total:4.37 GB) (Free:4.37 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 57B31440) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=910.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

Inre Step 5... I started this process generating FRST.txt and Addition.txt. I downloaded a new FRST64.exe and placed a check mark as directed...which generated a second Addition.txt not an Additions.txt. I assume the second Addition.txt is what you're looking for?

Clarification, subsequent to my last post, I found ADWCleaner [CO].txt and ADW [SO].txt in the ADW Cleaner folder as mentioned above.

While addressing step 3... "AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed. Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review." I'm afraid your instructions do not quite jibe with what I saw running AdwCleaner. At this point, there was no "Report button" that I could see...did I just miss it? Hence, there was no anticipated "AdwCleaner[R0].txt" file generated for me to submit. There was, however, a "clean" and "logfile" option. I clicked the logfile option which allowed me the opportunity to de-select any of the 15 objects found...which left selected. I subsequently selected "clean" which led me to the reboot I assume is referenced above. After the reboot, the "AdwCleaner[C0].txt" was successfully generated...which I saved to desktop. Given the discrepancy I experienced, shall I continue as directed?

Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/21/2016 Scan Time: 1:27 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.10.21.11 Rootkit Database: v2016.09.26.02 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Enabled OS: Windows 10 CPU: x64 File System: NTFS User: Jakey Scan Type: Threat Scan Result: Completed Objects Scanned: 448234 Time Elapsed: 18 min, 36 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

One last clarification before we proceed. I used my admin enabled account to generate the 2 initial submissions. However it was my other non-admin account that first triggered the MB warning. Is it ok to continue with my admin account during this process or should I start over? Thanks.

"Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit..." Only "Scan for Rootkit" or the other 2 options as well?

FRST.txt Addition.txt

Thanks. I'm relatively inexperienced with the MB forum structure (and lotsa terms) so taking an escorted trip elsewhere is a no mas for me ;-)

Oops...and Firefox as well.

Thank you for the response and link to a very informative MB article. I might only add that I do not have "Chrome" installed on my system so it was evidently targeting another browser. I primarily utilize IE11 but do have Safari installed. Thanks again.

Hope this is the correct forum for this. I was alerted this morning to an MB "PuP" quarantine that appears to be associated somehow with Yahoo search (see attached). I'm curious as to it's origin and am wondering if anyone can recognize the culprit by it's offending footprint. Thanks MalwarebytesAug222016.txt

All done Kevin. Thanks so much. Quite an amazing retinue of programs. Think I'll keep that Geek uninstaller for future use. I appreciate, very much, your prompt response(s) and expertise.

Should I delete quarantined files in ADW?

Kevin... Re-submitting FRST + ADDITION...the above didn't look right... Addition.txt FRST.txt

OK Kevin...and no PUP alerts so far this AM from Malwarebytes. Addition.txt FRST.txt

OK Kevin... I can't seem to copy-paste the AdwCleaner report (I keep getting the enclosed hyperlink in clipboard memory) so it is attached as well. Sophos Virus Removal Scan came up clean. Thanks so much for your assistance. Fixlog.txt Threat Scan.txt AdwCleaner[C1].txt

OK Kevin, ran it again with my admin account... Addition.txt FRST.txt

Tired of seeing PuP this in Malwarebyte scans. Here are the FRST files to start the ball rolling... FRST.txt Addition.txt

Sorry...I posted incorrect link to my prior cleaning process. Sure wish we could edit posts here.

Not sure exactly what transpired but I received the attached error message on system startup this AM... Upon closing this prompt, I noted that the normal MBAM icon was missing from my taskbar. I started MBAM manually and it appeared to start normally. However, upon inspecting the "Protection" tab, I noted that the "Enable protection module" option was now unchecked. I recently underwent a cleaning process and had assumed everything was OK. However, several days after that process was completed, my computer CD-RW drawer commenced to default to the open position. Don't know if that is associated, but I thought I'd mention it. Any thoughts as to whether I should commence another cleaning process or is the above error not a familiar one? Thanks

Thanks very much for all your assistance and for the followup instructions on removing Combofix. I'm somewhat concerned that the ESET-identified file (Dell associated as my google searching seems to indicate) may have a track record of false-positives (not that I'll miss it anyway) and that (perhaps in ignorance) nothing else appears to have been identified as a culprit...but I'll hopefully not see connects to that IP again.

P.S. Perhaps they've modified the program since your last visit, but "list threats" was not an option...only "export file" or "copy to clipboard".

Here's the result of the ESET scan (with a caveat). While the program was running, I hit ESC (or alt-ESC) to redisplay the scan screen and noted that the program had "deleted - quarantined" a file. I also noted that there was a note to the effect that the program had been terminated by user (or something to that effect)....so I ran it again and this time returned to what appeared to be a completion screen with no options offered. Anyway, here's the result... C:\WINDOWS\Installer\70eb6.msi a variant of Win32/HiddenStart.A application deleted - quarantined