Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

White screen after login


  • Please log in to reply

#1
neonhomer

neonhomer

    Member

  • Member
  • PipPip
  • 13 posts
Windows 7 x32.
 
I had to uninstall Cisco AnyConnect VPN client, and after I reboot my system and log in, I get a white screen with a mouse cursor. After that, the system is unresponsive.  I can reboot into safe mode without issue. The only way to get back to a useable state, is to restore back to previous point.
 
I am not sure if it a virus or what, but it seems to have some of the earmarks of the ZeroAccess infection.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015

Ran by Kevin (administrator) on KEVIN-PC on 11-05-2015 20:27:08

Running from C:\Users\Kevin\Downloads

Loaded Profiles: Kevin (Available profiles: Kevin)

Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/



==================== Processes (Whitelisted) =================



(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Schneider Electric Buildings LLC) C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\S2ConnectAgent\bin\SE.SBO.S2ConnectESAgent.exe

(Schneider Electric Buildings LLC) C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\Enterprise Server\bin\SE.SBO.EnterpriseServer.exe

(Flexera Software LLC.) C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\License Server\lmadmin.exe

() C:\Users\Kevin\AppData\Local\Temp\INSTAL~1.EXE

(Demo Corporation) C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\License Server\taclic.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe

(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeterSvc.exe

(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

(Echelon Corporation) C:\Program Files\LonWorks\bin\LnsMtsSvc.exe

() C:\niagara\niagara-3.6.406\bin\niagarad.exe

(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe

() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

() C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Acresso Software Inc.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Hagel Technologies Ltd.) C:\Program Files\DU Meter\DUMeter.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe

(Akamai Technologies, Inc.) C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe





==================== Registry (Whitelisted) ==================



(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2014-09-04] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2014-09-04] (Adobe Systems Inc.)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)

HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-07-22] (IDT, Inc.)

HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [761648 2014-05-08] (Palo Alto Networks)

HKLM\...\Run: [T-Mobile webConnect Manager] => C:\Program Files\T-Mobile\webConnect Manager\TMobileCM.exe [22296 2009-09-28] (T-Mobile)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2015-02-16] (LogMeIn, Inc.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Kevin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Run: [Spotify Web Helper] => C:\Users\Kevin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2020920 2015-04-23] (Spotify Ltd)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Run: [DU Meter] => C:\Program Files\DU Meter\DUMeter.exe [1832448 2013-12-28] (Hagel Technologies Ltd.)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Run: [Spotify] => C:\Users\Kevin\AppData\Roaming\Spotify\Spotify.exe [7168568 2015-04-23] (Spotify Ltd)

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: G - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {12c34dfc-1702-11e3-84a8-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {1ca6f48b-244b-11e3-9c3d-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {345226d1-d7af-11e4-b5c2-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {34522707-d7af-11e4-b5c2-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {3452270f-d7af-11e4-b5c2-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {3452271a-d7af-11e4-b5c2-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {5300ef06-d7a8-11e4-9ea8-463500000031} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {5300ef11-d7a8-11e4-9ea8-463500000031} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {58981ac2-bc02-11e3-9228-463500000031} - H:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {771f709c-e01a-11e3-8fad-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {771f70a6-e01a-11e3-8fad-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {771f71b7-e01a-11e3-8fad-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {771f755d-e01a-11e3-8fad-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {7a351747-127a-11e4-8d17-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {7a35177b-127a-11e4-8d17-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {7a351788-127a-11e4-8d17-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {7a3517c3-127a-11e4-8d17-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {b19ccc4b-b083-11e4-8b1c-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {b19ccc4e-b083-11e4-8b1c-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {b19ccc5b-b083-11e4-8b1c-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {c14e74c9-3b39-11e3-8b8c-1c659d4e8030} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {cfe0504b-d4ac-11e4-96d6-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {cfe0508f-d4ac-11e4-96d6-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {dad7f502-8a7c-11e3-897c-463500000031} - G:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fa869963-4996-11e4-b7b7-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fa86996c-4996-11e4-b7b7-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fa869994-4996-11e4-b7b7-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fa86999a-4996-11e4-b7b7-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fa8699a3-4996-11e4-b7b7-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\MountPoints2: {fc9de195-cf5f-11e4-8d3a-1c659d4e8030} - G:\AutoRun.exe

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-07] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-13]

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CineForm Status.lnk [2014-06-19]

ShortcutTarget: CineForm Status.lnk -> C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe (GoPro)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk [2014-05-19]

ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk [2013-09-03]

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico ()

Startup: C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-02-01]

ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION



==================== Internet (Whitelisted) ====================



(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000 -> DefaultScope {2D9269D1-BD99-4989-96B2-9C68E1B86482} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000 -> {2D9269D1-BD99-4989-96B2-9C68E1B86482} URL = https://www.google.c...q={searchTerms}

BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-04] (Oracle Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-03-10] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-04] (Oracle Corporation)

Toolbar: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2014-09-04] (Adobe Systems Incorporated)

DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab

DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://mcvlink.mayo...,2012,1109,1339

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://mcvlink.mayo...,2012,1109,1401

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} https://mcvlink.mayo...,2012,1109,1356

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\Kevin\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB

DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} https://mcvlink.mayo...,2012,1109,1342

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://mcvlink.mayo...,2012,1109,1353

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://mcvlink.mayo...,2012,1109,1409

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt



FireFox:

========

FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yjlvtpwt.default-1428927656432

FF DefaultSearchEngine.US: Google

FF Homepage: hxxp://www.google.com

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2012-08-08] ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-04] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-04] (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-02-06] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Kevin\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-10-15] (Cisco WebEx LLC)

FF Extension: Bitdefender QuickScan - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yjlvtpwt.default-1428927656432\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2015-05-11]

FF Extension: NoScript - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yjlvtpwt.default-1428927656432\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-04-13]

FF Extension: Adblock Plus - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\yjlvtpwt.default-1428927656432\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-13]

FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-06-07]



Chrome:

=======

CHR dev: Chrome dev build detected! <======= ATTENTION



========================== Services (Whitelisted) =================



(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



R2 Building Operation 1.6 Connect Agent; C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\S2ConnectAgent\bin\SE.SBO.S2ConnectESAgent.exe [48376 2015-03-27] (Schneider Electric Buildings LLC)

R2 Building Operation 1.6 Enterprise Server; C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\Enterprise Server\bin\SE.SBO.EnterpriseServer.exe [15655672 2015-03-27] (Schneider Electric Buildings LLC)

R2 Building Operation 1.6 License Server; C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\License Server\lmadmin.exe [6975864 2015-01-16] (Flexera Software LLC.)

S3 Building Operation 1.6 Project Configuration Server; C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\Project Configuration Server\bin\SE.SBO.ProjectConfigurationServer.exe [15597304 2015-02-12] (Schneider Electric Buildings LLC)

R2 CiscoVpnInstallService; C:\Users\Kevin\AppData\Local\Temp\INSTAL~1.EXE [221315 2010-09-27] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1846968 2015-04-22] (Microsoft Corporation)

R2 Crypkey License; C:\Windows\system32\crypserv.exe [73728 2005-09-09] (CrypKey (Canada) Ltd.) [File not signed]

R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)

R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [390000 2011-07-28] (Dell Inc.)

R2 DUMeterSvc; C:\Program Files\DU Meter\DUMeterSvc.exe [1062912 2013-12-28] (Hagel Technologies Ltd.) [File not signed]

S3 LdvxBroker; C:\Program Files\LonWorks\bin\LdvxBroker.exe [142664 2011-08-16] (Echelon Corporation)

R2 LnsMtsSvc; C:\Program Files\LonWorks\bin\LnsMtsSvc.exe [70984 2011-08-16] (Echelon Corporation)

S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed]

R2 Niagara; C:\niagara\niagara-3.6.406\bin\niagarad.exe [246544 2013-08-02] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)

S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [33080 2015-03-19] (The OpenVPN Project)

R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [1112880 2014-05-08] (Palo Alto Networks)

R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed]

R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-07-22] (IDT, Inc.)

R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [256800 2013-12-03] (Dell SonicWALL, Inc.)

R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5400848 2014-11-03] (TeamViewer GmbH)

S3 TMobileRcAppSvc; C:\Program Files\T-Mobile\webConnect Manager\RcAppSvc.exe [120088 2009-08-13] (SmithMicro Inc.)

R2 Tracer TU Service; C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe [114176 2015-03-05] () [File not signed]

S2 vlonaxSvc; C:\Windows\system32\vlonax.exe [38912 2006-06-28] () [File not signed]

R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [555408 2013-03-26] (Cisco Systems, Inc.)

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [X]



==================== Drivers (Whitelisted) ====================



(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



S3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2011-07-22] (ST Microelectronics)

S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2013-03-26] (Cisco Systems, Inc.)

R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4096 2013-10-04] (Windows ® Codename Longhorn DDK provider)

R3 BTWAMPFL; C:\Windows\System32\DRIVERS\btwampfl.sys [300584 2012-12-13] (Broadcom Corporation.)

S3 CpUSB32; C:\Windows\System32\Drivers\CpUSB32.sys [20888 2013-06-07] (YASKAWA ELECTRIC CORPORATION)

S3 cpuz136; C:\Program Files\CPUID\PC Wizard 2013\pcwiz_x32.sys [25320 2013-08-24] (CPUID)

S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.) [File not signed]

R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [40296 2012-03-12] (Broadcom Corporation)

R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [108368 2013-10-03] (Citrix Systems, Inc.)

S3 DUMeterDrv; C:\Program Files\DU Meter\DUMETR32.SYS [19720 2014-11-13] (Hagel Technologies Ltd.)

S3 EVOUSB; C:\Windows\System32\Drivers\evousb.sys [36696 2012-05-30] (Trane)

S3 f5ipfw; C:\Windows\system32\drivers\urfltwlh.sys [13984 2012-11-09] (F5 Networks, Inc.)

S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [60104 2010-08-19] (FTDI Ltd.)

R2 giveio; C:\Windows\system32\giveio.sys [5248 1996-04-03] () [File not signed]

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV32.sys [105984 2009-10-27] (QUALCOMM Incorporated)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)

R3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)

R1 MpKslc652c1d8; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E9CC9A5D-CC27-4BA1-9CBF-2180C67C3E93}\MpKslc652c1d8.sys [39464 2015-05-11] (Microsoft Corporation)

S3 nBacES60; C:\Windows\System32\DRIVERS\nBacES60.sys [28160 2012-12-13] (Tridium, Inc.)

R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [6814720 2010-07-14] (Intel Corporation)

R1 NetworkX; C:\Windows\system32\ckldrv.sys [31654 2004-07-29] () [File not signed]

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

R3 PanGpd; C:\Windows\System32\DRIVERS\pangpd.sys [32256 2014-05-08] (Palo Alto Networks)

S3 pnplon; C:\Windows\System32\drivers\pnplon.sys [21959 2010-08-12] (Echelon Corporation)

R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-19] (REDC)

S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [139776 2013-10-25] (Prolific Technology Inc.)

R2 speedfan; C:\Windows\system32\speedfan.sys [24184 2012-12-29] (Almico Software)

R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [95120 2013-12-03] (Dell SonicWALL, Inc.)

S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2013-08-26] (SonicWALL, Inc.)

R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2014-11-05] (The OpenVPN Project)

R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnwlh.sys [37024 2012-11-09] (F5 Networks, Inc.)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)

S3 vpcuxd; C:\Windows\System32\DRIVERS\vpcuxd.sys [12800 2010-11-20] (Microsoft Corporation)

R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S4 LMIRfsClientNP; No ImagePath

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]



==================== NetSvcs (Whitelisted) ===================



(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)





==================== One Month Created Files and Folders ========



(If an entry is included in the fixlist, the file\folder will be moved.)



2015-05-11 20:27 - 2015-05-11 20:27 - 00030905 _____ () C:\Users\Kevin\Downloads\FRST.txt

2015-05-11 20:27 - 2015-05-11 20:27 - 00000000 ____D () C:\FRST

2015-05-11 20:26 - 2015-05-11 20:26 - 01141248 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe

2015-05-11 20:08 - 2015-05-11 20:08 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeIn

2015-05-11 20:08 - 2015-05-11 20:08 - 00000000 ____D () C:\ProgramData\LogMeIn

2015-05-11 19:10 - 2015-05-11 19:13 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\QuickScan

2015-05-11 19:08 - 2015-05-11 19:08 - 00001090 _____ () C:\Users\Kevin\Desktop\checkup.txt

2015-05-11 19:08 - 2015-05-11 19:08 - 00001046 _____ () C:\Users\Kevin\Desktop\MBAM.txt

2015-05-11 15:12 - 2015-05-11 15:12 - 00147746 _____ () C:\Users\Kevin\Desktop\OTL.Txt

2015-05-11 15:12 - 2015-05-11 15:12 - 00076970 _____ () C:\Users\Kevin\Desktop\Extras.Txt

2015-05-11 15:11 - 2015-05-11 15:11 - 00076970 _____ () C:\Users\Kevin\Downloads\Extras.Txt

2015-05-11 15:09 - 2015-05-11 15:09 - 00147746 _____ () C:\Users\Kevin\Downloads\OTL.Txt

2015-05-11 15:00 - 2015-05-11 15:00 - 00001087 _____ () C:\Users\Kevin\Desktop\AdwCleaner[R2].txt

2015-05-11 14:23 - 2015-05-11 14:23 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices

2015-05-11 11:22 - 2015-05-11 13:27 - 00000000 ____D () C:\Windows\pss

2015-05-08 09:53 - 2015-05-11 14:57 - 00000000 ____D () C:\AdwCleaner

2015-05-07 10:25 - 2015-05-07 10:25 - 00000000 ____D () C:\Users\Kevin\Downloads\DualMonitorTools-1.10

2015-05-07 10:21 - 2015-05-07 10:21 - 06484352 _____ (Piriform Ltd) C:\Users\Kevin\Downloads\ccsetup505.exe

2015-05-06 11:16 - 2015-05-11 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows

2015-05-06 11:16 - 2015-05-11 19:47 - 00000000 ____D () C:\Program Files\TAP-Windows

2015-05-06 11:16 - 2015-05-06 11:16 - 00001065 _____ () C:\Users\Public\Desktop\OpenVPN GUI.lnk

2015-05-06 11:15 - 2015-05-11 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN

2015-05-06 11:15 - 2015-05-11 19:47 - 00000000 ____D () C:\Program Files\OpenVPN

2015-05-06 11:15 - 2015-05-06 11:15 - 01699584 _____ () C:\Users\Kevin\Downloads\openvpn-install-2.3.6-I603-i686.exe

2015-05-06 10:31 - 2015-05-06 10:31 - 08254766 _____ () C:\Users\Kevin\Downloads\npp.6.7.7.Installer.exe

2015-05-05 10:22 - 2015-05-05 10:22 - 00000173 _____ () C:\Users\Kevin\Documents\DSLMinecraftList.txt

2015-05-05 10:22 - 2015-05-05 10:22 - 00000082 _____ () C:\Users\Kevin\Documents\TMoHotspotKey.txt

2015-05-04 15:10 - 2015-05-04 15:10 - 00000000 ____D () C:\Program Files\Common Files\Java

2015-05-01 15:19 - 2015-05-11 19:47 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-05-01 15:19 - 2015-05-01 15:19 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-05-01 15:17 - 2015-05-01 15:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Kevin\Downloads\mbar-1.09.1.1004.exe

2015-05-01 15:16 - 2015-05-01 15:16 - 16873560 _____ () C:\Users\Kevin\Downloads\RogueKiller.exe

2015-05-01 15:04 - 2015-05-01 15:04 - 00000000 ____D () C:\Users\Kevin\AppData\Local\IsolatedStorage

2015-05-01 13:37 - 2015-05-01 13:37 - 00000392 _____ () C:\Users\Kevin\Desktop\Yammer Notifier.appref-ms

2015-05-01 13:37 - 2015-05-01 13:37 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Yammer

2015-05-01 13:37 - 2015-05-01 13:37 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation

2015-05-01 13:37 - 2015-05-01 13:37 - 00000000 ____D () C:\ProgramData\Yammer

2015-05-01 13:36 - 2015-05-01 13:36 - 00483496 _____ () C:\Users\Kevin\Downloads\YammerDesktopSetup.exe

2015-04-29 08:01 - 2015-05-07 10:24 - 00318511 _____ () C:\Users\Kevin\Downloads\DualMonitorTools-1.10.zip

2015-04-28 07:56 - 2015-04-28 07:57 - 00278816 _____ () C:\Windows\Minidump\042815-18610-01.dmp

2015-04-28 07:56 - 2015-04-28 07:56 - 444176998 _____ () C:\Windows\MEMORY.DMP

2015-04-24 10:55 - 2015-04-24 10:57 - 00000000 ____D () C:\Users\Kevin\Downloads\BASRT-B_Firmware_Ver_2.7.2

2015-04-22 11:30 - 2015-04-22 11:30 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Dell SonicWALL

2015-04-22 11:14 - 2015-04-22 11:14 - 00002146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Global VPN Client.lnk

2015-04-22 11:14 - 2013-12-03 16:25 - 00095120 _____ (Dell SonicWALL, Inc.) C:\Windows\system32\Drivers\SWIPsec.sys

2015-04-22 11:13 - 2015-04-22 11:13 - 00000000 ____D () C:\Program Files\Dell SonicWALL

2015-04-22 11:12 - 2015-04-22 11:12 - 18484208 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\GVCSetup32_4.9.0.1202_EN.exe

2015-04-22 11:12 - 2015-04-22 11:12 - 15550232 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\GVCSetup64_4.9.0.1202_EN.exe

2015-04-21 14:56 - 2015-04-21 14:56 - 00001814 _____ () C:\Users\Kevin\Documents\K03 Turbos.txt

2015-04-20 14:02 - 2015-04-20 14:02 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk

2015-04-20 14:02 - 2015-04-20 14:02 - 00000958 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2015-04-20 14:02 - 2015-04-20 14:02 - 00000000 ____D () C:\Users\Kevin\AppData\Local\LogMeInIgnition

2015-04-20 14:02 - 2015-02-16 18:10 - 00086912 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll

2015-04-20 14:02 - 2015-02-16 18:09 - 00085864 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

2015-04-20 14:02 - 2015-02-16 18:09 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll

2015-04-20 14:02 - 2015-02-16 17:59 - 00047640 _____ (LogMeIn, Inc.) C:\Windows\system32\Drivers\LMIRfsDriver.sys

2015-04-20 14:01 - 2015-05-11 19:47 - 00000000 ____D () C:\Program Files\LogMeIn

2015-04-20 14:00 - 2015-04-20 14:00 - 27893760 _____ () C:\Users\Kevin\Downloads\LogMeIn.msi

2015-04-20 08:41 - 2015-04-20 08:41 - 00000000 ____D () C:\Users\Kevin\Downloads\SystemMonitorII

2015-04-20 08:39 - 2015-04-20 08:39 - 00392544 _____ () C:\Users\Kevin\Downloads\SystemMonitorII.zip

2015-04-20 08:25 - 2015-05-11 20:17 - 00000304 _____ () C:\Windows\errord.log

2015-04-17 12:25 - 2015-04-17 13:45 - 00000000 ____D () C:\Program Files\SpeedFan

2015-04-17 12:25 - 2015-04-17 12:25 - 00000969 _____ () C:\Users\Kevin\Desktop\SpeedFan.lnk

2015-04-17 12:25 - 2015-04-17 12:25 - 00000045 _____ () C:\Windows\system32\initdebug.nfo

2015-04-17 12:25 - 2015-04-17 12:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan

2015-04-17 12:24 - 2015-04-17 12:24 - 02218504 _____ () C:\Users\Kevin\Downloads\instspeedfan451.exe

2015-04-15 13:26 - 2015-04-15 13:26 - 00000000 ____D () C:\Users\Kevin\Downloads\E7752v1.2

2015-04-15 13:25 - 2015-04-15 13:25 - 07758798 _____ () C:\Users\Kevin\Downloads\E7752v1.2.zip

2015-04-15 13:12 - 2015-04-15 13:12 - 70087104 _____ (Microsoft Corporation) C:\Users\Kevin\Downloads\NDP451-KB2858728-x86-x64-AllOS-ENU.exe

2015-04-15 12:52 - 2015-05-11 20:18 - 00002708 _____ () C:\Windows\setupact.log

2015-04-15 12:52 - 2015-04-15 12:52 - 00000000 _____ () C:\Windows\setuperr.log

2015-04-15 10:07 - 2015-03-24 23:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-15 10:07 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-15 10:07 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-15 10:07 - 2015-03-24 23:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 10:07 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-04-15 10:07 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-15 10:07 - 2015-03-17 01:01 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-04-15 10:07 - 2015-03-17 01:01 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-04-15 10:07 - 2015-03-17 00:59 - 01306112 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-04-15 10:07 - 2015-03-17 00:57 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-04-15 10:07 - 2015-03-17 00:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2015-04-15 10:07 - 2015-03-17 00:56 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2015-04-15 10:07 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-04-15 10:07 - 2015-03-17 00:56 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2015-04-15 10:07 - 2015-03-17 00:56 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-04-15 10:07 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-04-15 10:07 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-04-15 10:07 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-04-15 10:07 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-04-15 10:07 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2015-04-15 10:07 - 2015-03-05 00:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2015-04-15 10:06 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-04-15 10:06 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 10:06 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-04-15 10:06 - 2015-03-12 23:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-04-15 10:06 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 10:06 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-04-15 10:06 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2015-04-15 10:06 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-04-15 10:06 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-04-15 10:06 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 10:06 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-04-15 10:06 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-04-15 10:06 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-04-15 10:06 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-04-15 10:06 - 2015-03-12 23:16 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-04-15 10:06 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-04-15 10:06 - 2015-03-12 23:09 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-04-15 10:06 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-04-15 10:06 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-04-15 10:06 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-04-15 10:06 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 10:06 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-04-15 10:06 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 10:06 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 10:06 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-04-15 10:06 - 2015-03-12 22:43 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-15 10:06 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-04-15 10:06 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 10:06 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 10:06 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 10:06 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-15 09:56 - 2015-03-04 00:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2015-04-15 09:56 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 09:43 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2015-04-15 09:43 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2015-04-15 09:43 - 2015-02-24 23:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-13 18:54 - 2015-05-07 10:21 - 04532776 _____ (Piriform Ltd) C:\Users\Kevin\Downloads\dfsetup219.exe

2015-04-13 08:52 - 2015-04-27 10:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2015-04-13 08:52 - 2015-04-27 10:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2015-04-13 08:52 - 2015-04-13 08:52 - 00001121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2015-04-13 08:52 - 2015-04-13 08:52 - 00001109 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2015-04-13 08:52 - 2015-04-13 08:52 - 00000000 ____D () C:\ProgramData\Mozilla

2015-04-13 08:35 - 2015-04-13 08:36 - 40866864 _____ () C:\Users\Kevin\Downloads\Firefox Setup 37.0.1.exe

2015-04-13 08:35 - 2015-04-13 08:35 - 00243312 _____ () C:\Users\Kevin\Downloads\Firefox Setup Stub 37.0.1.exe

2015-04-13 08:33 - 2015-04-13 08:33 - 00018005 _____ () C:\bookmarks-2015-04-13.json

2015-04-13 08:21 - 2015-04-13 08:21 - 00000000 ____D () C:\Users\Kevin\Desktop\Old Firefox Data

2015-04-13 08:19 - 2014-09-17 11:41 - 00000822 _____ () C:\Windows\system32\Drivers\etc\hosts.20150413-081947.backup

2015-04-13 08:13 - 2015-05-11 19:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2015-04-13 08:13 - 2015-04-13 08:15 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy

2015-04-13 08:13 - 2015-04-13 08:13 - 00001220 _____ () C:\Users\Kevin\Desktop\Spybot - Search & Destroy.lnk

2015-04-13 08:13 - 2015-04-13 08:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

2015-04-13 08:12 - 2015-04-13 08:12 - 16409960 _____ (Safer Networking Limited ) C:\Users\Kevin\Downloads\spybotsd162.exe

2015-04-13 08:05 - 2015-04-13 08:05 - 00000721 _____ () C:\kvmitremove.bat

2015-04-13 07:58 - 2015-04-13 08:00 - 00000000 ____D () C:\ProgramData\10317275555858018056



==================== One Month Modified Files and Folders =======



(If an entry is included in the fixlist, the file\folder will be moved.)



2015-05-11 20:26 - 2009-07-14 00:34 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-05-11 20:26 - 2009-07-14 00:34 - 00020880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-05-11 20:25 - 2012-12-13 18:52 - 00786474 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-05-11 20:25 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\tracing

2015-05-11 20:22 - 2014-05-29 14:49 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Spotify

2015-05-11 20:21 - 2012-12-13 18:49 - 01782753 _____ () C:\Windows\WindowsUpdate.log

2015-05-11 20:19 - 2014-06-03 09:42 - 00058170 _____ () C:\Users\Kevin\PanGPA.log

2015-05-11 20:19 - 2014-05-29 14:49 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Spotify

2015-05-11 20:18 - 2014-04-14 10:15 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-11 20:18 - 2014-01-15 11:40 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-05-11 20:18 - 2013-08-15 09:59 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2015-05-11 20:18 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-05-11 20:10 - 2013-06-06 13:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-05-11 20:07 - 2012-12-13 18:49 - 00000000 ____D () C:\Users\Kevin

2015-05-11 19:47 - 2015-04-09 09:13 - 00000000 ___SD () C:\Windows\system32\GWX

2015-05-11 19:47 - 2014-10-15 10:46 - 00000000 ____D () C:\ProgramData\WebEx

2015-05-11 19:47 - 2014-10-01 14:16 - 00000000 ____D () C:\Windows\Minidump

2015-05-11 19:47 - 2014-06-19 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro

2015-05-11 19:47 - 2014-06-19 11:11 - 00000000 ____D () C:\Program Files\GoPro

2015-05-11 19:47 - 2014-06-17 11:25 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Equalify

2015-05-11 19:47 - 2014-01-15 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-05-11 19:47 - 2014-01-15 15:13 - 00000000 ____D () C:\Program Files\CCleaner

2015-05-11 19:47 - 2013-08-01 13:57 - 00000000 ____D () C:\ProgramData\FLEXnet

2015-05-11 19:47 - 2013-02-01 15:19 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Mozilla

2015-05-11 19:47 - 2012-12-13 19:46 - 00000000 ____D () C:\Program Files\Cisco

2015-05-11 19:47 - 2012-12-13 19:17 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Akamai

2015-05-11 19:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\wfp

2015-05-11 19:47 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration

2015-05-11 19:46 - 2014-06-19 11:12 - 00000000 ____D () C:\Program Files\CineForm

2015-05-11 19:46 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

2015-05-11 19:35 - 2014-05-15 09:50 - 00000000 ____D () C:\ProgramData\Cisco

2015-05-11 12:41 - 2013-02-04 08:20 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\TeamViewer

2015-05-11 10:11 - 2013-02-01 14:44 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl

2015-05-11 10:06 - 2015-01-26 17:04 - 00000000 ____D () C:\Users\Kevin\Documents\Email Backup

2015-05-08 07:57 - 2014-05-16 07:30 - 00000514 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1648848259-3717912990-1852430799-1000.job

2015-05-08 07:57 - 2014-01-15 11:40 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-05-07 13:48 - 2013-02-01 23:21 - 00000000 ____D () C:\Users\Kevin\AppData\Local\WorkPlace Tech

2015-05-07 10:23 - 2014-01-15 15:13 - 00000969 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2015-05-07 09:38 - 2013-08-02 09:23 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Schneider_Electric_Buildi

2015-05-06 15:16 - 2013-06-07 12:33 - 00000000 ____D () C:\Program Files\Defraggler

2015-05-06 10:32 - 2014-06-20 10:52 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2015-05-06 10:32 - 2013-08-12 11:36 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Notepad++

2015-05-06 09:11 - 2013-06-25 08:59 - 00002240 ____H () C:\Users\Kevin\Documents\Default.rdp

2015-05-06 07:58 - 2013-07-31 13:52 - 00000000 ____D () C:\Users\Kevin\Downloads\AS Stuff

2015-05-05 20:21 - 2015-02-06 11:12 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2015-05-05 09:29 - 2015-03-16 09:41 - 00000000 ____D () C:\Users\Kevin\Documents\Schneider Electric StruxureWare

2015-05-05 08:31 - 2015-03-20 16:24 - 00000122 _____ () C:\Users\Kevin\AppData\Roaming\System Monitor II_UptimeRecord.ini

2015-05-04 15:10 - 2013-11-04 15:37 - 00000000 ____D () C:\ProgramData\Oracle

2015-05-04 15:09 - 2014-10-21 12:28 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

2015-05-04 15:09 - 2014-10-21 12:28 - 00000000 ____D () C:\Program Files\Java

2015-05-01 13:37 - 2012-12-13 19:15 - 00000000 ____D () C:\Users\Kevin\AppData\Local\Deployment

2015-05-01 10:01 - 2013-08-01 13:57 - 00000000 ____D () C:\ProgramData\Schneider Electric StruxureWare

2015-05-01 09:34 - 2014-01-29 15:03 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Schneider Electric StruxureWare

2015-04-30 09:29 - 2014-05-28 13:15 - 00033015 _____ () C:\Users\Kevin\Documents\PaymentsWorkSheet.xlsx

2015-04-24 11:08 - 2015-03-26 14:59 - 00000000 _____ () C:\Users\Kevin\.sam-ba.historysource

2015-04-24 11:07 - 2015-03-26 14:56 - 00000182 _____ () C:\Users\Kevin\_sam-ba.rc

2015-04-23 08:46 - 2013-06-26 08:45 - 00000000 ____D () C:\Users\Kevin\Desktop\Network Config Shortcuts

2015-04-23 08:45 - 2013-06-11 09:07 - 00000000 ____D () C:\NS

2015-04-22 11:39 - 2015-03-20 16:15 - 00000000 ____D () C:\ProgramData\{fee806fa-2ef4-e4e1-fee8-806fa2ef1be8}

2015-04-22 11:22 - 2013-07-10 17:23 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-22 11:16 - 2013-06-07 09:26 - 125832184 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-22 11:13 - 2013-09-03 10:19 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks

2015-04-22 11:11 - 2014-01-14 15:28 - 00000000 ___RD () C:\Users\Kevin\Dropbox (MC2)

2015-04-22 11:10 - 2014-01-14 15:02 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Dropbox

2015-04-21 15:05 - 2012-12-13 18:49 - 00000000 ____D () C:\Users\Kevin\AppData\Local\VirtualStore

2015-04-21 14:58 - 2013-02-04 08:17 - 00000000 ____D () C:\Program Files\TeamViewer

2015-04-21 09:34 - 2014-06-12 13:20 - 00012022 _____ () C:\Users\Kevin\advanced_ip_scanner_MAC.bin

2015-04-20 14:02 - 2015-02-20 09:18 - 00001024 _____ () C:\.rnd

2015-04-20 11:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache

2015-04-20 11:31 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2015-04-20 08:21 - 2013-02-01 21:07 - 00000000 ____D () C:\ProgramData\Microsoft Help

2015-04-20 08:16 - 2013-02-01 22:38 - 00000039 _____ () C:\Windows\vbaddin.ini

2015-04-20 08:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared

2015-04-17 10:10 - 2013-06-06 13:40 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-04-17 10:10 - 2013-06-06 13:40 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-04-13 17:31 - 2014-01-14 15:27 - 00000000 ____D () C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox



==================== Files in the root of some directories =======



2015-03-20 20:38 - 2015-03-20 20:38 - 0002413 _____ () C:\Users\Kevin\AppData\Roaming\System Monitor II_CPU0_Settings.ini

2015-03-20 16:24 - 2015-05-05 08:31 - 0000122 _____ () C:\Users\Kevin\AppData\Roaming\System Monitor II_UptimeRecord.ini

2015-03-09 19:46 - 2015-03-09 19:46 - 0000643 _____ () C:\Users\Kevin\AppData\Local\CastleLinkProps.dat

2013-06-06 15:48 - 2013-10-22 13:20 - 0007624 _____ () C:\Users\Kevin\AppData\Local\Resmon.ResmonCfg



Files to move or delete:

====================

C:\Users\Kevin\PanPortalCfg.dat





Some content of TEMP:

====================

C:\Users\Kevin\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Kevin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2oqose.dll

C:\Users\Kevin\AppData\Local\Temp\installservice.exe

C:\Users\Kevin\AppData\Local\Temp\jre-8u45-windows-au.exe

C:\Users\Kevin\AppData\Local\Temp\npp.6.7.5.Installer.exe

C:\Users\Kevin\AppData\Local\Temp\npp.6.7.7.Installer.exe

C:\Users\Kevin\AppData\Local\Temp\sfamcc00001.dll

C:\Users\Kevin\AppData\Local\Temp\sfareca00001.dll

C:\Users\Kevin\AppData\Local\Temp\sfextra.dll

C:\Users\Kevin\AppData\Local\Temp\xmlUpdater.exe





==================== Bamital & volsnap Check =================



(There is no automatic fix for files that do not pass verification.)



C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed





LastRegBack: 2015-05-04 12:15



==================== End Of Log ============================

 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015

Ran by Kevin at 2015-05-11 20:28:16

Running from C:\Users\Kevin\Downloads

Boot Mode: Normal

==========================================================





==================== Accounts: =============================



Administrator (S-1-5-21-1648848259-3717912990-1852430799-500 - Administrator - Disabled)

Guest (S-1-5-21-1648848259-3717912990-1852430799-501 - Limited - Disabled)

Kevin (S-1-5-21-1648848259-3717912990-1852430799-1000 - Administrator - Enabled) => C:\Users\Kevin



==================== Security Center ========================



(If an entry is included in the fixlist, it will be removed.)



AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}

AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



==================== Installed Programs ======================



(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



32 Bit HP CIO Components Installer (Version: 17.1.1 - Hewlett-Packard) Hidden

Adobe Acrobat X Standard - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.12 - Adobe Systems)

Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Advanced IP Scanner 2.3 (HKLM\...\{A02F51A7-1982-4B69-8BD3-7D2B86179752}) (Version: 2.3.2161 - Famatech)

Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.60 - Hulubulu Software)

Akamai NetSession Interface (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)

Apple Application Support (HKLM\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}) (Version: 6.0.0.59 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

AtomTime Pro 3.1d (HKLM\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)

BB FlashBack Pro (HKLM\...\BB FlashBack Pro) (Version: 2.8.4.2116 - Blueberry)

BIG-IP Edge Client Components (All Users) (HKLM\...\F5 Networks Client Components) (Version: 70.2012.1109.1344 - F5 Networks, Inc.)

Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden

Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)

Building Operation WorkPlace Tech Editor 1.6 (Version: 1.6.1780 - Schneider Electric) Hidden

Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )

Castle Link (HKLM\...\{102EA762-2C73-418C-B7DC-438870E8BCBF}) (Version: 3.57.24 - Castle Creations)

CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)

Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.03103 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (Version: 3.1.03103 - Cisco Systems, Inc.) Hidden

Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)

Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)

Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)

CPS R01.00 (HKLM\...\Mag One Series Radios) (Version:  - )

Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)

Dell System Detect (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\9204f5692a8faf3b) (Version: 3.3.2.1 - Dell)

Dell System Manager (HKLM\...\{3EC64C00-4BBC-4C0A-9F95-40E3EDA72837}) (Version: 1.7.10000 - Dell Inc.)

Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)

DriveWizard HVAC (HKLM\...\DriveWizard HVAC) (Version: 1.1.4.000 - Yaskawa America, Inc.)

DriveWizard HVAC (Version: 1.1.4.000 - Yaskawa America, Inc.) Hidden

Dropbox (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)

DU Meter (HKLM\...\DUMeter3_is1) (Version: 6.40 - Hagel Technologies Ltd.)

DVDFab 8.1.9.0 (06/07/2012) Qt (HKLM\...\DVDFab 8 Qt RePack TuSoft_is1) (Version:  - )

Echelon LNS Server (HKLM\...\{EACDEFA8-8BCD-4E9D-BC41-DF59ACD748BB}) (Version: 3.22.042 - Echelon Corporation)

Echelon LonMaker Turbo Edition (HKLM\...\{D414AB30-37F3-4D22-8040-164713DCD0FB}) (Version: 3.24.12 - Echelon Corporation)

Echelon Multi-Port Router (HKLM\...\{D611F33B-4586-45EE-89A6-D55E0A956292}) (Version: 1.00.16 - Echelon Corporation)

Echelon OpenLDV 4.0 (HKLM\...\{266C3F8F-F098-4731-B82F-E2D60868ADE0}) (Version: 4.00.102 - Echelon Corporation)

EchelonMergeModulesInstaller1.6 (Version: 1.6.0 - Schneider Electric) Hidden

Equalify v2.5.3 (Stable) (HKLM\...\{33EC4F70-9F4B-406F-BB2A-F75A285E927D}) (Version: 2.5.3.0 - Equalify)

Flow Balance 3.0 (HKLM\...\{6A898967-7A26-4EDB-8033-0F7D68B77B85}) (Version: 3.00.0000 - TAC)

Free OGG To MP3 Converter (HKLM\...\{6CD2E731-A707-4B8C-BCFE-CA322B158A75}) (Version: 1.0.0 - Convert Audio Free)

Git version 1.9.5-preview20141217 (HKLM\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)

Global VPN Client (HKLM\...\{C0EB418B-05EB-425C-BB9C-791A9EE36B3A}) (Version: 4.9.0 - Dell SonicWALL)

GlobalProtect (HKLM\...\{F4551F2B-C4AE-425E-BCDC-660C521C3512}) (Version: 1.2.10 - Palo Alto Networks)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden

GoPro Studio 2.0.1 (HKLM\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)

GoToMeeting 7.1.8.2553 (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\GoToMeeting) (Version: 7.1.8.2553 - CitrixOnline)

GRLevel3 version 1.41 (HKLM\...\GRLevel3_is1) (Version:  - )

GRLevel3 version 2.17 (HKLM\...\GRLevel3_2_is1) (Version:  - )

H8036 Smart Widget (HKLM\...\{13CAFA86-185F-4074-9BF5-B59F948F4019}) (Version: 1.0.0.0 - Schneider Electric)

HP Officejet 7500 E910 Basic Device Software (HKLM\...\{634FA727-B731-4204-AADC-D6F34F41374F}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Officejet 7500 E910 Help (HKLM\...\{24DC9885-E759-4BD2-8A20-D4AC509A7FDE}) (Version: 140.0.93.93 - Hewlett Packard)

HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)

I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)

I/A Series Enterprise Server 2.3f (HKLM\...\{428549ED-AFDD-499E-8F48-8F1C623287E3}) (Version: 2.301.529.v1 - TAC LLC)

IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6292.0 - IDT)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)

IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)

iTunes (HKLM\...\{0F6F6876-6334-4977-B5DD-CFC12E193420}) (Version: 10.7.0.21 - Apple Inc.)

Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

Java™ 6 Update 30 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)

L-852 Download Tool (HKLM\...\{BDE0ABEC-A808-4E22-B526-E8317EC00282}) (Version: 1.2 - LOYTEC electronics GmbH)

Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)

LogMeIn (HKLM\...\{A8E20B99-B1A2-4FC0-B38A-A255033D339A}) (Version: 4.1.5022 - LogMeIn, Inc.)

LonMark Resource Files 13.00 (HKLM\...\{D9499ABD-ACC6-4C10-8AA6-7A35700ACFAD}) (Version: 13.00.05 - Echelon Corporation)

LOYTEC LSU-Tool (HKLM\...\{EA78B996-1F3A-44FB-9E3B-F8017FD6E8A4}) (Version: 2.0.1 - LOYTEC electronics GmbH)

MagicDisc 2.7.106 (HKLM\...\MagicDisc 2.7.106) (Version:  - )

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Marketsplash Shortcuts (HKLM\...\{16FCDD97-AE09-476B-88CD-261D852BD34C}) (Version: 1.0.1.7 - Hewlett-Packard)

Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)

Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4711.1003 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visio Standard 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 37.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NaturalReaderFree (HKLM\...\{262EFBD9-A907-490F-81F4-561FDD3A8C5C}) (Version: 1.00.0000 - Naturalsoft limited)

Niagara-3.5.406 (HKLM\...\Niagara-3.5.406) (Version:  - )

Niagara-3.6.31 (HKLM\...\Niagara-3.6.31) (Version:  - )

Niagara-3.6.406 (HKLM\...\Niagara-3.6.406) (Version:  - )

Niagara-3.6.47 (HKLM\...\Niagara-3.6.47) (Version:  - )

Niagara-3.7.106 (HKLM\...\Niagara-3.7.106) (Version:  - )

Niagara-3.8.37 (HKLM\...\Niagara-3.8.37) (Version: 3.8.37 - NiagaraAX)

NiagaraAX Lon Tunnel (HKLM\...\NiagaraAX Lon Tunnel) (Version:  - )

Notepad++ (HKLM\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)

Office 15 Click-to-Run Extensibility Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (Version: 15.0.4711.1003 - Microsoft Corporation) Hidden

OpenVPN 2.3.6-I603  (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )

Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)

PC Wizard 2013.2.12 (HKLM\...\PC Wizard 2013_is1) (Version:  - CPUID)

PL-2303 USB-to-Serial (HKLM\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.0 - Prolific Technology INC)

PL-2303 Vista Driver Installer (HKLM\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.0.1.0 - Prolific)

QPST 2.7 (HKLM\...\{8035964D-75EB-4463-91DC-3F02EE9CF103}) (Version: 2.7.378 - Qualcomm)

RHINO Connect Software (HKLM\...\{4528FB2C-65B7-4B6E-87CD-D82CAA3529D3}) (Version: 1.3.0.242 - DYMO Corp.)

RICOH Media Driver ver.2.11.01.02 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH)

Schneider Electric StruxureWare Building Operation Device Administrator 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Device Administrator) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Enterprise Server 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Enterprise Server) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack da-DK 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack da-DK) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack de-DE 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack de-DE) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack es-ES 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack es-ES) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack fi-FI 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack fi-FI) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack fr-FR 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack fr-FR) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack it-IT 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack it-IT) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack pt-PT 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack pt-PT) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack ru-RU 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack ru-RU) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Language Pack sv-SE 1.6.1.5000 (HKLM\...\StruxureWare 1.6 Language Pack sv-SE) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation License Administrator 1.6.1.5000 (HKLM\...\StruxureWare 1.6 License Administrator) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation License Server 1.6.1.5000 (HKLM\...\StruxureWare 1.6 License Server) (Version: 1.6.1.5000 - Schneider Electric)

Schneider Electric StruxureWare Building Operation Project Configuration Server 1.6.1.35 (HKLM\...\StruxureWare 1.6 Project Configuration Server) (Version: 1.6.1.35 - Schneider Electric)

Schneider Electric StruxureWare Building Operation WorkStation 1.6.1.5000 (HKLM\...\StruxureWare 1.6 WorkStation) (Version: 1.6.1.5000 - Schneider Electric)

SDFormatter (HKLM\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)

SeaTools for Windows (HKLM\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)

SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )

Spotify (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\Spotify) (Version: 1.0.4.90.g0b6df40b - Spotify AB)

Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)

TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )

TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.34998 Beta - TeamViewer)

T-Mobile webConnect Manager (HKLM\...\{10B74F6B-4C40-4DA3-BD03-D362381ABAE1}) (Version: 2.04.0030.0 - T-Mobile) <==== ATTENTION

Tracer BACnet Setup Tool 3.1 (HKLM\...\{7A63521D-3109-4FF8-BFD6-D7B5D11268CC}) (Version: 3.1.82 - Trane)

Trane TechView (HKLM\...\TechView) (Version: 14.0 - Trane, Inc.)

Ulead GIF Animator 2.0 Full Version (HKLM\...\Ulead GIF Animator 2.0 Full Version) (Version:  - )

Universal Adb Driver (HKLM\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

U-Tune (micro-lite) (HKLM\...\ST6UNST #1) (Version:  - )

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6900 - Broadcom Corporation)

Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)

Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows Mobile Device Center Driver Update (HKLM\...\{E7044E25-3038-4A76-9064-344AC038043E}) (Version: 6.1.6965.0 - Microsoft Corporation)

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

WinRAR 5.00 beta 5 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.5 - win.rar GmbH)

Wireshark 1.12.0 (32-bit) (HKLM\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, http://www.wireshark.org)

WorkPlace Tech Dispatcher (Version: 3.0.1782 - Schneider Electric) Hidden

WorkPlace Tech Editor Components 5.8 (Version: 5.8.1781 - Schneider Electric) Hidden

WorkPlaceTech Tool 5.8.6 (HKLM\...\InstallShield_{0B20D1EE-AD9B-496E-902B-C3D241FD2337}) (Version: 5.08.1781 - Schneider Electric Buildings, LLC)

WorkPlaceTech Tool 5.8.6 (Version: 5.08.1781 - Schneider Electric Buildings, LLC) Hidden

Yammer Notifier (HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\...\8c3c8c06fefda92b) (Version: 1.0.0.564 - Microsoft Corporation)



==================== Custom CLSID (selected items): ==========================



(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)



CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{0EA8420E-55D0-4BA5-9D19-7C47B66F23A4}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{104B7F00-06EE-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{11CCB123-6D12-11CF-A701-00A02437DFA5}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{11CCB126-6D12-11CF-A701-00A02437DFA5}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{1350104F-06A7-11D4-B9A7-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{13501051-06A7-11D4-B9A7-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{13501053-06A7-11D4-B9A7-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{1FD19C96-2D53-11CF-B5F7-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{1FD19C99-2D53-11CF-B5F7-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2275652C-7730-11D1-81E1-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2275652F-7730-11D1-81E1-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{22756532-7730-11D1-81E1-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2B6A7521-186E-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2B6A7523-186E-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2B6A7525-186E-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2B6A7527-186E-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{2CFAF127-D083-11D1-8253-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{325623A1-117B-11D0-B9B5-00001D01C8C2}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D82-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D84-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D86-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D88-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D8A-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D8C-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D8E-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D90-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D92-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{32910D94-9796-11D3-99AB-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{37396BE1-F68F-11CF-8420-02608C3C7386}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{37396BE4-F68F-11CF-8420-02608C3C7386}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{39820A41-9DDC-11D3-99B2-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{39820A43-9DDC-11D3-99B2-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{463FEC43-CB6A-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{463FEC45-CB6A-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{4A402A69-9228-11CF-B5FA-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{4D92DAE1-0D6D-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{57A93421-2EEC-11CF-B5F7-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{5E3FCDA2-FB94-11CF-8EF8-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{5E3FCDA4-FB94-11CF-8EF8-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{611763F0-9EAC-11D2-BF04-006097C6A872}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{611763F1-9EAC-11D2-BF04-006097C6A872}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{64DD3AFB-71BD-492E-B536-4EB35D23D300}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{6ABD1781-9624-11CF-B5FA-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{6ABD1783-9624-11CF-B5FA-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{77BEC051-DD8E-11D2-B94B-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{7A5B650C-030A-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{826739A1-DF04-11CF-8420-02608C3C7386}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{826739A3-DF04-11CF-8420-02608C3C7386}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53A0-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53A2-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53A4-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53A6-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53A8-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{848B53AA-C4BE-11CF-8EC9-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2185\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097E2-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097E5-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097E8-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097EB-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097EE-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{858097FD-2365-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{89B89DC1-8635-11CF-B5FA-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{89B89DC3-8635-11CF-B5FA-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{93FD6C5C-5AF6-4879-BDA2-C6ED44A4583B}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{9745E501-2D9D-11D0-B9B5-00001D01C8C2}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{98B7E7A1-032B-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{A096B74E-2EAA-4E82-846F-30E09EFEF554}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{A2C00AE2-26C5-4240-931A-119ACCB774FB}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{A4414511-09EB-11D0-8F03-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{BCA0AFC1-C9D8-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{BCA0AFC3-C9D8-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{BCA0AFC5-C9D8-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{BCA0AFC7-C9D8-11CF-B5FE-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C6375481-2F14-11CF-B5F7-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C6375483-2F14-11CF-B5F7-101015C10000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C7ACDB52-F06E-11CF-8CB9-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C7ACDB54-F06E-11CF-8CB9-0080C80D2758}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C8C68DC2-7FDD-11D2-BEDD-006097C6A872}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C8C68DC3-7FDD-11D2-BEDD-006097C6A872}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{C8C68DF2-7FDD-11D2-BEDD-006097C6A872}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files\Git\git-cheetah\git_shell_ext.dll ()

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{CDAB5924-EB24-11D3-B9A0-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{D7B44292-2714-11D0-8F0F-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{D7B44294-2714-11D0-8F0F-00A02437DF9D}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{D962F552-A9C1-44BE-914A-4876299DF9D9}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{DB450008-9764-11D6-819E-005056C00008}\localserver32 -> C:\Program Files\DU Meter\DUMeterSvc.exe (Hagel Technologies Ltd.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{DB47EEF8-B757-4E5C-B0A2-D59FEC5B2659}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{E239E317-E701-11D2-B94E-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{EA875321-3875-11CF-B696-444553540000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{EA875323-3875-11CF-B696-444553540000}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{F86C85A7-E6FD-48FA-8CC7-CAD5139B67B3}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kevin\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FC92A149-E31F-11D2-B94E-00104B210209}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FCCC4BE1-0E30-11CF-9AE0-0020AFD34749}\InprocServer32 -> No File Path

CustomCLSID: HKU\S-1-5-21-1648848259-3717912990-1852430799-1000_Classes\CLSID\{FD3E9EF2-DA45-4597-9C6B-3684FE6727A0}\InprocServer32 -> No File Path



==================== Restore Points  =========================



01-05-2015 08:27:00 Windows Update

01-05-2015 10:01:07 Installed H8036 Smart Widget.

04-05-2015 08:56:48 Windows Update

06-05-2015 08:01:38 Installed H8036 Smart Widget.

06-05-2015 11:16:06 Device Driver Package Install: TAP-Windows Provider V9 Network adapters

08-05-2015 08:08:44 Windows Update

08-05-2015 09:56:04 Removed LogMeIn

11-05-2015 08:15:42 Windows Update

11-05-2015 10:30:33 Removed Cisco AnyConnect Secure Mobility Client

11-05-2015 10:34:21 Installed Cisco AnyConnect Secure Mobility Client

11-05-2015 10:53:46 Removed Cisco AnyConnect Secure Mobility Client

11-05-2015 14:35:06 Windows Update

11-05-2015 19:34:41 BeforeAnyConnectReinstall

11-05-2015 20:01:47 Windows Update



==================== Hosts content: ==========================



(If needed Hosts: directive could be included in the fixlist to reset Hosts.)



2009-07-13 22:04 - 2015-05-01 13:02 - 00466232 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com

127.0.0.1    007guard.com

127.0.0.1    008i.com

127.0.0.1    www.008k.com

127.0.0.1    008k.com

127.0.0.1    www.00hq.com

127.0.0.1    00hq.com

127.0.0.1    010402.com

127.0.0.1    www.032439.com

127.0.0.1    032439.com

127.0.0.1    www.0scan.com

127.0.0.1    0scan.com

127.0.0.1    1000gratisproben.com

127.0.0.1    www.1000gratisproben.com

127.0.0.1    1001namen.com

127.0.0.1    www.1001namen.com

127.0.0.1    100888290cs.com

127.0.0.1    www.100888290cs.com

127.0.0.1    www.100sexlinks.com

127.0.0.1    100sexlinks.com

127.0.0.1    10sek.com

127.0.0.1    www.10sek.com

127.0.0.1    www.1-2005-search.com

127.0.0.1    1-2005-search.com

127.0.0.1    123fporn.info

127.0.0.1    www.123fporn.info

127.0.0.1    123haustiereundmehr.com

127.0.0.1    www.123haustiereundmehr.com

127.0.0.1    123moviedownload.com



There are 1000 more lines.





==================== Scheduled Tasks (whitelisted) =============



(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)



Task: {1F9E372F-4747-4733-B0F3-D95AABC6A55C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-22] (Microsoft Corporation)

Task: {2E53C35C-8171-45D1-88F6-A9A43B27D4D6} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Kevin-PC-Kevin Kevin-PC.mc2inc.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)

Task: {2F677A3D-EE7D-4467-BB9B-20DE025264A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)

Task: {318D9D7E-28E4-4A7B-91A3-27EE5A022C21} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-15] (Google Inc.)

Task: {48B9CF87-BA14-4F2D-9BFC-DFEB71CE77A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {66B2A091-50B5-48AB-A141-10F855BB3AAF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1648848259-3717912990-1852430799-1000 => C:\Program Files\Citrix\GoToMeeting\2553\g2mupdate.exe [2015-04-13] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {8ACBA9C0-0E77-4840-976A-63F2E66B50B2} - System32\Tasks\{8C3AD994-F919-4F0B-B5EA-10D3467602A8} => pcalua.exe -a "C:\Program Files\Notepad++\notepad++.exe"

Task: {8D2AACCC-2621-4E22-95C2-9746DC860C11} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)

Task: {A022D6B2-C214-4685-9699-DDF78707E6E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {B0AF04EC-D041-44EA-9778-E446A777A794} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)

Task: {BBB969E5-C92E-4D34-A4C6-C8DA204045CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-04-22] (Microsoft Corporation)

Task: {CCA12853-0385-4D30-8096-C49020F50A9E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {D679D6D7-ED0F-40E3-8A5F-4EA1D416A59E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {F639D7CD-D729-4B64-88B7-36CA38D12810} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-17] (Adobe Systems Incorporated)

Task: {F92D40B0-F0A9-4CCE-A95E-5BFD3CD715C9} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)



(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)



Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1648848259-3717912990-1852430799-1000.job => C:\Program Files\Citrix\GoToMeeting\2553\g2mupdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe



==================== Loaded Modules (whitelisted) ==============



2013-03-26 11:44 - 2013-03-26 11:44 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-03-27 12:57 - 2015-03-27 12:57 - 00131072 _____ () C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\Enterprise Server\bin\asn1ber.dll

2015-03-27 12:57 - 2015-03-27 12:57 - 00421376 _____ () C:\Program Files\Schneider Electric StruxureWare\Building Operation 1.6\Enterprise Server\bin\asn1rt.dll

2010-09-27 12:56 - 2010-09-27 12:56 - 00221315 _____ () C:\Users\Kevin\AppData\Local\Temp\INSTAL~1.EXE

2015-02-06 11:12 - 2014-05-20 03:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll

2010-09-27 12:03 - 2010-09-27 12:03 - 00201512 _____ () C:\Windows\system32\vpnapi.dll

2013-08-02 12:33 - 2013-08-02 12:33 - 00246544 _____ () C:\niagara\niagara-3.6.406\bin\niagarad.exe

2013-08-02 12:33 - 2013-08-02 12:33 - 00429568 _____ () C:\niagara\niagara-3.6.406\bin\platform.dll

2013-08-02 12:33 - 2013-08-02 12:33 - 00045568 _____ () C:\niagara\niagara-3.6.406\bin\nre.dll

2013-08-02 12:33 - 2013-08-02 12:33 - 00102400 _____ () C:\niagara\niagara-3.6.406\bin\zlibwapi.dll

2013-08-02 12:33 - 2013-08-02 12:33 - 00151552 _____ () C:\niagara\niagara-3.6.406\bin\dialup.dll

2013-08-02 12:33 - 2013-08-02 12:33 - 00035328 _____ () C:\niagara\niagara-3.6.406\bin\ddns.dll

2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

2015-03-05 16:46 - 2015-03-05 16:46 - 00114176 _____ () C:\Program Files\Trane\TracerTU.Service\EvoUSB.exe

2015-03-18 14:18 - 2015-01-27 10:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

2015-02-16 11:47 - 2014-12-17 22:23 - 00334464 _____ () C:\Program Files\Git\git-cheetah\git_shell_ext.dll

2014-05-12 05:49 - 2014-05-12 05:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll

2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll

2010-10-15 19:14 - 2010-10-15 19:14 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll



==================== Alternate Data Streams (whitelisted) =========



(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)



AlternateDataStreams: C:\ProgramData\TEMP:107902CB

AlternateDataStreams: C:\ProgramData\TEMP:E18B7D31



==================== Safe Mode (whitelisted) ===================



(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"



==================== EXE Association (whitelisted) ===============



(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)





==================== Internet Explorer trusted/restricted ===============



(If an entry is included in the fixlist, the associated entry will be removed from the registry.)



IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com



There are 7866 more restricted sites.



==================== Other Areas ============================



(Currently there is no automatic fix for this section.)



HKU\S-1-5-21-1648848259-3717912990-1852430799-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 8.8.8.8 - 192.168.1.1



==================== MSCONFIG/TASK MANAGER disabled items ==



(Currently there is no automatic fix for this section.)





==================== FirewallRules (whitelisted) ===============



(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)



FirewallRules: [TCP Query User{32CD9DA5-9E17-432A-B90A-E2A254BD33ED}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{B4CB6F6E-855F-44CF-AAE4-7049D06EFA52}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{E94D615A-6F89-4F01-ABD8-BE9482990E07}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{AD43BC8D-B2F3-49F5-8D32-52937C19C654}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{D0ED4C16-E252-48D3-90A1-5B283C02CC60}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{399AC21C-83F9-411C-98E8-12A77D3561C3}C:\users\kevin\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kevin\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{373C848F-5D97-4BBC-8F64-579AFB33A961}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [UDP Query User{81489398-E514-40D5-8B9C-0062AED07960}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [TCP Query User{F9661A94-2D6C-4583-AA30-F326A4DD635A}C:\niagara\niagara-3.6.47\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.6.47\bin\wb_w.exe

FirewallRules: [UDP Query User{39A932AE-DE94-4CD4-AF8B-5DC8B7CCC614}C:\niagara\niagara-3.6.47\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.6.47\bin\wb_w.exe

FirewallRules: [TCP Query User{E2DE3CBA-B5DF-4A8C-8114-AF0BA5C389F7}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [UDP Query User{B76C0C63-8D37-4A2A-BB08-8267E4844D3B}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [TCP Query User{9F3D4BE4-6976-46B0-AAB3-B8D091C9268F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [UDP Query User{89B45FD5-B20E-4C39-9776-BDBE224A70FC}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe

FirewallRules: [{EDEEEDAD-AE6E-41A8-B8A1-ED11F117732D}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe

FirewallRules: [{317C851D-298D-48DD-BE7C-344EA1FBA03A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{24A27615-C79B-4E31-BD54-0777068EB76F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{C8E986DA-1A1D-4B37-A796-0F4F0C0F68A2}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [TCP Query User{C868C606-E6CA-4C37-9212-9BF11775E8CF}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [UDP Query User{3591960B-A6DF-4FB6-A8D9-AF43F866F6A7}C:\program files\workplace tech\rtmonitor.exe] => (Allow) C:\program files\workplace tech\rtmonitor.exe

FirewallRules: [{048DF965-C84C-429A-B2C6-A5386296F2BA}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe

FirewallRules: [TCP Query User{316774E1-D642-4ECD-A649-ABC9750F4297}C:\niagara\niagara-3.7.106\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.7.106\bin\wb_w.exe

FirewallRules: [UDP Query User{147B5ECD-7B08-44D9-8675-7B0D9D1DD1EF}C:\niagara\niagara-3.7.106\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.7.106\bin\wb_w.exe

FirewallRules: [{647F9615-5544-4EFF-827A-15203AE232C9}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{9AEE00CD-A6CB-4EAD-9504-2963FAA7F254}] => (Allow) C:\Users\Kevin\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{699680B9-9C0D-4CAA-A735-90B2DB08731F}C:\niagara\niagara-3.7.106\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.7.106\bin\wb_w.exe

FirewallRules: [UDP Query User{BC4C1CA9-1D3E-4478-B407-AD6B7D139913}C:\niagara\niagara-3.7.106\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.7.106\bin\wb_w.exe

FirewallRules: [TCP Query User{A1132308-F96A-4D57-8E1F-098CF98C38FC}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{FF45B53E-EE4B-4F11-BC44-0A7FD40992D1}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{075343E6-5726-4F02-A156-356FEE001E53}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe

FirewallRules: [{77B00A00-B079-4238-B9FF-A015F26761B0}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe

FirewallRules: [{EA0F47F1-E693-41B1-B7B8-FAE386D63BC4}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

FirewallRules: [{8E9FAFC9-34DC-4423-90C4-32C1002854DB}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe

FirewallRules: [TCP Query User{E886EDC9-3C75-47B3-8C7A-79AEE9D23D52}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{53633EC0-7DBA-4A36-AAE0-FB4C6A34081C}C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\kevin\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [{57367065-347C-49B9-A13E-71A50AB492A2}] => (Allow) C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{EEED1B0D-26DE-487B-850C-33E9D1BC8ADF}] => (Allow) C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [TCP Query User{306E6217-527C-458B-B778-5C545B65929E}C:\users\kevin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kevin\appdata\roaming\spotify\spotify.exe

FirewallRules: [UDP Query User{D4ADF186-4EFF-44F2-B121-1D17D1C8A98A}C:\users\kevin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kevin\appdata\roaming\spotify\spotify.exe

FirewallRules: [{BDDE637F-55EE-4D9C-8AB6-3CB7F0CE9753}] => (Allow) C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [{877BECCC-97B8-45DF-87C4-65D50BDB3A93}] => (Allow) C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe

FirewallRules: [TCP Query User{61AD0C55-E341-431E-AAF3-454451691E38}C:\niagara\niagara-3.6.406\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.6.406\bin\wb_w.exe

FirewallRules: [UDP Query User{49CFCE81-A9D2-4DFA-B314-8BB0FCBB9E8F}C:\niagara\niagara-3.6.406\bin\wb_w.exe] => (Allow) C:\niagara\niagara-3.6.406\bin\wb_w.exe

FirewallRules: [{89B9B57D-76DF-42DC-8F6B-63C6900CB71B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{08D339C2-C52D-4E52-9163-83DC98E87CE9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{94836126-62B5-4A4C-961D-904098B0A8BB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{DF72F684-8EF5-4D99-866D-5BD3FEAE0C57}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{9AC5A6F2-57DD-4A6A-996A-DCC279E02538}C:\program files\lonworks\bin\ptserv32.exe] => (Allow) C:\program files\lonworks\bin\ptserv32.exe

FirewallRules: [UDP Query User{42BA96EE-7FEB-4669-B4B6-04D69F4FB6BF}C:\program files\lonworks\bin\ptserv32.exe] => (Allow) C:\program files\lonworks\bin\ptserv32.exe

FirewallRules: [TCP Query User{51349BDC-002F-4F01-850F-2536C53BD5A4}C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe] => (Allow) C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe

FirewallRules: [UDP Query User{7BB2ED9E-4890-4673-BD66-D81A5E4489A1}C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe] => (Allow) C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe

FirewallRules: [TCP Query User{BAE5D2B6-5911-4D8D-83E9-F956FCCF5D79}C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe] => (Allow) C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe

FirewallRules: [UDP Query User{39312CEB-E2A6-48EA-8A60-A807F85418B3}C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe] => (Allow) C:\users\kevin\downloads\bacnet_visualtestshell_3.6.2\vts.exe

FirewallRules: [TCP Query User{6D749287-A338-4158-A687-6CC6D5A5E36B}C:\program files\loytec\l852dl\l852dl.exe] => (Allow) C:\program files\loytec\l852dl\l852dl.exe

FirewallRules: [UDP Query User{9B46DA40-1FD6-4FBE-895A-FB7925437AF5}C:\program files\loytec\l852dl\l852dl.exe] => (Allow) C:\program files\loytec\l852dl\l852dl.exe

FirewallRules: [{1E0C4724-6A86-40D4-B34C-A2D5DEAC59D9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{4A8F3D0C-FECE-443E-B55C-A629BDAC16DE}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe

FirewallRules: [UDP Query User{41221074-0999-4463-982F-7510418745C7}C:\program files\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_31\bin\javaw.exe

FirewallRules: [TCP Query User{5281BA0E-E6EC-4404-AC0C-5CB53D42C89D}C:\program files\loytec\l852dl\l852dl.exe] => (Allow) C:\program files\loytec\l852dl\l852dl.exe

FirewallRules: [UDP Query User{B9BC8699-BC31-4BF3-97E7-3307B09827FB}C:\program files\loytec\l852dl\l852dl.exe] => (Allow) C:\program files\loytec\l852dl\l852dl.exe

FirewallRules: [{AB2AB2E0-F142-44DA-8365-747396B4B840}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{E7CD29E0-DD6B-4AB6-9C69-3DF5D41E7375}] => (Allow) C:\Users\Kevin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [TCP Query User{4045A68A-2C8B-438E-B089-367DC46B10B8}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{845F7C99-CE5E-40B5-969B-3CBB44410728}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [TCP Query User{5054248F-A196-48B4-B6DF-E3C399F06F6B}C:\users\kevin\downloads\basrtp-b_firmware_ver_2.7.2\bdt 2.03.00.exe] => (Allow) C:\users\kevin\downloads\basrtp-b_firmware_ver_2.7.2\bdt 2.03.00.exe

FirewallRules: [UDP Query User{071F7118-DBB6-495E-B607-CEACD2903A7F}C:\users\kevin\downloads\basrtp-b_firmware_ver_2.7.2\bdt 2.03.00.exe] => (Allow) C:\users\kevin\downloads\basrtp-b_firmware_ver_2.7.2\bdt 2.03.00.exe

FirewallRules: [{59D1BF41-24E4-4324-8B15-79413ACA12FE}] => (Allow) LPort=49186

FirewallRules: [{38D51726-85C4-4267-88B8-553241D2D01F}] => (Allow) LPort=5000



==================== Faulty Device Manager Devices =============



Name: SonicWALL Virtual NIC

Description: SonicWALL Virtual NIC

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: SonicWALL

Service: SWVNIC

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.



Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.



Name: Cisco Systems VPN Adapter

Description: Cisco Systems VPN Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: CVirtA

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.



Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.





==================== Event log errors: =========================



Application errors:

==================

Error: (05/11/2015 08:18:08 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:49:05 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c67f

Faulting process id: 0x1678

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3



Error: (05/11/2015 07:37:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c670

Faulting process id: 0x168c

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3



Error: (05/11/2015 07:37:19 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c5df

Faulting process id: 0x210c

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3



Error: (05/11/2015 07:35:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c67f

Faulting process id: 0x122c

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3



Error: (05/11/2015 07:34:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.





Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsl04aa69f2.



System Error:

The system cannot find the file specified.

.



Error: (05/11/2015 07:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c670

Faulting process id: 0x12e0

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3



Error: (05/11/2015 07:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vpnagent.exe, version: 3.1.3103.0, time stamp: 0x5151c1c1

Faulting module name: Dbghelp.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b7bc

Exception code: 0xc0000005

Fault offset: 0x0004c5df

Faulting process id: 0x1d0c

Faulting application start time: 0xvpnagent.exe0

Faulting application path: vpnagent.exe1

Faulting module path: vpnagent.exe2

Report Id: vpnagent.exe3





System errors:

=============

Error: (05/11/2015 08:18:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The NiagaraAX Lon Tunnel service depends the following service: vlonax. This service might not be installed.



Error: (05/11/2015 08:18:10 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.



Error: (05/11/2015 08:18:07 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain MC2INC due to the following:

%%1311



This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.







ADDITIONAL INFO



If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.



Error: (05/11/2015 07:49:09 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: The NiagaraAX Lon Tunnel service depends the following service: vlonax. This service might not be installed.



Error: (05/11/2015 07:49:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.



Error: (05/11/2015 07:49:04 PM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain MC2INC due to the following:

%%1311



This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.







ADDITIONAL INFO



If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.



Error: (05/11/2015 07:49:01 PM) (Source: Microsoft Antimalware) (EventID: 2004) (User: )

Description: %60 has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.



    Signatures Attempted: %24



    Error Code: 0x80070002



    Error description: The system cannot find the file specified.



    Signature version: 0.0.0.0;0.0.0.0



    Engine version: %600



Error: (05/11/2015 07:40:47 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}



Error: (05/11/2015 07:40:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068



Error: (05/11/2015 07:40:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:

%%1068





Microsoft Office Sessions:

=========================

Error: (05/11/2015 08:18:08 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:49:05 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:37:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c67f167801d08c437d15a774C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllbce5aed3-f836-11e4-a52d-1c659d4e8030



Error: (05/11/2015 07:37:42 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c670168c01d08c437773258eC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dllb74f13cf-f836-11e4-a52d-1c659d4e8030



Error: (05/11/2015 07:37:19 PM) (Source: CiscoVpnInstallService) (EventID: 0) (User: )

Description: CiscoVpnInstallService error: 0check_run_installer: Failed to find InstallRunOncePath



Error: (05/11/2015 07:35:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c5df210c01d08c432ecf90bfC:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll6cf3206d-f836-11e4-bfd6-1c659d4e8030



Error: (05/11/2015 07:35:09 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c67f122c01d08c431deaf908C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll5c2b1939-f836-11e4-bfd6-1c659d4e8030



Error: (05/11/2015 07:34:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description:

Details:

AddLegacyDriverFiles: Unable to back up image of binary MpKsl04aa69f2.



System Error:

The system cannot find the file specified.



Error: (05/11/2015 07:34:08 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c67012e001d08c42f967aa87C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll37867774-f836-11e4-bfd6-1c659d4e8030



Error: (05/11/2015 07:33:46 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: vpnagent.exe3.1.3103.05151c1c1Dbghelp.dll6.1.7601.175144ce7b7bcc00000050004c5df1d0c01d08c42ecc4bc72C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exeC:\Windows\system32\Dbghelp.dll2ae38960-f836-11e4-bfd6-1c659d4e8030





CodeIntegrity Errors:

===================================

  Date: 2014-06-16 10:49:35.244

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-06-16 10:49:29.182

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.



  Date: 2014-06-16 10:49:15.588

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\EqualizerAPO\EqualizerAPO.dll because the set of per-page image hashes could not be found on the system.





==================== Memory info ===========================



Processor: Intel® Core™ i5 CPU M 520 @ 2.40GHz

Percentage of memory in use: 50%

Total physical RAM: 3505.85 MB

Available physical RAM: 1749.95 MB

Total Pagefile: 11696.15 MB

Available Pagefile: 9844.04 MB

Total Virtual: 2047.88 MB

Available Virtual: 1873.75 MB



==================== Drives ================================



Drive c: () (Fixed) (Total:465.66 GB) (Free:193.81 GB) NTFS

Drive f: (READYBOOST) (Removable) (Total:14.82 GB) (Free:10.82 GB) FAT32



==================== MBR & Partition Table ==================



========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 703A6C88)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)



========================================================

Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)



Partition: GPT Partition Type.



==================== End Of Log ============================

Edited by BrianDrab, 21 May 2015 - 09:00 AM.
Removed Code Tags to make it easier to read

  • 0

Advertisements


#2
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

I forgot to add that in my Task Manager, my csrss.exe and winlogon.exe both have no username or description..... Where everything else does....


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi and sorry for the delay. If you still need assistance let me know and do the following.

 

Step#1 - Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
2. Then I need you to go Google Sync and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome. Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
 


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#5
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

User Returned.

 

Before we continue it appears that the machine you are using is a business machine. Do you have an IT Dept that should be looking at this issue?

 

Let me know please.

 

Thank you.


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

test


  • 0

#7
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Testing with IE

 

Testing with FF


Edited by neonhomer, 21 May 2015 - 11:21 AM.

  • 0

#8
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Okay.... Anyway, We don't have an IT Dept per se. Just a guy who keeps track of who has what. He really doesn't mess with the software level stuff except to wipe/reinstall or restore to a factory image..


  • 0

#9
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Thanks. We don't typically assist with business machines as IT Departments typically set policies and such that the tools we use don't consider and could possibly remove those. I wanted to ensure that this wasn't the case. Since it doesn't appear that you have a true IT Dept., let's continue.

 

Step#1 - Warnings

Spybot Search & Destroy
I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
immunize.JPG

 

CCleaner

I see that you have CCleaner installed. This is indeed a good product but I wanted to caution you on running the registry cleaning functionality of the tool. Please avoid this as it can do more harm than good.
http://www.bleepingc...s/#entry2853053
http://miekiemoes.bl...weaking_13.html
 

 

 

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   19.32KB   212 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#3 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Cleaning"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#4 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

 

 

Items for your next post

1. FRST Fix log

2. Adwcleaner log

3. Junkware log


  • 0

#10
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

FYI - VLonAX is a Lonworks tunneling program for Niagara AX. It's safe...

Attached Files


  • 0

Advertisements


#11
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Understood, thanks. Please do the following.

 

Step#1 - Rootkit Scan
1. Download aswMBR to your desktop.
2. Right-click on aswMBR.exe and select Run as administrator to run it.
3. If you get a question about Virtualization Technology, answer Yes.
4. If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
5. Click the "Scan" button to start scan.
6. On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

Step#2 - Malwarebytes Scan

Please remove Malwarebytes Anti-Malware version 2.0.4.1028 as it's an older version and follow the instructions below.

  • Download Malwarebytes to your desktop from here.
  • Right-click on the file that is downloaded to your desktop and select Run as administrator. Answer Yes when asked to Allow.
  • Select the appropriate language and click OK.
  • Click Next.
  • Select "I accept the agreement" and click Next.
  • Click Next
  • Change the install path if desired. Normally you will keep this as is. Click Next.
  • Click Next again.
  • Click Next again.
  • Click Install.
  • Uncheck "Enable free trial of Malwarebytes Anti-Malware Premium".
  • Click Finish
  • If an update is found you will be prompted to download and install. Go ahead.
  • Click the Settings button and then the Detection and Protection tab. Then check the box to Scan for rootkits. as shown below.
  • ScanForRootkits.JPG
     
  • Click the Scan button at the top of the form and then click Start Scan button and let complete.
  • If malware was detected you can now click the Remove Selected Button. If no malware was detected you can skip the rest of these bullet items and go to the next step which is to retrieve the Malwarebytes log.
  • RemoveSelected.JPG
  • Once the malware is removed you may get a prompt asking you to reboot. Note: Please answer Yes.
  • Restart.JPG.

 
Step#3 - Retrieve Malwarebytes Log
1. Open up the Malwarebytes program again if it's not already. You can simply double click on the shortcut on your desktop that says "Malwarebytes Anti-Malware".
2. Click the History button as shown in the picture below.
3. Click Application Logs as shown in the picture below.
4. Click on the most recent Scan Log as shown in the picture below.
ApplicationLog.JPG
 
5. The Scanning History Log screen will open. Click the Export button in the lower left and choose Copy to Clipboard. Paste the info into your next post (Right-click your mouse in the post and select Paste).
ScanningHistory.JPG

 

 

 

Items for your next post

1. Rootkit Scan

2. Malwarebytes Scan

 


  • 0

#12
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay. FYI - It will be tomorrow before I can continue with the work.
  • 0

#13
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

:thumbsup:


  • 0

#14
neonhomer

neonhomer

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

It's a good thing I let the aswMBR run overnight....

 

Also, between the time of my original Farbar post and the last post, I had uninstalled the older malwarebytes and installed the new one. I have a premium license for it.

 

Attached Files


  • 0

#15
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

At this point you are malware free. Let's see if we need to button you up any security-wise and then we can address your main issue.

 

Security Check
1. Download Security Check from here or here or here.
2. Save it to your Desktop.
3. Right-click SecurityCheck.exe and select Run as administrator. Follow the onscreen instructions inside of the black box.
4. A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: Don't be alarmed if the process runs for 10 to 15 minutes before completing. If it runs for over 30 minutes, just close the program and try running it again.

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP