Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

New hyperlinks everywhere


  • Please log in to reply

#1
insparks

insparks

    Member

  • Member
  • PipPip
  • 49 posts

This is my work computer and somebody tried to install the chrome when I was sick a couple days now

I'm getting hyperlinks everywhere and redirects and blank pop-up boxes ran windows defender but no help. I included both OTL log files. It even didn't let me paste in here had to use ctrl-V. Thanks in advance.

 

OTL logfile created on: 2/25/2015 1:54:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\htaylor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 39.46% Memory free
7.90 Gb Paging File | 5.02 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.60 Gb Total Space | 394.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
 
Computer Name: IT5001186 | User Name: htaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/25 13:53:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\htaylor\Desktop\OTL.exe
PRC - [2015/02/05 10:30:12 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
PRC - [2014/12/03 12:07:00 | 000,840,592 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2014/12/03 10:06:32 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/05 12:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/19 15:22:32 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2013/04/04 13:50:58 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:58 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:58 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 07:44:45 | 000,702,024 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2012/12/13 07:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/08/16 20:46:36 | 000,350,552 | ---- | M] (Kaspersky Lab ZAO) -- c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2012/08/16 20:46:36 | 000,350,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2012/08/16 20:46:36 | 000,350,552 | ---- | M] (Kaspersky Lab ZAO) -- c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
PRC - [2011/05/06 09:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2011/01/26 11:00:32 | 000,283,160 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/01/26 11:00:00 | 000,013,336 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/18 12:42:48 | 000,070,256 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2011/01/18 12:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/01/12 10:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2011/01/03 16:16:42 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/01/03 16:16:40 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/17 11:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/07/29 18:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/05 10:30:11 | 016,852,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
MOD - [2014/10/15 12:33:12 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b3011370dcbf33751d3b9dce8091c6c6\System.Runtime.Remoting.ni.dll
MOD - [2014/10/15 12:32:51 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014/10/15 12:32:45 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 12:32:36 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d97a5aa0eb7697aca7c6e90ae471af2b\WindowsBase.ni.dll
MOD - [2014/10/15 12:32:31 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 12:32:28 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/15 12:32:20 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/10 09:49:57 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2013/12/05 12:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/12/13 07:45:20 | 000,063,560 | ---- | M] () -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2011/01/12 10:48:48 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/19 09:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 09:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 09:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/06 01:39:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/27 03:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/26 17:11:48 | 000,131,128 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 04:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2015/02/05 10:30:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/03 10:06:32 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/25 07:42:13 | 000,100,352 | ---- | M] (LabTech Software) [Auto | Running] -- C:\Windows\LTSvc\LTSvcMon.exe -- (LTSvcMon)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/11 16:21:20 | 000,142,848 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe -- (SCCommService)
SRV - [2013/09/11 05:00:00 | 001,614,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ccmsetup\ccmsetup.exe -- (ccmsetup)
SRV - [2013/06/07 16:34:43 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/19 15:22:32 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2013/04/04 13:50:58 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:58 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 07:44:31 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/08/16 20:46:36 | 000,350,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2011/05/06 09:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/01/28 14:27:06 | 000,281,656 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2011/01/26 11:00:00 | 000,013,336 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/01/18 12:42:44 | 000,113,264 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/01/15 04:32:30 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2011/01/03 16:16:42 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/03 16:16:40 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/05/02 12:27:53 | 000,273,200 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/04/04 13:51:00 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/29 20:42:14 | 000,468,720 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/13 07:28:42 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/12/13 07:26:36 | 000,112,080 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/11/28 09:42:06 | 001,866,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/15 05:02:46 | 000,198,144 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/01 15:28:36 | 000,032,048 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/07/01 06:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/06 02:22:40 | 009,090,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/06 01:01:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/01/27 03:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/18 04:38:42 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/13 04:14:04 | 000,040,448 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SzCCID.sys -- (SzCCID)
DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/05 15:56:16 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/28 05:25:58 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/21 00:31:00 | 000,316,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/12/10 15:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 15:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/02 16:02:58 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 19:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/20 15:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 15:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 15:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 08:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 16:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/11/11 14:30:52 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/09/03 15:24:28 | 000,030,736 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://binkiland.com...r=506387222&ir=
IE:64bit: - HKLM\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://binkiland.com...r=506387222&ir=
IE - HKCU\..\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Binkiland"
FF - prefs.js..browser.search.selectedEngine: "Binkiland"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mygov.us/login"
FF - prefs.js..extensions.enabledAddons: %7B2075f906-a183-0238-b627-7a8a9d8b863b%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/12/15 07:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/07/25 07:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0.0.0\Extensions\\Components: c:\Program Files (x86)\Mozilla Firefox\Components [2014/07/25 07:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0.0.0\Extensions\\Plugins: c:\Program Files (x86)\Mozilla Firefox\Plugins
 
[2014/07/25 08:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\htaylor\AppData\Roaming\mozilla\Extensions
[2015/02/25 07:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\htaylor\AppData\Roaming\mozilla\Firefox\Profiles\6x4j2v0b.default\extensions
[2015/02/24 08:49:57 | 000,000,000 | ---D | M] ("Zoom It") -- C:\Users\htaylor\AppData\Roaming\mozilla\Firefox\Profiles\6x4j2v0b.default\extensions\{2075f906-a183-0238-b627-7a8a9d8b863b}
[2015/02/11 15:38:45 | 000,002,797 | ---- | M] () -- C:\Users\htaylor\AppData\Roaming\mozilla\firefox\profiles\6x4j2v0b.default\searchplugins\Binkiland.xml
[2014/07/25 07:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/25 07:54:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/25 07:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions
[2014/07/25 07:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions
[2014/07/25 07:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions
[2014/07/25 07:55:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\RunOnce: [Adobe Speed Launcher] 1424874415 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun_KL_notset = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Anti-Banner - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Add to Anti-Banner - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9:64bit: - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\scieplgn.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab ZAO)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: kyoceraintelligence.com ([labtech] * in Trusted sites)
O15 - HKCU\..Trusted Domains: finehomebuilding.com ([www] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1259.cab (GMNRev Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CITYELM.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{968ADD20-7BEE-47C9-BA95-FD4CD4A305E2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DAD62D0D-5225-4E88-824E-99BB6082BEC7}: DhcpNameServer = 10.1.1.8 10.1.1.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2F74B8B-284A-4D44-A8D3-DF4CCBBE8B67}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\tmpx - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\tmpx - No CLSID value found
O20:64bit: - AppInit_DLLs: (c:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll) - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\adialhk.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (c:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll) - c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/25 13:53:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\htaylor\Desktop\OTL.exe
[2015/02/18 07:23:27 | 000,000,000 | ---D | C] -- C:\Users\htaylor\AppData\Roaming\Roxio Log Files
[2015/02/18 07:18:57 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2015/02/16 10:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2015/02/12 07:24:52 | 000,000,000 | ---D | C] -- C:\Users\htaylor\AppData\Local\Programs
[2015/02/11 15:44:54 | 000,000,000 | ---D | C] -- C:\Users\htaylor\AppData\Local\Google
[2015/02/11 15:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2015/02/11 15:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
[2015/02/11 15:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Unchecky
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/25 13:53:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\htaylor\Desktop\OTL.exe
[2015/02/25 13:26:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500UA.job
[2015/02/25 13:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/02/25 13:15:07 | 000,047,815 | ---- | M] () -- C:\Users\htaylor\Documents\Fire Wall Hangers.pdf
[2015/02/25 12:20:59 | 001,932,498 | ---- | M] () -- C:\Users\htaylor\Documents\BCMC Truss Facts Final 100213.pdf
[2015/02/25 12:15:40 | 000,022,754 | ---- | M] () -- C:\Users\htaylor\Documents\MiTek Gable truss connection.pdf
[2015/02/25 10:26:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500Core.job
[2015/02/25 08:37:01 | 000,000,137 | RHS- | M] () -- C:\ProgramData\3002.xml
[2015/02/25 08:33:15 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/25 08:33:15 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/25 08:25:56 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2015/02/25 08:25:54 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2015/02/25 08:25:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/25 08:25:36 | 3182,182,400 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/25 07:12:06 | 000,000,162 | ---- | M] () -- C:\Users\Public\Desktop\LMS Login.url
[2015/02/25 07:12:06 | 000,000,064 | ---- | M] () -- C:\Users\Public\Desktop\Little Elm EMAIL.url
[2015/02/19 07:01:54 | 000,019,942 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2015/02/18 07:29:56 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2015/02/18 07:29:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2015/02/18 07:06:00 | 000,004,564 | RHS- | M] () -- C:\Users\htaylor\ntuser.pol
[2015/02/17 07:11:13 | 013,018,355 | ---- | M] () -- C:\Users\htaylor\Documents\06_BCSI_booklet_FINAL.pdf
[2015/02/10 14:38:18 | 001,302,743 | ---- | M] () -- C:\Users\htaylor\Documents\ROUND AMERIVENT Installation-Instructions.pdf
[2015/02/10 10:25:19 | 000,118,902 | ---- | M] () -- C:\Users\htaylor\Documents\firedoor-requirements.pdf
 
========== Files Created - No Company Name ==========
 
[2015/02/25 13:16:32 | 000,047,815 | ---- | C] () -- C:\Users\htaylor\Documents\Fire Wall Hangers.pdf
[2015/02/25 12:21:59 | 001,932,498 | ---- | C] () -- C:\Users\htaylor\Documents\BCMC Truss Facts Final 100213.pdf
[2015/02/25 12:17:10 | 000,022,754 | ---- | C] () -- C:\Users\htaylor\Documents\MiTek Gable truss connection.pdf
[2015/02/18 07:31:01 | 000,001,765 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
[2015/02/18 07:28:58 | 000,000,836 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2015/02/17 07:11:01 | 013,018,355 | ---- | C] () -- C:\Users\htaylor\Documents\06_BCSI_booklet_FINAL.pdf
[2015/02/10 14:38:15 | 001,302,743 | ---- | C] () -- C:\Users\htaylor\Documents\ROUND AMERIVENT Installation-Instructions.pdf
[2015/02/10 10:25:18 | 000,118,902 | ---- | C] () -- C:\Users\htaylor\Documents\firedoor-requirements.pdf
[2014/07/25 08:28:24 | 000,004,564 | RHS- | C] () -- C:\Users\htaylor\ntuser.pol
[2013/07/26 03:11:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\RemComSvc.exe
[2013/07/21 21:53:37 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2013/07/02 19:28:35 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013/06/18 06:36:26 | 000,440,608 | ---- | C] () -- C:\Windows\SysWow64\hpcc3155.dll
[2013/05/22 13:13:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/24 08:40:23 | 000,009,797 | ---- | C] () -- C:\Windows\cfgall.ini
[2012/10/02 13:07:45 | 000,000,137 | RHS- | C] () -- C:\ProgramData\3002.xml
[2012/10/02 13:07:44 | 000,026,784 | RHS- | C] () -- C:\ProgramData\3002.abs
[2012/10/02 12:41:48 | 000,019,942 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 20:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 20:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/25 08:30:30 | 000,000,000 | ---D | M] -- C:\Users\htaylor\AppData\Roaming\Synaptics
 
========== Purity Check ==========
 
 

< End of report >
 

 

 

 

OTL Extras logfile created on: 2/25/2015 1:54:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\htaylor\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.95 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 39.46% Memory free
7.90 Gb Paging File | 5.02 Gb Available in Paging File | 63.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.60 Gb Total Space | 394.41 Gb Free Space | 86.19% Space Free | Partition Type: NTFS
 
Computer Name: IT5001186 | User Name: htaylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = IE.AssocFile.HTM] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = IE.AssocFile.HTM] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
"PolicyVersion" = 522
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"FPS-LLMNR-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|[email protected],-28548|[email protected],-28549|[email protected],-28502|
"FPS-ICMP6-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Private|Profile=Public|ICMP6=128:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Private|Profile=Public|ICMP4=8:*|RA4=LocalSubnet|RA6=LocalSubnet|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|Profile=Public|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"FPS-ICMP6-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|[email protected],-28545|[email protected],-28547|[email protected],-28502|
"FPS-ICMP4-ERQ-In-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|[email protected],-28543|[email protected],-28547|[email protected],-28502|
"FPS-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|[email protected],-28539|[email protected],-28542|[email protected],-28502|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|[email protected],-28535|[email protected],-28538|[email protected],-28502|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|[email protected],-28527|[email protected],-28530|[email protected],-28502|
"FPS-NB_Name-In-UDP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|[email protected],-28519|[email protected],-28522|[email protected],-28502|
"FPS-SMB-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|[email protected],-28511|[email protected],-28514|[email protected],-28502|
"FPS-NB_Session-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|[email protected],-28503|[email protected],-28506|[email protected],-28502|
"WMI-ASYNC-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=135|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
"WMI-ASYNC-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%systemroot%\system32\wbem\unsecapp.exe|[email protected],-34256|[email protected],-34257|[email protected],-34251|
"WMI-WINMGMT-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=winmgmt|[email protected],-34254|[email protected],-34255|[email protected],-34251|
"WMI-RPCSS-In-TCP-NoScope" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|[email protected],-34252|[email protected],-34253|[email protected],-34251|
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{178EDB60-168F-4AE4-920C-707BE106FA89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1A83F1FE-0EA4-41CD-B2E2-186DB9E419F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2509A578-FC52-44CA-94C2-21B56F66C837}" = lport=162 | protocol=17 | dir=in | name=allow netfastalk |
"{55F354F6-64F1-43DB-AA4B-486FEFFF518C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56C598F9-F452-4A2F-9850-383668856B1D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6079EAD9-5859-4D05-AD1A-CE87FF51AA62}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B5687A88-AE00-4706-94E1-DD0295565F20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B856AAF8-06D8-4DC1-B4C8-01FF23254196}" = lport=4995 | protocol=6 | dir=in | name=allow local vnc |
"{BA0C2018-26F1-40A3-8376-EF504C275220}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BEFCB05A-7790-4597-B315-017AF4461A0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDC6226F-71F3-4E50-A6EF-8B3E63D9527B}" = lport=3389 | protocol=6 | dir=in | app=system |
"{ECEC93E4-4EA7-46CC-86BF-19B515A9F9FA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE1B5F3D-9247-4E5C-BEA3-2C1C2612B6A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F253D182-4AEB-4375-8324-235DB7923455}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{FDADA77B-5DE6-475E-A19F-B8D14FC9F8A6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6A2B963E-903F-47A3-8794-13483160FA2F}" = protocol=17 | dir=in | name=allow tunnel |
"{6D085891-5C87-4C75-B349-CC0478E8847D}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicatorcom.exe |
"{743C347A-3070-4B3D-821D-782B9F863627}" = protocol=17 | dir=out | name=allow tunnel |
"{82F229CE-E220-4018-B9C9-A90102F61218}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{8B99C37F-5931-476C-B79E-07DD17965C04}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9BD1EA12-A144-430A-BEF9-D258F9A22833}" = protocol=6 | dir=in | name=allow local redir |
"{B302E006-A0BC-499C-9B9A-B8BDD2E81B85}" = dir=in | app=c:\windows\ltsvc\ltsvcmon.exe |
"{BB4BCFBD-0D59-4AE0-81FC-92D38BC2ACD1}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe |
"{BE000D2D-4713-49BC-87AA-0C804A6FA148}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D7226666-0E2F-4149-8891-F9D8E44168C2}" = protocol=6 | dir=in | name=allow local redir |
"{E1CE2CFF-CD28-4699-97AB-5BE98E983050}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe |
"{F1F09F7F-1B2B-4D31-ABB0-37F58357A5E9}" = protocol=17 | dir=out | name=allow tunnel stunrelay |
"{F4DDFDED-7BE9-4940-8D13-D88E02AD50A0}" = dir=out | app=c:\windows\ltsvc\ltsvcmon.exe |
"{F51CA749-D060-4F02-A7DE-4C3D6DCEAB83}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{FC9818E9-33D7-4902-A926-4871E5330AB6}" = dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{FE9DB48F-8CA4-45F5-AA28-BAC5FE5192D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{835C5829-3DD4-4DDA-B18E-869BCC4841E9}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |
"UDP Query User{B54FB789-46A7-4501-9BB8-71CA1F11B06E}C:\program files (x86)\hp\common\hpdevicedetection3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\common\hpdevicedetection3.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{103729AF-35B8-7567-2739-905128A38CFE}" = ccc-utility64
"{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}" = HP Photosmart 7510 series Basic Device Software
"{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}" = 64 Bit HP CIO Components Installer
"{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}" = HP Power Assistant
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{565343AF-BB01-4638-A87A-06D04494796A}" = Desktop Restore
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7D1C63D1-6520-49DA-B738-958133526E80}" = HP HotKey Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83DA38AB-1014-41C2-A3CD-E2B93832A71A}" = HP 3D DriveGuard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIO_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIO_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIO_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIO_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIO_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIO_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-1000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIO_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{9081486B-B26D-42DB-8D31-81C525A9526A}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIO_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}" = HP Deskjet 1000 J110 series Basic Device Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D5526B83-25C4-88A8-A984-98F871DA1415}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PROSet" = Intel® Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E8F1F2-6E5B-C5A4-A5FD-B76CCF833F21}" = CCC Help Finnish
"{09045BEA-1D64-4496-B0D5-B0021C6D95CA}" = Malwarebytes' Managed Client
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{0E8DE6AB-5193-A885-A550-7B26858FFF74}" = Catalyst Control Center Localization All
"{11C8CD1B-B0F8-D6F5-3E5D-6103FA7A2740}" = CCC Help English
"{1267DA48-A6EA-3202-6C02-0AD5D3AAF360}" = Catalyst Control Center InstallProxy
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{14FDECFD-FBA1-5D0A-16FE-51621197077E}" = CCC Help Norwegian
"{1E8D5440-0CC6-6E2D-7A1A-1B02699C76DE}" = CCC Help Danish
"{2041A685-F8DC-A7C7-2AF4-CE646D1E2161}" = CCC Help Thai
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{26A24AE4-039D-4CA4-87B4-2F83217045F0}" = Java 7 Update 45
"{2F36E5A1-A627-3736-D4BC-7962DD22EE0B}" = CCC Help Polish
"{39705143-74BD-1E99-5952-22764AD6DED9}" = ccc-core-static
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3C213840-A3A6-FD8C-91E5-AC7566FCB71B}" = CCC Help Czech
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{44C72B93-46FA-6D17-4020-E796E8D9C808}" = CCC Help German
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5681FF4A-5469-D41F-F990-D1AC1037AB02}" = CCC Help Korean
"{5A6CB42D-AFB6-989E-E7EB-B3FF928C707F}" = Catalyst Control Center Profiles Mobile
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63240320-9946-4A11-5135-DB66D8113842}" = CCC Help Japanese
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{68DDF0E0-42D9-B5C3-AD7A-3E1DCCE8D2E3}" = CCC Help Turkish
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}" = HP Product Detection
"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 for Windows Workstations
"{92F8E311-1A2C-41BA-A3E0-82E829AFF10B}" = Mozilla Firefox (en-US)
"{93139A49-0360-4718-8B93-C1F9EB12E3D8}" = Roxio Secure Burn
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}" = Roxio MyDVD Business 2010
"{9F7E4DF2-1795-99AD-CDD7-29F440B61088}" = CCC Help Hungarian
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A79846AB-AE6A-C993-71DF-99FF8E559613}" = CCC Help Chinese Traditional
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF6CCCD-2C82-CF3F-58AD-1766D370622F}" = CCC Help French
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Secure Burn
"{BACE8BFA-8F39-421D-BEF1-6E78632BDC90}" = Roxio MyDVD Business 2010
"{C0116FFA-6568-B16B-09EF-01E97CEF89E9}" = CCC Help Chinese Standard
"{C501064B-0925-A417-D08B-A96C07D11E01}" = CCC Help Italian
"{CDF2096F-1FBD-C097-15BC-8BC64AF0B6F7}" = CCC Help Spanish
"{CE7AE690-57AF-286B-B022-A808D30F08F2}" = CCC Help Greek
"{CFC1988A-F492-4BC5-B6F7-683A95718AE9}" = HP ESU for Microsoft Windows 7
"{D9965E8E-496F-F5E4-D8FF-78FB7EBE6ABA}" = CCC Help Swedish
"{DA8B96DE-3FE5-2079-D33B-7152C13AFC73}" = CCC Help Portuguese
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{E1625943-425A-6675-6A52-6AE98AC3080F}" = CCC Help Dutch
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E755FF48-9936-FE6B-3910-490DFB39F56D}" = Catalyst Control Center Graphics Previews Common
"{F24F876B-7D71-4BD6-88E9-614D3BB84216}" = Alcor Micro Smart Card Reader Driver
"{F70487C4-B639-5576-6DE1-2D2D790AC51A}" = CCC Help Russian
"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PDF Complete" = PDF Complete Special Edition
"SZCCID" = Alcor Micro Smart Card Reader Driver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/1/2014 4:54:03 PM | Computer Name = it5001186.CITYELM.com | Source = VSS | ID = 8193
Description =
 
Error - 12/4/2014 9:05:55 AM | Computer Name = it5001186.CITYELM.com | Source = SceCli | ID = 1001
Description = Security policy cannot be propagated.  Cannot access the template. Error
 code = 3.   \\CITYELM.COM\SysVol\CITYELM.COM\Policies\{43F1557D-DE29-4F25-92E6-625693A033A5}\Machine\Microsoft\Windows
 NT\SecEdit\GptTmpl.inf.
 
Error - 12/4/2014 9:05:55 AM | Computer Name = it5001186.CITYELM.com | Source = SceCli | ID = 1001
Description = Security policy cannot be propagated.  Cannot access the template. Error
 code = 3.   \\CITYELM.COM\sysvol\CITYELM.COM\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows
 NT\SecEdit\GptTmpl.inf.
 
Error - 12/4/2014 10:31:16 AM | Computer Name = it5001186.CITYELM.com | Source = MBAMService | ID = 131073
Description =
 
Error - 12/4/2014 12:57:27 PM | Computer Name = it5001186.CITYELM.com | Source = VSS | ID = 8193
Description =
 
Error - 12/8/2014 9:23:32 AM | Computer Name = it5001186.CITYELM.com | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: stobject.dll, version: 6.1.7601.17514,
 time stamp: 0x4ce7c9c9  Exception code: 0xc0000005  Fault offset: 0x0000000000002c68
Faulting
 process id: 0x428  Faulting application start time: 0x01d012ea219edebe  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Windows\system32\stobject.dll
Report
 Id: 6722a62a-7edd-11e4-bc80-402cf428014a
 
Error - 12/8/2014 9:27:38 AM | Computer Name = it5001186.CITYELM.com | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0000026000000902  Faulting process
 id: 0x11d4  Faulting application start time: 0x01d012eab044136f  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: unknown  Report Id: fa10e83a-7edd-11e4-b91c-402cf428014a
 
Error - 12/9/2014 9:21:08 AM | Computer Name = it5001186.CITYELM.com | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: unknown, version: 0.0.0.0, time stamp:
 0x00000000  Exception code: 0xc0000005  Fault offset: 0x0000000000000000  Faulting process
 id: 0x1084  Faulting application start time: 0x01d013b2ee18fad7  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: unknown  Report Id: 3c3267e3-7fa6-11e4-a82a-402cf428014a
 
Error - 12/11/2014 9:12:03 AM | Computer Name = it5001186.CITYELM.com | Source = Application Error | ID = 1000
Description = Faulting application name: OUTLOOK.EXE, version: 14.0.7109.5000, time
 stamp: 0x522a32e6  Faulting module name: OUTLOOK.EXE, version: 14.0.7109.5000, time
 stamp: 0x522a32e6  Exception code: 0xc0000005  Fault offset: 0x00000000000952d2  Faulting
 process id: 0x1790  Faulting application start time: 0x01d015440a31bb33  Faulting application
 path: C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE  Faulting module path:
 C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE  Report Id: 4bda4544-8137-11e4-ad2a-402cf428014a
 
Error - 12/11/2014 9:15:28 AM | Computer Name = it5001186.CITYELM.com | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook failed to start
 correctly last time.  Starting Outlook in safe mode will help you correct or isolate
 a startup problem in order to successfully start the program.  Some functionality
 may be disabled in this mode.  Do you want to start Outlook in safe mode?.
 
[ Broadcom Wireless LAN Events ]
Error - 10/1/2012 2:12:10 PM | Computer Name = it5001183 | Source = WLAN-Tray | ID = 0
Description = 13:12:10, Mon, Oct 01, 12 Error - Unable to gain access to user store

 
Error - 5/2/2013 2:36:47 PM | Computer Name = it5001088.CITYELM.com | Source = WLAN-Tray | ID = 0
Description = 13:36:47, Thu, May 02, 13 Error - Unable to gain access to user store

 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 2/25/2015 10:27:00 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
 1336 NULL object. Cannot establish a connection at this time.
 
Error - 2/25/2015 10:27:08 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
 (0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
 a policy check server name: 65.36.59.34
 
Error - 2/25/2015 10:27:28 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 2/25/2015 10:27:28 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 2/25/2015 10:27:59 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::analyzeHttpResponse File: .\NetEnvironment.cpp
Line:
 1509 Invoked Function: CCertHelper::VerifyServerCertificate Return Code: -31391706
 (0xFE210026) Description: CERTIFICATE_ERROR_VERIFY_POLICY_FAILED:Certificate failed
 a policy check server name: 65.36.59.34
 
Error - 2/25/2015 10:28:19 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1323 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28966899
 (0xFE46000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target
 
Error - 2/25/2015 10:28:19 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 772 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28966899 (0xFE46000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
 
Error - 2/25/2015 10:30:52 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 2/25/2015 10:30:52 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
 274 m_pIServicePlugin is NULL
 
Error - 2/25/2015 10:30:52 AM | Computer Name = it5001186.CITYELM.com | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
 311 m_pITelemetryPlugin is NULL
 
[ HP Connection Manager Events ]
Error - 5/2/2013 10:48:38 AM | Computer Name = it5001088.CITYELM.com | Source = hpMobile | ID = 5
Description = 2013/05/02 09:48:38.549|00001118|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 5/2/2013 12:05:38 PM | Computer Name = it5001088.CITYELM.com | Source = hpMobile | ID = 5
Description = 2013/05/02 11:05:38.426|00001324|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 5/2/2013 12:06:44 PM | Computer Name = it5001088.CITYELM.com | Source = hpMobile | ID = 5
Description = 2013/05/02 11:06:44.307|00001324|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 5/2/2013 12:07:40 PM | Computer Name = it5001088.CITYELM.com | Source = hpMobile | ID = 5
Description = 2013/05/02 11:07:40.505|00001324|Error      |[HP.Mobile]Wlan::a{void()}|The
 data is invalid. (Exception from HRESULT: 0x8007000D)
 
Error - 5/2/2013 3:09:37 PM | Computer Name = it5001088.CITYELM.com | Source = hpCMSrv | ID = 5
Description = 2013/05/02 14:09:37.957|000010F0|Error      |CBluetooth::StateChanged|Fire_StateChanged
 failed [hr:0x800706BA]
 
Error - 5/3/2013 10:04:03 AM | Computer Name = it5001088.CITYELM.com | Source = hpCMSrv | ID = 5
Description = 2013/05/03 09:04:03.942|00001368|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 5/3/2013 10:04:06 AM | Computer Name = it5001088.CITYELM.com | Source = hpCMSrv | ID = 5
Description = 2013/05/03 09:04:06.906|00001368|Error      |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
 failed [hr:0x800706BA]
 
Error - 5/13/2013 4:45:52 PM | Computer Name = it5001088.CITYELM.com | Source = hpCMSrv | ID = 5
Description = 2013/05/13 15:45:52.638|000016F0|Error      |CWWANInterface::Start|GetWmiState
 failed with 0x80004005
 
Error - 5/13/2013 4:45:52 PM | Computer Name = it5001088.CITYELM.com | Source = hpCMSrv | ID = 5
Description = 2013/05/13 15:45:52.716|000016F0|Error      |ChpCMSrvModule::Run|Failed
 PreMessageLoop hr:0x80004005
 
Error - 5/13/2013 4:46:22 PM | Computer Name = it5001088.CITYELM.com | Source = hpMobile | ID = 5
Description = 2013/05/13 15:46:22.565|000017E8|Error      |[HP.Mobile]Wwan::.ctor{}|Retrieving
 the COM class factory for component with CLSID {24DB46C8-C842-4E91-9AC4-8A9525A5551D}
 failed due to the following error: 80080005.
 
[ HP Power Assistant Events ]
Error - 11/17/2014 5:30:40 PM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1009
Description = A required file is either invalid or cannot be loaded. Power Assistant
 cannot function properly. Please restart HP Power Assistant application. Additional
 details may be available in the Details section.    DETAILS   Could not find file 'C:\Users\htaylor\AppData\Local\Temp\ypjisupq.dll'.DAT
 File Error
 
Error - 11/17/2014 5:30:40 PM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1009
Description = A required file is either invalid or cannot be loaded. Power Assistant
 cannot function properly. Please restart HP Power Assistant application. Additional
 details may be available in the Details section.    DETAILS   Could not find file 'C:\Users\htaylor\AppData\Local\Temp\rfupi1vg.dll'.Error
 Loading dat file
 
Error - 11/17/2014 5:30:40 PM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   The operation completed successfully
 
Error - 11/18/2014 5:39:29 PM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   The type initializer for 'hp.PSG.UI.Controls.StyleWindow' threw
 an exception.
 
Error - 12/8/2014 9:29:30 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   The operation completed successfully
 
Error - 1/30/2015 9:03:20 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Exception has been thrown by the target of an invocation.
 
Error - 2/3/2015 9:07:35 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1009
Description = A required file is either invalid or cannot be loaded. Power Assistant
 cannot function properly. Please restart HP Power Assistant application. Additional
 details may be available in the Details section.    DETAILS   Could not find file 'C:\Users\htaylor\AppData\Local\Temp\z4h27j7o.dll'.DAT
 File Error
 
Error - 2/3/2015 9:07:36 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1009
Description = A required file is either invalid or cannot be loaded. Power Assistant
 cannot function properly. Please restart HP Power Assistant application. Additional
 details may be available in the Details section.    DETAILS   Could not find file 'C:\Users\htaylor\AppData\Local\Temp\4k4fsgan.dll'.Error
 Loading dat file
 
Error - 2/3/2015 9:07:36 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   The operation completed successfully
 
Error - 2/19/2015 8:55:48 AM | Computer Name = it5001186.CITYELM.com | Source = HP PA Application | ID = 1001
Description = An error occurred in HP Power Assistant application. Please restart
 HP Power Assistant application. Additional details may be available in the Details
 section.    DETAILS   Exception has been thrown by the target of an invocation.
 
[ HP Software Framework Events ]
Error - 2/12/2015 9:10:40 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/12 07:10:40.848|00001024|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Object reference not
 set to an instance of an object.
 
Error - 2/12/2015 9:29:09 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/12 07:29:09.647|00000BD0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Object reference not set to an instance
 of an object.
 
Error - 2/12/2015 9:29:09 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/12 07:29:09.678|00000BD0|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Object reference not
 set to an instance of an object.
 
Error - 2/16/2015 5:13:45 PM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/16 15:13:45.468|0000112C|Error      |Program::RegisterEvents{hpCasl.enReturnCode()}|Exception
 occurred: Failed to create system events window thread.
 
Error - 2/17/2015 10:34:14 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/17 08:34:14.573|00001160|Error      |Program::RegisterEvents{hpCasl.enReturnCode()}|Exception
 occurred: Failed to create system events window thread.
 
Error - 2/19/2015 8:53:50 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/19 06:53:50.805|000013E0|Error      |[CaslWmi]B::B{void()}|Exception:
 The operation completed successfully
 
Error - 2/19/2015 8:58:30 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/19 06:58:30.198|000013F4|Error      |[CaslWmi]B::B{void()}|Exception:
 The operation completed successfully
 
Error - 2/24/2015 9:37:05 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/24 07:37:05.164|00000910|Error      |Program::RegisterEvents{hpCasl.enReturnCode()}|Exception
 occurred: Failed to create system events window thread.
 
Error - 2/24/2015 9:39:35 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/24 07:39:35.657|00001158|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the PMC.Data event. Exception: Object reference not set to an instance
 of an object.
 
Error - 2/24/2015 9:39:35 AM | Computer Name = it5001186.CITYELM.com | Source = Casl | ID = 5
Description = 2015/02/24 07:39:35.673|00001158|Error      |[CaslWmi]A::Unregister{hpCasl.enReturnCode(string)}|Error
 unregistering the Wireless.GlobalChanged event. Exception: Object reference not
 set to an instance of an object.
 
[ RMM System Events ]
Error - 6/17/2014 2:44:32 PM | Computer Name = it5001186.CITYELM.com | Source = Agent | ID = 5001
Description =  Test Tunnels Error: Unable to cast COM object of type 'WODVPNCOMLib.wodVPNComClass'
 to interface type 'WODVPNCOMLib.IwodVPNCom'. This operation failed because the
QueryInterface call on the COM component for the interface with IID '{B8218469-6598-4D1A-83A4-7759F3740236}'
 failed due to the following error: No such interface supported (Exception from
HRESULT: 0x80004002 (E_NOINTERFACE)).  v60.262
 
[ System Events ]
Error - 2/20/2015 10:46:31 AM | Computer Name = it5001186.CITYELM.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 2/20/2015 10:48:24 AM | Computer Name = it5001186.CITYELM.com | Source = TermService | ID = 1067
Description =
 
Error - 2/20/2015 12:42:48 PM | Computer Name = it5001186.CITYELM.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 2/25/2015 9:11:07 AM | Computer Name = it5001186.CITYELM.com | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:51:18 AM on ?2/?24/?2015 was unexpected.
 
Error - 2/25/2015 10:25:49 AM | Computer Name = it5001186.CITYELM.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain CITYELM due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
Error - 2/25/2015 10:25:51 AM | Computer Name = it5001186.CITYELM.com | Source = Microsoft-Windows-GroupPolicy | ID = 1055
Description = The processing of Group Policy failed. Windows could not resolve the
 computer name. This could be caused by one of more of the following:   a) Name Resolution
 failure on the current domain controller.   b) Active Directory Replication Latency
 (an account created on another domain controller has not replicated to the current
 domain controller).
 
Error - 2/25/2015 10:26:46 AM | Computer Name = it5001186.CITYELM.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 2/25/2015 10:28:47 AM | Computer Name = it5001186.CITYELM.com | Source = TermService | ID = 1067
Description =
 
Error - 2/25/2015 12:07:52 PM | Computer Name = it5001186.CITYELM.com | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
 to a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has succesfully processed. If you do not see a success message for several
 hours, then contact your administrator.
 
Error - 2/25/2015 2:58:34 PM | Computer Name = it5001186.CITYELM.com | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
 in domain CITYELM due to the following:   %%1311    This may lead to authentication problems.
 Make sure that this  computer is connected to the network. If the problem persists,
please
 contact your domain administrator.        ADDITIONAL INFO    If this computer is a domain controller
 for the specified domain, it  sets up the secure session to the primary domain controller
 emulator in the specified  domain. Otherwise, this computer sets up the secure session
 to any domain controller  in the specified domain.
 
 
< End of report >
 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • click on the Addition.txt box. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste that log back here and also the second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    When I tried Adwcleaner it hung up the computer but it said it was finished after I rebooted the log file was there plus I ran it again and it said it was clean.

     

    # AdwCleaner v4.111 - Logfile created 27/02/2015 at 07:49:04
    # Updated 18/02/2015 by Xplode
    # Database : 2015-02-18.3 [Local]
    # Operating system : Windows 7 Professional Service Pack 1 (x64)
    # Username : htaylor - IT5001186
    # Running from : C:\Users\htaylor\Desktop\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
    File Deleted : C:\Users\htaylor\AppData\Roaming\Mozilla\Firefox\Profiles\6x4j2v0b.default\searchplugins\Binkiland.xml
    File Deleted : C:\Users\itmanager\AppData\Roaming\Mozilla\Firefox\Profiles\jv1z5ki9.default\searchplugins\Binkiland.xml

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\eSupport.com
    Key Deleted : HKCU\Software\AppDataLow\Software\Compete
    Key Deleted : HKLM\SOFTWARE\CompeteInc
    Key Deleted : [x64] HKLM\SOFTWARE\DriverRestore

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.17116


    -\\ Mozilla Firefox v26.0.0.0 (en-US)

    [6x4j2v0b.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Binkiland");
    [6x4j2v0b.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Binkiland");
    [jv1z5ki9.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://binkiland.com/?f=1&a=bnk_dnldstr_15_07&cd=2XzuyEtN2Y1L1Qzu0ByE0ByDtB0FtAtDyBzzyD0C0B0FyB0AtN0D0Tzu0StCtCtAyBtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1B[...]
    [jv1z5ki9.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Binkiland");

    *************************

    AdwCleaner[R0].txt - [3113 bytes] - [27/02/2015 07:44:13]
    AdwCleaner[S0].txt - [2959 bytes] - [27/02/2015 07:49:05]

    ########## EOF - Z:\AdwCleaner\AdwCleaner[S0].txt - [3018  bytes] ##########

     

     

     

     

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
    Ran by htaylor (administrator) on IT5001186 on 27-02-2015 08:44:50
    Running from C:\Users\htaylor\Desktop
    Loaded Profiles: htaylor (Available profiles: itmanager & dmxpatchuser & htaylor)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe
    (Microsoft Corporation) C:\Windows\ccmsetup\ccmsetup.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
    HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [514544 2011-01-12] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
    HKLM-x32\...\Run: [AVP] => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
    HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun_KL_notset] 1
    HKU\S-1-5-21-436374069-299502267-725345543-7960\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
    AppInit_DLLs: c:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\adialhk.dll [90576 2012-08-16] (Kaspersky Lab ZAO)
    AppInit_DLLs-x32: c:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll [86872 2012-08-16] (Kaspersky Lab ZAO)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
    ShortcutTarget: Network Monitoring Tray.lnk -> C:\Windows\LTSvc\LTTray.exe (No File)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-436374069-299502267-725345543-7960 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1259.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\htaylor\AppData\Roaming\Mozilla\Firefox\Profiles\6x4j2v0b.default
    FF Homepage: https://mygov.us/login
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Zoom It - C:\Users\htaylor\AppData\Roaming\Mozilla\Firefox\Profiles\6x4j2v0b.default\Extensions\{2a8828d6-2554-8105-fa21-f7effc653466} [2015-02-27]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-02]

    Chrome:
    =======
    StartMenuInternet: Google Chrome.MUUMGEHPQW54UYSYBQAMQJDSLQ - C:\Users\toleadmin\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)
    R2 ccmsetup; C:\Windows\ccmsetup\ccmsetup.exe [1614520 2013-09-11] (Microsoft Corporation)
    R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [100352 2014-07-25] (LabTech Software) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [142848 2013-12-11] (Malwarebytes Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
    R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-11-11] (Kaspersky Lab)
    R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30736 2009-09-03] (Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [273200 2014-05-02] (Kaspersky Lab)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [32048 2011-09-01] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
    S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [40448 2011-01-13] (Generic)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 08:44 - 2015-02-27 08:45 - 00016918 _____ () C:\Users\htaylor\Desktop\FRST.txt
    2015-02-27 08:44 - 2015-02-27 08:44 - 00000000 ____D () C:\FRST
    2015-02-27 08:43 - 2015-02-27 08:43 - 00000769 _____ () C:\Users\htaylor\Desktop\JRT.txt
    2015-02-27 08:14 - 2015-02-27 08:14 - 00003106 _____ () C:\Users\htaylor\Desktop\AdwCleaner[S0].txt
    2015-02-27 07:38 - 2015-02-27 07:38 - 02087936 _____ (Farbar) C:\Users\htaylor\Desktop\FRST64.exe
    2015-02-27 07:38 - 2015-02-27 07:38 - 01388274 _____ (Thisisu) C:\Users\htaylor\Desktop\JRT.exe
    2015-02-27 07:36 - 2015-02-27 07:36 - 02126848 _____ () C:\Users\htaylor\Desktop\AdwCleaner.exe
    2015-02-25 13:53 - 2015-02-25 13:53 - 00602112 _____ (OldTimer Tools) C:\Users\htaylor\Desktop\OTL.exe
    2015-02-18 07:23 - 2015-02-18 07:23 - 00000000 ____D () C:\Users\htaylor\AppData\Roaming\Roxio Log Files
    2015-02-18 07:18 - 2015-02-18 07:31 - 00000000 ____D () C:\Windows\pss
    2015-02-16 13:02 - 2015-02-27 08:36 - 00001456 _____ () C:\Windows\setupact.log
    2015-02-16 13:02 - 2015-02-16 13:02 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-16 10:05 - 2015-02-16 10:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
    2015-02-12 07:27 - 2014-10-17 06:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-12 07:24 - 2015-02-12 07:22 - 29040552 _____ (Oracle Corporation) C:\Users\htaylor\Downloads\java_free_setup.exe
    2015-02-11 15:44 - 2015-02-16 14:06 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-11 15:44 - 2015-02-16 14:05 - 00000000 ____D () C:\Users\htaylor\AppData\Local\Google
    2015-02-11 15:37 - 2015-02-11 15:37 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-02-11 15:37 - 2015-02-11 15:37 - 00000000 _____ () C:\Users\htaylor\Downloads\ChromeSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-27 08:44 - 2009-07-13 22:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 08:44 - 2009-07-13 22:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-27 08:40 - 2014-07-25 13:40 - 01196406 _____ () C:\Windows\WindowsUpdate.log
    2015-02-27 08:38 - 2014-05-02 12:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-02-27 08:38 - 2012-10-01 11:00 - 00000000 ____D () C:\ProgramData\Sonic
    2015-02-27 08:37 - 2012-10-01 10:57 - 00000000 ____D () C:\ProgramData\PDFC
    2015-02-27 08:36 - 2012-10-03 10:38 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2015-02-27 08:36 - 2012-10-03 09:59 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
    2015-02-27 08:36 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-27 08:12 - 2014-11-07 07:20 - 00000064 _____ () C:\Users\Public\Desktop\Little Elm EMAIL.url
    2015-02-27 08:12 - 2014-07-30 14:46 - 00000162 _____ () C:\Users\Public\Desktop\LMS Login.url
    2015-02-27 08:11 - 2012-10-02 08:30 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-02-27 07:26 - 2012-10-02 12:35 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500UA.job
    2015-02-27 07:25 - 2012-10-02 12:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-27 07:23 - 2014-07-25 08:28 - 00004564 __RSH () C:\Users\htaylor\ntuser.pol
    2015-02-27 07:23 - 2014-07-25 08:28 - 00000000 ____D () C:\Users\htaylor
    2015-02-26 10:26 - 2012-10-02 12:35 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500Core.job
    2015-02-26 09:09 - 2012-10-02 13:07 - 00000137 __RSH () C:\ProgramData\3002.xml
    2015-02-19 15:26 - 2014-05-02 13:03 - 00000000 ____D () C:\ProgramData\sccomm
    2015-02-19 07:01 - 2012-10-02 12:41 - 00019942 __RSH () C:\ProgramData\ntuser.pol
    2015-02-18 07:29 - 2012-10-03 10:00 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
    2015-02-18 07:29 - 2012-10-03 09:59 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
    2015-02-16 12:49 - 2013-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Datamax
    2015-02-16 09:42 - 2012-10-01 16:43 - 00000000 ____D () C:\Windows\Panther
    2015-02-16 06:59 - 2013-07-26 03:17 - 00000000 ____D () C:\temp
    2015-02-12 10:53 - 2014-09-10 16:43 - 00000000 ____D () C:\Users\malmassi
    2015-02-12 10:53 - 2014-07-25 08:03 - 00000000 ____D () C:\Users\toleadmin
    2015-02-12 10:53 - 2014-07-25 07:54 - 00000000 ____D () C:\Users\TEMP
    2015-02-12 10:53 - 2012-10-01 13:48 - 00000000 ____D () C:\Users\itmanager
    2015-02-12 07:26 - 2014-10-17 06:27 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-12 07:26 - 2013-05-02 13:09 - 00000000 ____D () C:\Windows\system32\appmgmt
    2015-02-12 06:59 - 2009-07-13 23:08 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-10 10:39 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-02-05 10:30 - 2012-10-02 12:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2015-02-05 10:30 - 2012-10-02 12:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-02-05 10:30 - 2012-10-02 12:49 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-01-29 11:27 - 2014-08-05 09:56 - 00000839 _____ () C:\Users\htaylor\Documents\Permit Phrases.txt

    ==================== Files in the root of some directories =======

    2012-10-02 13:07 - 2014-11-07 07:37 - 0026784 __RSH () C:\ProgramData\3002.abs
    2012-10-02 13:07 - 2015-02-26 09:09 - 0000137 __RSH () C:\ProgramData\3002.xml
    2013-05-22 13:13 - 2013-05-22 13:13 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some content of TEMP:
    ====================
    C:\Users\htaylor\AppData\Local\Temp\Quarantine.exe
    C:\Users\htaylor\AppData\Local\Temp\sqlite3.dll
    C:\Users\itmanager\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-02-24 09:12

    ==================== End Of Log ============================

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Professional x64
    Ran by htaylor on Fri 02/27/2015 at  8:38:56.10
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\htaylor\AppData\Roaming\mozilla\firefox\profiles\6x4j2v0b.default\minidumps [14 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 02/27/2015 at  8:43:42.54
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

    Thanks

     

     

     

     

     


    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
     
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
    Hopefully things have improved?
     
     

    • 0

    #5
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015 Ran by htaylor at 2015-03-04 07:23:22 Run:1 Running from C:\Users\htaylor\Desktop Loaded Profiles: htaylor (Available profiles: itmanager & dmxpatchuser & toleadmin & malmassi & htaylor) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk ShortcutTarget: Network Monitoring Tray.lnk -> C:\Windows\LTSvc\LTTray.exe (No File) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Toolbar: HKU\S-1-5-21-436374069-299502267-725345543-7960 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...ct1259.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - No File S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X] S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X] S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X] ***************** HKU\S-1-5-21-436374069-299502267-725345543-7960 => Group Policy Restriction on software restored successfully. HKU\S-1-5-21-436374069-299502267-725345543-7960 => Group Policy Restriction on software restored successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk => Moved successfully. C:\Windows\LTSvc\LTTray.exe not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully. HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully. HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully. HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully. HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-21-436374069-299502267-725345543-7960\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully. HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}" => Key deleted successfully. "HKCR\PROTOCOLS\Handler\tmpx" => Key deleted successfully. HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found. BCM42RLY => Service deleted successfully. cpuz136 => Service deleted successfully. KAPFA => Service deleted successfully. ==== End of Fixlog 07:25:15 ====
    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.


    • 0

    #7
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    Okay ran FRST64 twice and both times it did not produce a Additions log file, I'll post the regular log file but I have no idea what's happening.

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
    Ran by htaylor at 2015-03-06 07:17:33 Run:1
    Running from C:\Users\htaylor\Desktop
    Loaded Profiles: htaylor (Available profiles: itmanager & dmxpatchuser & toleadmin & malmassi & htaylor)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-436374069-299502267-725345543-7960 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk
    ShortcutTarget: Network Monitoring Tray.lnk -> C:\Windows\LTSvc\LTTray.exe (No File)
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-436374069-299502267-725345543-7960 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
    DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect1259.cab
    DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]



    *****************

    HKU\S-1-5-21-436374069-299502267-725345543-7960 => Group Policy Restriction on software restored successfully.
    HKU\S-1-5-21-436374069-299502267-725345543-7960 => Group Policy Restriction on software restored successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Monitoring Tray.lnk not found.
    C:\Windows\LTSvc\LTTray.exe not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Key not found.
    HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Key not found.
    HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Key not found.
    HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => Key not found.
    HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1 => Key not found.
    HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2 => Key not found.
    HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3 => Key not found.
    HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4 => Key not found.
    HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-436374069-299502267-725345543-7960\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value not found.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000} => Key not found.
    HKCR\Wow6432Node\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} => Key not found.
    HKCR\Wow6432Node\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} => Key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key not found.
    HKCR\Wow6432Node\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} => Key not found.
    HKCR\PROTOCOLS\Handler\tmpx => Key not found.
    HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
    BCM42RLY => Service not found.
    cpuz136 => Service not found.
    KAPFA => Service not found.

    ==== End of Fixlog 07:17:41 ====


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    You need to press the Scan button not the Fix button.


    • 0

    #9
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    sorry for not paying attention

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 03
    Ran by htaylor (administrator) on IT5001186 on 09-03-2015 07:09:20
    Running from C:\Users\htaylor\Desktop
    Loaded Profiles: htaylor (Available profiles: itmanager & dmxpatchuser & toleadmin & malmassi & htaylor)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe
    (Microsoft Corporation) C:\Windows\ccmsetup\ccmsetup.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (LabTech Software) C:\Windows\LTSvc\LTSvcMon.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
    (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
    (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [835072 2011-01-27] (IDT, Inc.)
    HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2919992 2011-01-26] (Hewlett-Packard Company)
    HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-29] (Synaptics Incorporated)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [299576 2011-01-28] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [514544 2011-01-12] ()
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-12-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-12-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
    HKLM-x32\...\Run: [AVP] => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
    HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun_KL_notset] 1
    HKU\S-1-5-21-436374069-299502267-725345543-7960\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)
    AppInit_DLLs: c:\PROGRA~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\x64\adialhk.dll [90576 2012-08-16] (Kaspersky Lab ZAO)
    AppInit_DLLs-x32: c:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll => c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll [86872 2012-08-16] (Kaspersky Lab ZAO)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2012-08-16] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-17] (Oracle Corporation)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-17] (Oracle Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
    Tcpip\Parameters: [DhcpNameServer] 66.90.132.162 66.90.130.10

    FireFox:
    ========
    FF ProfilePath: C:\Users\htaylor\AppData\Roaming\Mozilla\Firefox\Profiles\6x4j2v0b.default
    FF Homepage: https://mygov.us/login
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-17] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-17] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
    FF Extension: Zoom It - C:\Users\htaylor\AppData\Roaming\Mozilla\Firefox\Profiles\6x4j2v0b.default\Extensions\{82674691-e0a2-d872-ea74-5a2078c0d60b} [2015-03-06]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-10-02]

    Chrome:
    =======
    StartMenuInternet: Google Chrome.MUUMGEHPQW54UYSYBQAMQJDSLQ - C:\Users\toleadmin\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AVP; c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe [350552 2012-08-16] (Kaspersky Lab ZAO)
    R2 ccmsetup; C:\Windows\ccmsetup\ccmsetup.exe [1614520 2013-09-11] (Microsoft Corporation)
    R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [281656 2011-01-28] (Hewlett-Packard Company)
    R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
    R2 LTSvcMon; C:\Windows\LTsvc\LTSvcMon.exe [100352 2014-07-25] (LabTech Software) [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
    R2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [142848 2013-12-11] (Malwarebytes Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 johci; C:\Windows\System32\DRIVERS\johci.sys [26712 2011-01-18] (JMicron Technology Corp.)
    R1 kl1; C:\Windows\System32\DRIVERS\kl1.sys [157712 2009-11-11] (Kaspersky Lab)
    R3 KLFLTDEV; C:\Windows\System32\DRIVERS\klfltdev.sys [30736 2009-09-03] (Kaspersky Lab)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [273200 2014-05-02] (Kaspersky Lab)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [32048 2011-09-01] (Kaspersky Lab ZAO)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
    S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [40448 2011-01-13] (Generic)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 07:09 - 2015-03-09 07:09 - 00015384 _____ () C:\Users\htaylor\Desktop\FRST.txt
    2015-03-09 07:09 - 2015-03-09 07:09 - 00000000 ____D () C:\Users\htaylor\Desktop\FRST-OlderVersion
    2015-03-09 07:07 - 2015-03-09 07:07 - 00004512 _____ () C:\Users\htaylor\Desktop\fixlist.txt
    2015-03-06 08:08 - 2015-03-09 07:03 - 00000066 _____ () C:\Users\htaylor\Desktop\MBudget.url
    2015-03-04 08:22 - 2015-03-04 08:20 - 00004512 _____ () C:\fixlist.txt
    2015-02-27 09:51 - 2015-02-27 09:54 - 00000000 ____D () C:\AdwCleaner
    2015-02-27 09:44 - 2015-03-09 07:09 - 00000000 ____D () C:\FRST
    2015-02-27 08:38 - 2015-03-09 07:09 - 02095104 _____ (Farbar) C:\Users\htaylor\Desktop\FRST64.exe
    2015-02-27 08:38 - 2015-02-27 08:38 - 01388274 _____ (Thisisu) C:\Users\htaylor\Desktop\JRT.exe
    2015-02-27 08:36 - 2015-02-27 08:36 - 02126848 _____ () C:\Users\htaylor\Desktop\AdwCleaner.exe
    2015-02-25 14:53 - 2015-02-25 14:53 - 00602112 _____ (OldTimer Tools) C:\Users\htaylor\Desktop\OTL.exe
    2015-02-18 08:23 - 2015-02-18 08:23 - 00000000 ____D () C:\Users\htaylor\AppData\Roaming\Roxio Log Files
    2015-02-18 08:18 - 2015-02-18 08:31 - 00000000 ____D () C:\Windows\pss
    2015-02-16 14:02 - 2015-03-09 07:02 - 00002072 _____ () C:\Windows\setupact.log
    2015-02-16 14:02 - 2015-02-16 14:02 - 00000000 _____ () C:\Windows\setuperr.log
    2015-02-16 11:05 - 2015-02-16 11:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
    2015-02-12 08:27 - 2014-10-17 07:27 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2015-02-12 08:24 - 2015-02-12 08:22 - 29040552 _____ (Oracle Corporation) C:\Users\htaylor\Downloads\java_free_setup.exe
    2015-02-11 16:44 - 2015-02-16 15:06 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-02-11 16:44 - 2015-02-16 15:05 - 00000000 ____D () C:\Users\htaylor\AppData\Local\Google
    2015-02-11 16:37 - 2015-02-11 16:37 - 00000000 ____D () C:\ProgramData\Unchecky
    2015-02-11 16:37 - 2015-02-11 16:37 - 00000000 _____ () C:\Users\htaylor\Downloads\ChromeSetup.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-03-09 07:08 - 2014-07-25 14:40 - 01429329 _____ () C:\Windows\WindowsUpdate.log
    2015-03-09 07:08 - 2009-07-14 00:13 - 00798582 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-03-09 07:04 - 2014-05-02 13:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2015-03-09 07:04 - 2012-10-02 14:07 - 00000137 __RSH () C:\ProgramData\3002.xml
    2015-03-09 07:04 - 2012-10-01 12:00 - 00000000 ____D () C:\ProgramData\Sonic
    2015-03-09 07:03 - 2014-11-07 08:20 - 00000064 _____ () C:\Users\Public\Desktop\Little Elm EMAIL.url
    2015-03-09 07:03 - 2014-07-30 15:46 - 00000162 _____ () C:\Users\Public\Desktop\LMS Login.url
    2015-03-09 07:03 - 2012-10-02 09:30 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl
    2015-03-09 07:02 - 2012-10-03 11:38 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2015-03-09 07:02 - 2012-10-03 10:59 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
    2015-03-09 07:02 - 2012-10-01 11:57 - 00000000 ____D () C:\ProgramData\PDFC
    2015-03-09 07:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-03-06 15:26 - 2012-10-02 13:35 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500UA.job
    2015-03-06 15:25 - 2012-10-02 13:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-03-06 11:26 - 2012-10-02 13:35 - 00000872 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500Core.job
    2015-03-06 09:58 - 2009-07-13 23:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-03-06 09:58 - 2009-07-13 23:45 - 00015504 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-03-04 10:50 - 2014-08-05 10:56 - 00000995 _____ () C:\Users\htaylor\Documents\Permit Phrases.txt
    2015-03-03 16:05 - 2014-07-25 09:28 - 00004564 __RSH () C:\Users\htaylor\ntuser.pol
    2015-03-03 16:05 - 2014-07-25 09:28 - 00000000 ____D () C:\Users\htaylor
    2015-03-01 19:54 - 2014-05-02 10:17 - 00000000 ____D () C:\Windows\ccmsetup
    2015-02-19 16:26 - 2014-05-02 14:03 - 00000000 ____D () C:\ProgramData\sccomm
    2015-02-19 08:01 - 2012-10-02 13:41 - 00019942 __RSH () C:\ProgramData\ntuser.pol
    2015-02-18 08:29 - 2012-10-03 11:00 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
    2015-02-18 08:29 - 2012-10-03 10:59 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
    2015-02-16 13:49 - 2013-07-26 04:12 - 00000000 ____D () C:\Program Files (x86)\Datamax
    2015-02-16 10:42 - 2012-10-01 17:43 - 00000000 ____D () C:\Windows\Panther
    2015-02-16 07:59 - 2013-07-26 04:17 - 00000000 ____D () C:\temp
    2015-02-12 11:53 - 2014-09-10 17:43 - 00000000 ____D () C:\Users\malmassi
    2015-02-12 11:53 - 2014-07-25 09:03 - 00000000 ____D () C:\Users\toleadmin
    2015-02-12 11:53 - 2014-07-25 08:54 - 00000000 ____D () C:\Users\TEMP
    2015-02-12 11:53 - 2012-10-01 14:48 - 00000000 ____D () C:\Users\itmanager
    2015-02-12 08:26 - 2014-10-17 07:27 - 00000000 ____D () C:\Program Files (x86)\Java
    2015-02-12 08:26 - 2013-05-02 14:09 - 00000000 ____D () C:\Windows\system32\appmgmt
    2015-02-12 07:59 - 2009-07-14 00:08 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-10 11:39 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries

    ==================== Files in the root of some directories =======

    2012-10-02 14:07 - 2014-11-07 08:37 - 0026784 __RSH () C:\ProgramData\3002.abs
    2012-10-02 14:07 - 2015-03-09 07:04 - 0000137 __RSH () C:\ProgramData\3002.xml
    2013-05-22 14:13 - 2013-05-22 14:13 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some content of TEMP:
    ====================
    C:\Users\htaylor\AppData\Local\Temp\Quarantine.exe
    C:\Users\htaylor\AppData\Local\Temp\sqlite3.dll
    C:\Users\itmanager\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-03-06 10:30

    ==================== End Of Log ============================

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 03
    Ran by htaylor at 2015-03-09 07:10:14
    Running from C:\Users\htaylor\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Anti-Virus (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
    AS: Kaspersky Anti-Virus (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.13 - Adobe Systems)
    Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.)
    Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.16.0 - Alcor Micro Corp.)
    Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.16.0 - Alcor Micro Corp.) Hidden
    ATI Catalyst Install Manager (HKLM\...\{D5526B83-25C4-88A8-A984-98F871DA1415}) (Version: 3.0.812.0 - ATI Technologies, Inc.)
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6300 - Broadcom Corporation)
    ccc-core-static (x32 Version: 2011.0206.1335.24298 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
    Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02026 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02026 - Cisco Systems, Inc.) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
    Desktop Restore (HKLM\...\{565343AF-BB01-4638-A87A-06D04494796A}) (Version: 1.6.2 - JOConnell)
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
    HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
    HP Deskjet 1000 J110 series Help (HKLM-x32\...\{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}) (Version: 140.0.65.65 - Hewlett Packard)
    HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
    HP HotKey Support (HKLM\...\{7D1C63D1-6520-49DA-B738-958133526E80}) (Version: 4.0.10.1 - Hewlett-Packard Company)
    HP Photosmart 7510 series Basic Device Software (HKLM\...\{24C7AD6B-F418-4D3B-B7F2-F3603FD720BF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Power Assistant (HKLM\...\{3D8EDF72-13CC-4E51-AAB6-32A20524D2E0}) (Version: 2.0.2.0 - Hewlett-Packard Company)
    HP Product Detection (HKLM-x32\...\{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}) (Version: 11.15.0005 - HP)
    HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
    Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
    Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
    Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045F0}) (Version: 7.0.450 - Oracle)
    Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
    JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.20.00 - JMicron Technology Corp.)
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.56.1 - JMicron Technology Corp.)
    Kaspersky Anti-Virus 6.0 for Windows Workstations (HKLM-x32\...\{8F023021-A7EB-45D3-9269-D65264C81729}) (Version: 6.0.4.1611 - Kaspersky Lab)
    LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
    Malwarebytes' Managed Client (HKLM-x32\...\{09045BEA-1D64-4496-B0D5-B0021C6D95CA}) (Version: 1.3.1962 - Malwarebytes Corporation)
    Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{9081486B-B26D-42DB-8D31-81C525A9526A}) (Version:  - Microsoft)
    Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox (en-US) (HKLM-x32\...\{92F8E311-1A2C-41BA-A3E0-82E829AFF10B}) (Version: 26.0.0.0 - FrontMotion)
    Mozilla Firefox 21.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 21.0 (x86 en-US)) (Version: 21.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 21.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.57 - PDF Complete, Inc)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
    Roxio MyDVD Business 2010 (HKLM-x32\...\{9CB4FBA9-45C0-41AA-97CC-283B42E1A21E}) (Version: 12.1.73.14 - Roxio)
    Roxio Secure Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.68.2 - Roxio)
    SDK (x32 Version: 2.24.025 - Portrait Displays, Inc.) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.9.0 - Synaptics Incorporated)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points  =========================

    06-02-2015 11:40:58 Scheduled Checkpoint
    11-02-2015 16:40:45 Removed WeatherApp
    12-02-2015 08:25:02 PerforMax Cleaner
    12-02-2015 08:25:50 Installed Java 7 Update 45
    12-02-2015 08:27:27 Removed WeatherApp
    16-02-2015 08:32:37 Windows Update
    16-02-2015 13:50:26 Removed Meraki Systems Manager Agent
    26-02-2015 12:04:25 Scheduled Checkpoint
    06-03-2015 13:38:54 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {29EAF8A0-9257-4F8F-917E-474B33B65E9C} - System32\Tasks\Microsoft\Microsoft\Configuration Manager\Configuration Manager Client Retry Task => C:\Windows\ccmsetup\ccmsetup.exe [2013-09-11] (Microsoft Corporation)
    Task: {2BF7EFCF-7DC1-4551-B86E-53A05A5011C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
    Task: {53679B8A-8869-45BA-8D5C-251EA5BBFA53} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
    Task: {980D9506-E3BC-4DF5-94CA-AEFCF0345E2D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500UA => C:\Users\toleadmin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {F743BE67-EFB6-435E-A35C-7888B32F8BB6} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {FB1D3E00-0AEC-4CDF-8723-5014AAE0F532} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500Core => C:\Users\toleadmin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500Core.job => C:\Users\toleadmin\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-299502267-725345543-500UA.job => C:\Users\toleadmin\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2010-07-29 19:39 - 2010-07-29 19:39 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
    2011-01-26 18:14 - 2011-01-26 18:14 - 00036408 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Remote.dll
    2011-01-12 11:48 - 2011-01-12 11:48 - 00514544 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
    2012-10-01 11:29 - 2011-01-26 17:34 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
    2011-02-11 16:26 - 2011-02-11 16:26 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
    2011-02-11 16:26 - 2011-02-11 16:26 - 00024576 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
    2011-02-06 13:34 - 2011-02-06 13:34 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    2011-01-26 18:13 - 2011-01-26 18:13 - 00080440 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
    2011-01-26 18:13 - 2011-01-26 18:13 - 00047160 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
    2012-12-13 08:45 - 2012-12-13 08:45 - 00063560 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
    2012-08-16 21:45 - 2012-08-16 21:45 - 00028504 _____ () c:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\volenum.ppl
    2010-05-19 10:05 - 2010-05-19 10:05 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
    2010-05-19 10:05 - 2010-05-19 10:05 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
    2010-05-19 10:05 - 2010-05-19 10:05 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2012-10-01 16:17 - 2011-01-12 20:56 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
    2013-12-05 13:36 - 2013-12-05 13:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-02-05 11:30 - 2015-02-05 11:30 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KATESTJD94573019785 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KATESTJD94573019785 => ""="Service"

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-436374069-299502267-725345543-7960\Control Panel\Desktop\\Wallpaper -> C:\Users\htaylor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 66.90.132.162 - 66.90.130.10

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: tvncontrol => "C:\Windows\LTsvc\tvnserver.exe" -controlservice -slave

    ==================== Accounts: =============================

    Administrator (S-1-5-21-1260142216-2848191851-823008232-500 - Administrator - Disabled)
    dmxpatchuser (S-1-5-21-1260142216-2848191851-823008232-1005 - Administrator - Enabled) => C:\Users\dmxpatchuser
    Guest (S-1-5-21-1260142216-2848191851-823008232-501 - Limited - Disabled)
    itmanager (S-1-5-21-1260142216-2848191851-823008232-1000 - Administrator - Enabled) => C:\Users\itmanager

    ==================== Faulty Device Manager Devices =============

    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/06/2015 01:38:55 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-436374069-299502267-725345543-500_new).  hr = 0x80070539, The security ID structure is invalid.
    .


    Operation:
       OnIdentify event
       Gathering Writer Data

    Context:
       Execution Context: Shadow Copy Optimization Writer
       Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Name: Shadow Copy Optimization Writer
       Writer Instance ID: {39ead4a1-a5ff-4a35-8d24-a0022ab7b602}

    Error: (03/04/2015 08:21:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: firefox.exe, version: 26.0.0.5087, time stamp: 0x52a0d273
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x27f2fb78
    Faulting process id: 0xb0
    Faulting application start time: 0xfirefox.exe0
    Faulting application path: firefox.exe1
    Faulting module path: firefox.exe2
    Report Id: firefox.exe3

    Error: (03/03/2015 04:03:37 PM) (Source: PerfNet) (EventID: 2005) (User: )
    Description:


    System errors:
    =============
    Error: (03/09/2015 07:02:40 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

    Error: (03/09/2015 07:02:39 AM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain CITYELM due to the following:
    %%1311

    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.



    ADDITIONAL INFO

    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.

    Error: (03/06/2015 11:48:12 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

    Error: (03/06/2015 09:55:07 AM) (Source: TermService) (EventID: 1067) (User: )
    Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
    .

    Error: (03/06/2015 09:53:30 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CITYELM)
    Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

    Error: (03/06/2015 09:52:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
    a) Name Resolution failure on the current domain controller.
    b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

    Error: (03/06/2015 09:52:07 AM) (Source: NETLOGON) (EventID: 5719) (User: )
    Description: This computer was not able to set up a secure session with a domain
    controller in domain CITYELM due to the following:
    %%1311

    This may lead to authentication problems. Make sure that this
    computer is connected to the network. If the problem persists,
    please contact your domain administrator.



    ADDITIONAL INFO

    If this computer is a domain controller for the specified domain, it
    sets up the secure session to the primary domain controller emulator in the specified
    domain. Otherwise, this computer sets up the secure session to any domain controller
    in the specified domain.

    Error: (03/06/2015 09:38:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Windows Update service terminated with the following error:
    %%-2147467243

    Error: (03/06/2015 09:35:51 AM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 8:34:09 AM on ‎3/‎6/‎2015 was unexpected.

    Error: (03/04/2015 11:26:26 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
    Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.


    Microsoft Office Sessions:
    =========================
    Error: (03/06/2015 01:38:55 PM) (Source: VSS) (EventID: 8193) (User: )
    Description: ConvertStringSidToSid(S-1-5-21-436374069-299502267-725345543-500_new)0x80070539, The security ID structure is invalid.


    Operation:
       OnIdentify event
       Gathering Writer Data

    Context:
       Execution Context: Shadow Copy Optimization Writer
       Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
       Writer Name: Shadow Copy Optimization Writer
       Writer Instance ID: {39ead4a1-a5ff-4a35-8d24-a0022ab7b602}

    Error: (03/04/2015 08:21:31 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: firefox.exe26.0.0.508752a0d273unknown0.0.0.000000000c000000527f2fb78b001d0567c6bb2c92cC:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown5e802a86-c271-11e4-b57f-402cf428014a

    Error: (03/03/2015 04:03:37 PM) (Source: PerfNet) (EventID: 2005) (User: )
    Description:


    ==================== Memory info ===========================

    Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 60%
    Total physical RAM: 4046.36 MB
    Available physical RAM: 1610.73 MB
    Total Pagefile: 8090.89 MB
    Available Pagefile: 5201.31 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:457.6 GB) (Free:394.88 GB) NTFS
    Drive n: (E_VOLUME) (Network) (Total:3999.87 GB) (Free:974.48 GB) NTFS
    Drive q: (E_VOLUME) (Network) (Total:3999.87 GB) (Free:974.48 GB) NTFS
    Drive y: (E_VOLUME) (Network) (Total:3999.87 GB) (Free:974.48 GB) NTFS
    Drive z: (E_VOLUME) (Network) (Total:3999.87 GB) (Free:974.48 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5F696724)
    Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=457.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=7.8 GB) - (Type=0C)

    ==================== End Of Log ============================


    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    Clear the Java Cache by following the instructions on
     
    You do not have the latest Java.
    First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
    I see:
    Java 7 Update 45 
    Java 7 Update 71 
     
    Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
     
    If you feel you must have Java:
    Get the latest Java at:
     
    Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
    Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
     
    (If you also want the 64 bit version then use the 64 bit version of IE to get it.)
     
     
    Have things improved?  
     
    You are getting several errors but they may be caused by not connecting to the domain controller.  I assume you were not in the office when you ran the scan?

    • 0

    Advertisements


    #11
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    Completely removed java and cleared cache before I removed it.

     

    No I was in the office when I ran FRST64 and those were the log files I posted.

     

    Still have hyper links and pop-ups but the redirects have taper off.


    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    In which browsers do you see the hyperlinks?

     

    Do you still see them in FF in its Safe mode?  https://support.mozi...using-safe-mode

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

    • 0

    #13
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    I see them in both Firefox and explorer, Don't see them in safe mode.

     

    Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
    System Idle Process    89.04    0 K    24 K    0            
    procexp64.exe    2.65    37,116 K    60,080 K    7056    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
    System    1.13    168 K    868 K    4            
    firefox.exe    1.41    326,556 K    371,584 K    5760    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    FlashPlayerPlugin_16_0_0_305.exe    0.67    30,456 K    32,640 K    5720    Adobe Flash Player 16.0 r0    Adobe Systems, Inc.    (Verified) Adobe Systems Incorporated
    SCComm.exe    0.66    106,932 K    20,332 K    2528    SCComm    Malwarebytes Corporation    (No signature was present in the subject) Malwarebytes Corporation
    Interrupts    0.55    0 K    0 K    n/a    Hardware Interrupts and DPCs        
    dwm.exe    0.49    36,384 K    41,452 K    3844    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
    plugin-container.exe    0.42    12,348 K    13,724 K    5956    Plugin Container for Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
    FlashPlayerPlugin_16_0_0_305.exe    0.31    4,852 K    10,424 K    6056    Adobe Flash Player 16.0 r0    Adobe Systems, Inc.    (Verified) Adobe Systems Incorporated
    csrss.exe    0.24    3,552 K    8,664 K    636    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    vpnui.exe    0.23    6,036 K    17,280 K    4896    Cisco AnyConnect User Interface    Cisco Systems, Inc.    (Verified) Cisco Systems
    svchost.exe    0.18    3,768 K    8,576 K    1856    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    avp.exe    0.14    265,460 K    26,028 K    1192    Kaspersky Anti-Virus    Kaspersky Lab ZAO    (Verified) Kaspersky Lab
    avp.exe    0.08    6,092 K    4,172 K    4828    Kaspersky Anti-Virus    Kaspersky Lab ZAO    (Verified) Kaspersky Lab
    svchost.exe    0.07    24,328 K    18,964 K    440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.06    24,784 K    34,028 K    1104    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    IAStorDataMgrSvc.exe    0.05    22,148 K    20,032 K    3572    IAStorDataSvc    Intel Corporation    (Verified) Intel Corporation
    explorer.exe    0.03    28,740 K    50,628 K    3180    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    0.02    13,604 K    18,984 K    1052    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    IAStorIcon.exe    0.02    27,516 K    25,708 K    5112    IAStorIcon    Intel Corporation    (Verified) Intel Corporation
    CCC.exe    0.01    107,372 K    16,680 K    3368    Catalyst Control Center: Host application    ATI Technologies Inc.    (No signature was present in the subject) ATI Technologies Inc.
    audiodg.exe    0.01    17,364 K    18,784 K    1200    Windows Audio Device Graph Isolation     Microsoft Corporation    (Verified) Microsoft Windows
    lsass.exe    0.01    6,316 K    12,096 K    700    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
    MOM.exe    0.01    40,540 K    7,292 K    3508    Catalyst Control Center: Monitoring program    Advanced Micro Devices Inc.    (No signature was present in the subject) Advanced Micro Devices Inc.
    svchost.exe    0.01    16,756 K    15,588 K    1624    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    SearchIndexer.exe    < 0.01    22,384 K    18,680 K    4876    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
    BTStackServer.exe    < 0.01    23,372 K    18,920 K    4960    Bluetooth Stack COM Server    Broadcom Corporation.    (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
    LMS.exe    < 0.01    3,120 K    5,888 K    5736    Local Manageability Service    Intel Corporation    (Verified) Intel Corporation
    mbamgui.exe    < 0.01    3,204 K    6,972 K    3184    Malwarebytes Anti-Malware (MEE)    Malwarebytes Corporation    (Verified) Malwarebytes Corporation
    taskhost.exe    < 0.01    7,924 K    9,544 K    3788    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
    csrss.exe    < 0.01    2,736 K    4,516 K    544    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
    HPPA_Main.exe    < 0.01    79,452 K    50,668 K    3768    HP Power Assistant    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    HPPA_Service.exe    < 0.01    62,932 K    53,032 K    5324    HPPA_Service    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    SynTPEnh.exe    < 0.01    9,684 K    8,180 K    4304    Synaptics TouchPad Enhancements    Synaptics Incorporated    (Verified) Microsoft Windows Hardware Compatibility Publisher
    nusb3mon.exe    < 0.01    1,780 K    4,784 K    4140    USB 3.0 Monitor    Renesas Electronics Corporation    (Verified) Renesas Electronics Corporation
    stacsv64.exe    < 0.01    6,712 K    6,600 K    1136    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
    spoolsv.exe    < 0.01    15,172 K    14,688 K    1824    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe    < 0.01    39,852 K    37,844 K    1888    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    hpservice.exe    < 0.01    1,832 K    4,124 K    1500    HpService    Hewlett-Packard Company    (Verified) Microsoft Windows Hardware Compatibility Publisher
    WmiPrvSE.exe        3,868 K    7,528 K    3528    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    WmiPrvSE.exe        4,120 K    8,284 K    5356    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
    winlogon.exe        3,284 K    5,816 K    800    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
    wininit.exe        1,716 K    4,028 K    616    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
    vpnagent.exe        4,724 K    11,496 K    1556    VPN Agent Service    Cisco Systems, Inc.    (Verified) Cisco Systems
    unsecapp.exe        1,784 K    4,348 K    2920    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
    UNS.exe        6,004 K    11,692 K    5168    User Notification Service    Intel Corporation    (Verified) Intel Corporation
    taskeng.exe        2,068 K    5,448 K    3152    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
    SynTPHelper.exe        1,596 K    2,988 K    4492    Synaptics Pointing Device Helper    Synaptics Incorporated    (Verified) Microsoft Windows Hardware Compatibility Publisher
    svchost.exe        126,416 K    126,480 K    436    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        4,788 K    7,944 K    896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        5,092 K    8,508 K    976    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        43,668 K    14,972 K    3500    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,104 K    4,688 K    2548    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        6,084 K    10,988 K    1372    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        1,992 K    4,844 K    2980    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        1,356 K    3,400 K    2288    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        2,636 K    4,916 K    3660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    svchost.exe        1,352 K    3,344 K    2444    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
    sttray64.exe        8,960 K    8,476 K    4104    IDT PC Audio    IDT, Inc.    (Verified) Microsoft Windows Hardware Compatibility Publisher
    smss.exe        544 K    1,040 K    412    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
    services.exe        7,468 K    12,920 K    676    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
    SDKCOMServer.exe        3,800 K    9,552 K    5364    PDI SDK COM Server for x64/x86 interop    Portrait Displays, Inc    (Verified) Portrait Displays
    rundll32.exe        1,468 K    4,992 K    4192    Windows host process (Rundll32)    Microsoft Corporation    (Verified) Microsoft Windows
    rpcnet.exe        2,004 K    5,280 K    2464    rpcnet    Absolute Software Corp.    (Verified) Absolute Software Corp.
    RoxioBurnLauncher.exe        5,852 K    10,416 K    4324    Roxio Burn Launcher        (Verified) Sonic Solutions
    QLBController.exe        49,764 K    37,008 K    5028    QLBController    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    procexp.exe        2,340 K    7,380 K    6980    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
    PresentationFontCache.exe        27,668 K    20,156 K    5240    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Windows
    pdisrvc.exe        1,300 K    4,148 K    2396    pdisrvc    Portrait Displays, Inc.    (Verified) Portrait Displays
    pdfsvc.exe        2,212 K    6,404 K    2332    Dispatcher    PDF Complete Inc    (Verified) PDF Complete
    OSPPSVC.EXE        3,956 K    11,428 K    2140    Microsoft Office Software Protection Platform Service    Microsoft Corporation    (Verified) Microsoft Corporation
    mbamservice.exe        294,540 K    78,692 K    2256    Malwarebytes Anti-Malware (MEE)    Malwarebytes Corporation    (Verified) Malwarebytes Corporation
    mbamscheduler.exe        2,160 K    4,628 K    2220    Malwarebytes Anti-Malware (MEE)    Malwarebytes Corporation    (Verified) Malwarebytes Corporation
    LTSvcMon.exe        20,372 K    13,256 K    5448    LabTech Service Watchdog    LabTech Software    (No signature was present in the subject) LabTech Software
    LSSrvc.exe        1,352 K    3,972 K    2184    LightScribe Service    Hewlett-Packard Company    (No signature was present in the subject) Hewlett-Packard Company
    lsm.exe        3,200 K    5,560 K    708    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
    LightScribeControlPanel.exe        8,080 K    7,256 K    4456        Hewlett-Packard Company    (No signature was present in the subject) Hewlett-Packard Company
    hpqWmiEx.exe        4,840 K    8,844 K    3176    HP Software Framework WMI Service    Hewlett-Packard Company    (Verified) Hewlett-Packard Company
    hpHotkeyMonitor.exe        6,288 K    5,940 K    2068    hpHotkeyMonitor Service    Hewlett-Packard Company    (A certificate was explicitly revoked by its issuer) Hewlett-Packard Company
    ccmsetup.exe        4,880 K    10,820 K    3120    ccmsetup.exe    Microsoft Corporation    (Verified) Microsoft Corporation
    btwdins.exe        2,884 K    7,684 K    1552    Bluetooth Support Server    Broadcom Corporation.    (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
    BTTray.exe        7,728 K    12,192 K    4624    Bluetooth Tray Application    Broadcom Corporation.    (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
    BluetoothHeadsetProxy.exe        1,048 K    3,752 K    4188    Bluetooth Headset Skype Proxy    Broadcom Corporation.    (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
    atiesrxx.exe        1,720 K    3,852 K    368    AMD External Events Service Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
    atieclxx.exe        2,736 K    5,720 K    1572    AMD External Events Client Module    AMD    (Verified) Microsoft Windows Hardware Compatibility Publisher
    armsvc.exe        1,240 K    3,796 K    2000    Adobe Acrobat Update Service    Adobe Systems Incorporated    (Verified) Adobe Systems
    AESTSr64.exe        1,296 K    2,332 K    2036    Andrea filters APO access service (64-bit)    Andrea Electronics Corporation    (Verified) Microsoft Windows Hardware Compatibility Publisher
    acrotray.exe        1,348 K    4,220 K    4580    AcroTray    Adobe Systems Inc.    (Verified) Adobe Systems
     


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    The fact that the links don't show in FF Safe Mode would seem to indicate an add-on is causing the problem.  Click on the three horizontal bars icon in the upper right of FF.  Then on Add-ons.  Then on Extensions.  I would start with Zoom it since it is a fairly new install.  Click on the Disable button and then restart FF.  If that doesn't help then Disable any other Extensions one at a time and then move to Plugins.  Also click on Appearance and make sure you are using the Default theme.  


    • 0

    #15
    insparks

    insparks

      Member

    • Topic Starter
    • Member
    • PipPip
    • 49 posts

    okay by removing Zoom did it, all the hyperlinks are gone and it seems to back to normal. Thank you very much better than my cities IT department could of done.................. :D


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP