Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015 Ran by jallenh (administrator) on L-156021761 (12-11-2015 13:50:25) Running from D:\temp Loaded Profiles: jallenh (Available Profiles: user1 & TE15927T & jallenh) Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> csrss.exe Failed to access process -> csrss.exe (Nexthink S.A.) C:\Windows\System32\nxtsvc.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe (Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe (Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe (Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe Failed to access process -> WUDFHost.exe Failed to access process -> unsecapp.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe (Microsoft Corporation) C:\Windows\System32\vds.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe (Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (SupportSoft, Inc.) C:\Program Files\MySupport Manager ODC V1.1\bin\sprtcmd.exe (Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe (Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe (McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Martin Fuchs) D:\Martin Fuchs\servicemgr.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE (Microsoft Corporation) C:\Windows\ccmsetup\ccmsetup.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe Failed to access process -> WmiPrvSE.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [mysupport] => C:\Program Files\MySupport Manager ODC V1.1\bin\sprtcmd.exe [237584 2013-01-24] (SupportSoft, Inc.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [DcaTray] => C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2014-01-30] (Microsoft Corporation) HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd) HKLM\...\Run: [] => [X] HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2014-04-29] (IDT, Inc.) HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.) HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [219216 2013-12-18] (McAfee, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM Group Policy restriction on software: crack.exe <====== ATTENTION HKLM Group Policy restriction on software: keygen.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\...\Policies\Explorer: [NoFolderOptions] 0 HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1 HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd) HKU\S-1-5-21-57989841-616249376-1801674531-742043\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers: [0VugenIconOverlayHandler] -> {A1312049-031E-44C9-93E0-C7B4B638051E} => C:\Program Files\HP\Analysis\bin\HP.LR.VuGen.VugenIconOverlayHandler.dll [2014-12-01] (Hewlett-Packard.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2015-11-08] ShortcutTarget: Service Manager.lnk -> D:\Martin Fuchs\servicemgr.exe (Martin Fuchs) GroupPolicyScripts: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [S-1-5-21-57989841-616249376-1801674531-742043] => Proxy is enabled. ProxyServer: [S-1-5-21-57989841-616249376-1801674531-742043] => 10.211.221.6:80 AutoConfigURL: [S-1-5-21-57989841-616249376-1801674531-742043] => 10.211.221.6:80 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.179.2.249 10.179.2.3 Tcpip\..\Interfaces\{4DD72AF0-7012-406B-AA27-EF3840BAA6FB}: [NameServer] 10.179.2.249,10.179.2.3 Tcpip\..\Interfaces\{4DD72AF0-7012-406B-AA27-EF3840BAA6FB}: [DhcpNameServer] 10.179.2.249 10.179.2.3 Tcpip\..\Interfaces\{53DE9FF8-A972-494C-9E0C-366D85899B93}: [DhcpNameServer] 10.155.50.100 10.155.50.200 Internet Explorer: ================== HKU\S-1-5-21-57989841-616249376-1801674531-742043\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-57989841-616249376-1801674531-742043\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-08] (AO Kaspersky Lab) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-08] (AO Kaspersky Lab) DPF: {80533188-4435-4040-AC3E-91B489C02F21} hxxp://hpcwp02.twutil.net:8080/qcbin/ALM-Platform-Loader.12.2x.cab DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://10.179.70.85:8080/qcbin/ALM-Platform-Loader.11.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpn.thameswater.co.uk/dana-cached/sc/JuniperSetupClient.cab Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.) FireFox: ======== FF ProfilePath: C:\Users\jallenh\AppData\Roaming\Mozilla\Firefox\Profiles\7jgiuwz3.default FF DefaultSearchEngine: SFF People Search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-11-04] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-08-11] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-57989841-616249376-1801674531-742043: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2015-09-29] (Sony Network Entertainment International LLC) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-10-12] () FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\jallenh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-18] (Cisco WebEx LLC) FF Extension: Social Friend Finder - C:\Users\jallenh\AppData\Roaming\Mozilla\Firefox\Profiles\7jgiuwz3.default\Extensions\athanasopo@ceid.upatras.gr [2015-10-16] FF HKLM\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-11-08] [not signed] Chrome: ======= CHR Profile: C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20] CHR Extension: (Google Drive) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Google Search) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-09] CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05] CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28] CHR Extension: (Gmail) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-08] (Kaspersky Lab ZAO) R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1240760 2015-04-14] (Microsoft Corporation) S2 ccmsetup; C:\Windows\ccmsetup\ccmsetup.exe [1738928 2015-06-25] (Microsoft Corporation) S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [513208 2015-04-14] (Microsoft Corporation) S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-04-29] (Intel Corporation) R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.) R2 DcaSvc; C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2014-01-30] (Microsoft Corporation) R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks) R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [525144 2013-12-18] (McAfee, Inc.) R2 HipMgmt; C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation) R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [274152 2014-03-04] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2013-12-17] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [209472 2015-07-28] (McAfee, Inc.) R2 Nexthink Service; C:\Windows\system32\nxtsvc.exe [553232 2015-05-06] (Nexthink S.A.) R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2014-04-29] (O2Micro International) S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions) S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions) S3 smstsmgr; C:\Windows\CCM\TSManager.exe [243896 2015-04-14] (Microsoft Corporation) S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software) S4 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2014-04-29] (IDT, Inc.) S4 tgsrvc_mysupport; C:\Program Files\MySupport Manager ODC V1.1\bin\tgsrvc.exe [213008 2013-01-31] (SupportSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2014-04-29] (ST Microelectronics) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed] R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [41480 2014-04-29] (Broadcom Corporation) R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.) R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks) R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-04-29] (Intel Corporation) S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [43352 2014-08-12] (McAfee, Inc.) S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-10-17] (Sony Mobile Communications) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [149864 2013-12-18] (McAfee, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [58040 2015-06-06] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2015-11-08] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-08] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [783232 2015-11-08] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [33976 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-11-08] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\6EE844D9.sys [170200 2015-11-11] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [142848 2015-07-28] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [258016 2015-07-28] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [376792 2015-07-28] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [656920 2015-07-28] (McAfee, Inc.) R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [67400 2013-12-17] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [218128 2015-07-28] (McAfee, Inc.) S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2014-04-29] (Intel Corporation) R1 nxtdrv; C:\Windows\System32\DRIVERS\nxtdrv.sys [211728 2015-05-06] (Nexthink S.A.) R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2014-04-29] (O2Micro ) S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2013-09-11] (Microsoft Corporation) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics) S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation) S3 ute2odqx; C:\Windows\system32\Drivers\ute2odqx.sys [7168 2015-11-08] () [File not signed] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-12 13:50 - 2015-11-12 13:50 - 00000000 ____D C:\FRST 2015-11-12 13:32 - 2015-11-12 13:32 - 00000165 ____H C:\Users\jallenh\Desktop\~$Performance_Changes_11112015_v0.1.xlsx 2015-11-11 17:00 - 2015-11-11 17:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\6EE844D9.sys 2015-11-11 16:06 - 2015-11-11 16:06 - 00000034 _____ C:\Windows\setupact.log 2015-11-11 16:06 - 2015-11-11 16:06 - 00000000 _____ C:\Windows\setuperr.log 2015-11-11 09:00 - 2015-11-11 09:00 - 00011325 _____ C:\Users\jallenh\Desktop\Performance_Changes_11112015_v0.1.xlsx 2015-11-10 16:04 - 2015-11-10 16:04 - 07884764 _____ C:\Users\jallenh\Downloads\AuroraBorealis.themepack 2015-11-10 08:02 - 2015-11-10 08:03 - 06762072 _____ (Piriform Ltd) C:\Users\jallenh\Downloads\ccsetup511.exe 2015-11-10 07:47 - 2015-11-12 13:30 - 00145193 _____ C:\Windows\WindowsUpdate.log 2015-11-10 07:44 - 2015-11-10 07:46 - 00000000 ____D C:\Windows\Minidump 2015-11-09 12:34 - 2015-11-09 12:34 - 02806934 _____ C:\Users\jallenh\Desktop\Interfaces can not be tested - In SAP Replatform Project.xlsx 2015-11-09 10:53 - 2015-11-11 09:52 - 00012913 _____ C:\Users\jallenh\Desktop\Performance Testing daily objectives 11-Nov-16_v0.1.xlsx 2015-11-08 15:03 - 2015-11-08 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2015-11-08 15:02 - 2015-11-12 13:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-11-08 15:02 - 2015-11-08 15:08 - 00783232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2015-11-08 15:02 - 2015-11-08 15:08 - 00147328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2015-11-08 15:02 - 2015-11-08 15:02 - 00000000 ____D C:\Windows\ELAMBKUP 2015-11-08 15:02 - 2015-11-08 15:02 - 00000000 ____D C:\Program Files\Kaspersky Lab 2015-11-08 14:35 - 2015-11-08 14:35 - 00007168 _____ C:\Windows\system32\Drivers\ute2odqx.sys 2015-11-08 14:35 - 2015-06-23 12:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-11-08 14:32 - 2015-11-08 14:33 - 09842759 _____ C:\Users\jallenh\Downloads\avz4.zip 2015-11-08 14:24 - 2015-11-08 14:24 - 00000000 ____D C:\KVRT_Data 2015-11-08 14:23 - 2015-11-08 14:24 - 94162072 _____ (Kaspersky Lab ZAO) C:\Users\jallenh\Downloads\KVRT.exe 2015-11-08 13:58 - 2015-11-08 13:58 - 01898368 _____ (Kaspersky Lab) C:\Users\jallenh\Downloads\kav16.0.0.614en_8627.exe 2015-11-08 13:35 - 2015-11-08 13:35 - 00000000 ____D C:\Program Files\Common Files\AV 2015-11-08 08:50 - 2015-11-08 08:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-L-156021761-Microsoft-Windows-7-Enterprise-(32-bit).dat 2015-11-08 08:49 - 2015-11-08 08:49 - 00000000 ____D C:\RegBackup 2015-11-08 08:49 - 2015-11-08 08:48 - 00001078 _____ C:\Users\jallenh\Desktop\Simple_System_Tweaker.exe - Shortcut.lnk 2015-11-08 08:42 - 2015-11-08 08:42 - 00000000 ____D C:\ProgramData\CheckPoint 2015-11-08 08:26 - 2015-11-08 08:26 - 00000544 _____ C:\Users\jallenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Service Manager.lnk 2015-11-08 08:02 - 2015-11-11 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-08 08:02 - 2015-11-08 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-11-08 08:02 - 2015-11-08 08:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-11-08 08:02 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-11-08 08:02 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-11-08 08:00 - 2015-11-08 08:02 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Malwarebytes 2015-11-08 07:58 - 2015-11-08 08:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-11-08 07:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2015-11-08 07:34 - 2015-11-08 07:34 - 00000000 ____D C:\Program Files\Common Files\Java 2015-11-07 14:06 - 2015-11-07 14:06 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Sun 2015-11-05 16:54 - 2015-11-05 16:54 - 00000000 ____D C:\Users\jallenh\AppData\Local\StimulsoftReportsResources 2015-11-05 16:54 - 2015-11-05 16:54 - 00000000 ____D C:\Users\jallenh\AppData\Local\Stimulsoft 2015-11-05 13:41 - 2015-11-05 13:41 - 00000000 ____D C:\Users\jallenh\AppData\Local\Hewlett-Packard_Developme 2015-11-05 13:38 - 2015-11-05 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software 2015-11-05 13:35 - 2015-11-05 13:35 - 00000000 ____D C:\Program Files\HP 2015-11-05 13:34 - 2015-11-05 13:34 - 00000000 ____D C:\Program Files\Microsoft WSE 2015-11-04 10:18 - 2015-11-04 10:18 - 00000000 ____D C:\Windows\system32\Adobe 2015-11-04 10:16 - 2015-11-04 10:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun 2015-11-04 10:16 - 2015-11-04 10:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun 2015-11-04 10:14 - 2015-11-04 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google 2015-11-04 10:14 - 2015-11-04 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google 2015-10-30 13:53 - 2015-11-03 12:46 - 00000018 _____ C:\Users\jallenh\Desktop\New Text Document (2).txt 2015-10-28 09:28 - 2015-10-28 09:33 - 00000000 ____D C:\Users\jallenh\Desktop\Cortex 2015-10-26 17:20 - 2015-10-26 17:20 - 00000000 ____D C:\ProgramData\Sony Corporation 2015-10-22 13:15 - 2015-11-06 15:31 - 00000000 ____D C:\Users\jallenh\Desktop\IBM 2015-10-18 18:14 - 2015-10-18 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2015-10-18 18:12 - 2015-11-10 07:47 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Winamp 2015-10-18 16:30 - 2015-10-18 16:30 - 00000000 ____D C:\Users\jallenh\Documents\Diablo III 2015-10-18 14:40 - 2015-10-18 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III 2015-10-18 14:20 - 2015-11-11 16:07 - 00000000 ____D C:\Users\jallenh\AppData\Local\Battle.net 2015-10-18 14:20 - 2015-10-18 14:22 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Battle.net 2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\Users\jallenh\AppData\Local\Blizzard Entertainment 2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net 2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2015-10-18 14:18 - 2015-10-18 14:18 - 00000000 ____D C:\ProgramData\Battle.net 2015-10-17 08:49 - 2015-10-17 08:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf 2015-10-17 08:49 - 2015-10-17 08:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf 2015-10-17 08:39 - 2015-11-08 07:33 - 00000000 ____D C:\Users\jallenh\.oracle_jre_usage 2015-10-17 08:39 - 2015-10-17 08:39 - 00026328 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys 2015-10-17 08:39 - 2015-10-17 08:39 - 00013528 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys 2015-10-17 08:39 - 2015-10-17 08:39 - 00000000 ____D C:\ProgramData\Sony Mobile 2015-10-17 08:39 - 2015-10-17 08:39 - 00000000 ____D C:\Program Files\Sony Mobile 2015-10-16 10:24 - 2015-10-26 17:20 - 00000000 ____D C:\Users\jallenh\AppData\Local\Sony 2015-10-16 10:23 - 2015-10-26 17:20 - 00000000 ____D C:\Program Files\Common Files\Sony Shared 2015-10-16 10:23 - 2015-10-16 10:23 - 00001855 _____ C:\Users\Public\Desktop\Media Go.lnk 2015-10-16 10:23 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll 2015-10-16 10:22 - 2015-10-16 10:23 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Sony 2015-10-16 10:22 - 2015-10-16 10:23 - 00000000 ____D C:\Program Files\Sony Media Go Install 2015-10-16 10:17 - 2015-10-16 10:26 - 00001982 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk 2015-10-16 10:17 - 2015-10-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2015-10-16 10:17 - 2015-10-16 10:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2015-10-16 10:16 - 2015-10-16 10:23 - 00000000 ____D C:\Program Files\Sony 2015-10-16 10:16 - 2015-10-16 10:16 - 00000000 ____D C:\ProgramData\Sony 2015-10-14 09:43 - 2015-10-14 09:43 - 00001804 _____ C:\Windows\SMSAdvancedClient.configmgr2012ac-sp2r2sp1-kb3074857-i386.mif 2015-10-14 09:43 - 2015-10-14 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center 2015-10-14 09:42 - 2015-10-14 09:42 - 00004764 _____ C:\Windows\system32\CcmFramework.ini 2015-10-14 09:42 - 2015-10-14 09:42 - 00000621 _____ C:\Windows\system32\CcmFramework.h 2015-10-14 09:41 - 2015-10-14 09:41 - 00000000 ____D C:\Windows\ms 2015-10-13 15:07 - 2015-11-06 16:40 - 00000000 ____D C:\Users\jallenh\Desktop\Service Transition 2015-10-13 14:56 - 2015-10-26 14:12 - 00000000 ____D C:\Users\jallenh\Desktop\Interfaces 2015-10-13 12:16 - 2015-10-16 15:20 - 00000000 ____D C:\Users\jallenh\Desktop\metrics ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-12 13:46 - 2014-06-20 17:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-12 13:12 - 2014-06-20 18:01 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-11-12 12:54 - 2009-07-14 04:34 - 00027472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-12 12:54 - 2009-07-14 04:34 - 00027472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-12 12:21 - 2015-08-27 14:36 - 00002006 ____H C:\Users\jallenh\Documents\Default.rdp 2015-11-12 11:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\security 2015-11-12 10:34 - 2015-07-22 14:00 - 00000000 ____D C:\Users\jallenh\Desktop\L&P 2015-11-12 10:26 - 2014-06-20 18:01 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-11-12 10:19 - 2015-08-17 15:49 - 00000000 ____D C:\Users\jallenh\Desktop\HP-PC 2015-11-11 16:56 - 2015-07-02 16:24 - 00000240 _____ C:\Windows\system32\config\netlogon.ftl 2015-11-11 15:12 - 2015-07-03 13:29 - 00000570 _____ C:\Windows\SMSCFG.ini 2015-11-11 14:09 - 2010-11-20 21:01 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-11 14:05 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-10 15:23 - 2015-09-24 07:12 - 00000000 ____D C:\Users\jallenh\Desktop\ITM 2015-11-10 08:03 - 2015-07-30 07:57 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk 2015-11-10 08:03 - 2015-07-30 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-11-10 07:46 - 2014-07-25 13:57 - 00000000 ____D C:\ProgramData\Sonic 2015-11-08 16:22 - 2015-07-03 13:17 - 00630365 __RSH C:\ProgramData\ntuser.pol 2015-11-08 15:08 - 2015-06-08 19:43 - 00039304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys 2015-11-08 15:07 - 2015-07-04 02:18 - 00044728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2015-11-08 15:03 - 2009-07-14 02:37 - 00000000 ___RD C:\Users\Public 2015-11-08 14:10 - 2015-07-02 16:22 - 00000000 ____D C:\Program Files\Common Files\McAfee 2015-11-08 14:10 - 2015-07-02 16:19 - 00000000 ____D C:\ProgramData\McAfee 2015-11-08 14:10 - 2015-07-02 16:19 - 00000000 ____D C:\Program Files\McAfee 2015-11-08 14:10 - 2014-06-20 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-11-08 10:35 - 2015-07-30 09:39 - 00000000 ____D C:\Users\jallenh\Desktop\OAT 2015-11-08 08:53 - 2011-04-12 01:34 - 00000000 ___RD C:\Users\Public\Recorded TV 2015-11-08 08:47 - 2015-09-24 16:15 - 00000000 ____D C:\Users\jallenh\Desktop\test docs 2015-11-08 08:12 - 2015-09-30 09:56 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\wsInspector 2015-11-08 07:37 - 2015-08-04 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2015-11-08 07:37 - 2015-08-04 10:04 - 00000000 ____D C:\ProgramData\Oracle 2015-11-08 07:37 - 2015-08-04 10:04 - 00000000 ____D C:\Program Files\Java 2015-11-08 07:33 - 2015-08-04 10:05 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2015-11-07 14:00 - 2014-06-20 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-11-05 13:34 - 2015-10-04 08:29 - 00000000 ____D C:\ProgramData\Package Cache 2015-11-04 10:18 - 2014-06-20 17:59 - 00000000 ____D C:\Windows\system32\Macromed 2015-11-04 10:13 - 2014-06-20 18:00 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-11-04 10:12 - 2014-06-20 17:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-11-04 10:12 - 2014-06-20 17:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2015-11-04 10:00 - 2015-07-03 13:29 - 00000000 ____D C:\Windows\ccmcache 2015-11-02 09:18 - 2015-08-27 14:40 - 00000187 _____ C:\Users\jallenh\Desktop\Terminal Server.txt 2015-10-30 09:16 - 2014-06-20 09:00 - 00000000 ____D C:\Program Files\Settings 2015-10-26 17:19 - 2015-07-20 10:48 - 00000000 ____D C:\Users\jallenh 2015-10-25 11:31 - 2015-07-20 10:48 - 00001944 __RSH C:\Users\jallenh\ntuser.pol 2015-10-18 18:13 - 2014-07-25 13:56 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine 2015-10-16 10:26 - 2014-07-25 13:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-10-15 13:10 - 2014-06-20 18:02 - 00000000 ____D C:\Temp 2015-10-15 06:08 - 2015-07-03 13:29 - 00000000 ____D C:\Windows\CCM 2015-10-14 09:42 - 2015-07-03 13:30 - 00007194 _____ C:\Windows\system32\InstallUtil.InstallLog 2015-10-14 09:42 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Microsoft.NET 2015-10-14 09:41 - 2015-07-03 13:51 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429} Some files in TEMP: ==================== C:\Users\te15927t\AppData\Local\Temp\Uninstall_CompleteTorrent.exe C:\Users\user1\AppData\Local\Temp\Uninstall_CompleteTorrent.exe C:\Users\user1\AppData\Local\Temp\{5C7FABA7-7A57-42BB-AA2A-55DADADA416D}-GoogleUpdateSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-10 09:46 ==================== End of FRST.txt ============================