Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Intermittent pop-up window system32


  • Please log in to reply

#1
akudashaku

akudashaku

    Member

  • Member
  • PipPip
  • 29 posts

I am getting an intermittent pop-up window that opens to the Windows System32 folder.

 

Here is the output from FRST (attached).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
Ran by jallenh (administrator) on L-156021761 (12-11-2015 13:50:25)
Running from D:\temp
Loaded Profiles: jallenh (Available Profiles: user1 & TE15927T & jallenh)
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Nexthink S.A.) C:\Windows\System32\nxtsvc.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe
(Juniper Networks) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> unsecapp.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
Failed to access process -> WmiPrvSE.exe
Failed to access process -> WmiPrvSE.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(SupportSoft, Inc.) C:\Program Files\MySupport Manager ODC V1.1\bin\sprtcmd.exe
(Microsoft Corporation) C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Martin Fuchs) D:\Martin Fuchs\servicemgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\ccmsetup\ccmsetup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
Failed to access process -> WmiPrvSE.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [mysupport] => C:\Program Files\MySupport Manager ODC V1.1\bin\sprtcmd.exe [237584 2013-01-24] (SupportSoft, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [DcaTray] => C:\Program Files\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2014-01-30] (Microsoft Corporation)
HKLM\...\Run: [Dell Webcam Central] => C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [555352 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [536668 2014-04-29] (IDT, Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [219216 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM Group Policy restriction on software: crack.exe <====== ATTENTION
HKLM Group Policy restriction on software: keygen.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-57989841-616249376-1801674531-742043\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0VugenIconOverlayHandler] -> {A1312049-031E-44C9-93E0-C7B4B638051E} => C:\Program Files\HP\Analysis\bin\HP.LR.VuGen.VugenIconOverlayHandler.dll [2014-12-01] (Hewlett-Packard.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk [2015-11-08]
ShortcutTarget: Service Manager.lnk -> D:\Martin Fuchs\servicemgr.exe (Martin Fuchs)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-57989841-616249376-1801674531-742043] => Proxy is enabled.
ProxyServer: [S-1-5-21-57989841-616249376-1801674531-742043] => 10.211.221.6:80
AutoConfigURL: [S-1-5-21-57989841-616249376-1801674531-742043] => 10.211.221.6:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.179.2.249 10.179.2.3
Tcpip\..\Interfaces\{4DD72AF0-7012-406B-AA27-EF3840BAA6FB}: [NameServer] 10.179.2.249,10.179.2.3
Tcpip\..\Interfaces\{4DD72AF0-7012-406B-AA27-EF3840BAA6FB}: [DhcpNameServer] 10.179.2.249 10.179.2.3
Tcpip\..\Interfaces\{53DE9FF8-A972-494C-9E0C-366D85899B93}: [DhcpNameServer] 10.155.50.100 10.155.50.200
 
Internet Explorer:
==================
HKU\S-1-5-21-57989841-616249376-1801674531-742043\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-57989841-616249376-1801674531-742043\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-03-08] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-08] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2015-11-08] (AO Kaspersky Lab)
DPF: {80533188-4435-4040-AC3E-91B489C02F21} hxxp://hpcwp02.twutil.net:8080/qcbin/ALM-Platform-Loader.12.2x.cab
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} hxxp://10.179.70.85:8080/qcbin/ALM-Platform-Loader.11.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpn.thameswater.co.uk/dana-cached/sc/JuniperSetupClient.cab
Handler: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - ielpview.dll No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - VFSProtocol.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2010-10-12] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\jallenh\AppData\Roaming\Mozilla\Firefox\Profiles\7jgiuwz3.default
FF DefaultSearchEngine: SFF People Search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-11-04] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-08-11] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-57989841-616249376-1801674531-742043: sony.com/MediaGoDetector -> C:\Program Files\Sony\Media Go\npMediaGoDetector.dll [2015-09-29] (Sony Network Entertainment International LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\cgpcfg.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2010-10-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2010-07-14] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2010-10-12] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jallenh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-09-18] (Cisco WebEx LLC)
FF Extension: Social Friend Finder - C:\Users\jallenh\AppData\Roaming\Mozilla\Firefox\Profiles\7jgiuwz3.default\Extensions\[email protected] [2015-10-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2015-11-08] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-20]
CHR Extension: (Google Drive) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2015-11-09]
CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Web Store) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-09-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\jallenh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-20]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM\...\Chrome\Extension: [ihenkjeihefokohmemphikjnjbmegdik] - "C:\Program Files\Sony\Media Go\MediaGoDetector.crx" <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP16.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-11-08] (Kaspersky Lab ZAO)
R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1240760 2015-04-14] (Microsoft Corporation)
S2 ccmsetup; C:\Windows\ccmsetup\ccmsetup.exe [1738928 2015-06-25] (Microsoft Corporation)
S4 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [513208 2015-04-14] (Microsoft Corporation)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-04-29] (Intel Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528624 2009-11-17] (Cisco Systems, Inc.)
R2 DcaSvc; C:\Program Files\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2014-01-30] (Microsoft Corporation)
R2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [688240 2014-04-10] (Juniper Networks)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [525144 2013-12-18] (McAfee, Inc.)
R2 HipMgmt; C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [48744 2012-08-02] (Microsoft Corporation)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [274152 2014-03-04] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2013-12-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [209472 2015-07-28] (McAfee, Inc.)
R2 Nexthink Service; C:\Windows\system32\nxtsvc.exe [553232 2015-05-06] (Nexthink S.A.)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2014-04-29] (O2Micro International)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S3 smstsmgr; C:\Windows\CCM\TSManager.exe [243896 2015-04-14] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Avanquest Software)
S4 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2014-04-29] (IDT, Inc.)
S4 tgsrvc_mysupport; C:\Program Files\MySupport Manager ODC V1.1\bin\tgsrvc.exe [213008 2013-01-31] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Acceler; C:\Windows\System32\DRIVERS\accelern.sys [44144 2014-04-29] (ST Microelectronics)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2009-11-17] (Cisco Systems, Inc.) [File not signed]
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [41480 2014-04-29] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [27648 2014-04-10] (Juniper Networks)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [368392 2014-04-29] (Intel Corporation)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [43352 2014-08-12] (McAfee, Inc.)
S3 ggsomc; C:\Windows\System32\DRIVERS\ggsomc.sys [26328 2015-10-17] (Sony Mobile Communications)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [149864 2013-12-18] (McAfee, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [58224 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [58040 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [147328 2015-11-08] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44728 2015-11-08] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [783232 2015-11-08] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [33976 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [37048 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [38072 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [39304 2015-11-08] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [87736 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [156856 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\6EE844D9.sys [170200 2015-11-11] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [142848 2015-07-28] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [258016 2015-07-28] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [376792 2015-07-28] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [656920 2015-07-28] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [67400 2013-12-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [218128 2015-07-28] (McAfee, Inc.)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2014-04-29] (Intel Corporation)
R1 nxtdrv; C:\Windows\System32\DRIVERS\nxtdrv.sys [211728 2015-05-06] (Nexthink S.A.)
R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2014-04-29] (O2Micro )
S3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [20840 2013-09-11] (Microsoft Corporation)
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S3 ute2odqx; C:\Windows\system32\Drivers\ute2odqx.sys [7168 2015-11-08] () [File not signed]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-12 13:50 - 2015-11-12 13:50 - 00000000 ____D C:\FRST
2015-11-12 13:32 - 2015-11-12 13:32 - 00000165 ____H C:\Users\jallenh\Desktop\~$Performance_Changes_11112015_v0.1.xlsx
2015-11-11 17:00 - 2015-11-11 17:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\6EE844D9.sys
2015-11-11 16:06 - 2015-11-11 16:06 - 00000034 _____ C:\Windows\setupact.log
2015-11-11 16:06 - 2015-11-11 16:06 - 00000000 _____ C:\Windows\setuperr.log
2015-11-11 09:00 - 2015-11-11 09:00 - 00011325 _____ C:\Users\jallenh\Desktop\Performance_Changes_11112015_v0.1.xlsx
2015-11-10 16:04 - 2015-11-10 16:04 - 07884764 _____ C:\Users\jallenh\Downloads\AuroraBorealis.themepack
2015-11-10 08:02 - 2015-11-10 08:03 - 06762072 _____ (Piriform Ltd) C:\Users\jallenh\Downloads\ccsetup511.exe
2015-11-10 07:47 - 2015-11-12 13:30 - 00145193 _____ C:\Windows\WindowsUpdate.log
2015-11-10 07:44 - 2015-11-10 07:46 - 00000000 ____D C:\Windows\Minidump
2015-11-09 12:34 - 2015-11-09 12:34 - 02806934 _____ C:\Users\jallenh\Desktop\Interfaces can not be tested - In SAP Replatform Project.xlsx
2015-11-09 10:53 - 2015-11-11 09:52 - 00012913 _____ C:\Users\jallenh\Desktop\Performance Testing daily objectives 11-Nov-16_v0.1.xlsx
2015-11-08 15:03 - 2015-11-08 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2015-11-08 15:02 - 2015-11-12 13:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-08 15:02 - 2015-11-08 15:08 - 00783232 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-11-08 15:02 - 2015-11-08 15:08 - 00147328 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-11-08 15:02 - 2015-11-08 15:02 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-08 15:02 - 2015-11-08 15:02 - 00000000 ____D C:\Program Files\Kaspersky Lab
2015-11-08 14:35 - 2015-11-08 14:35 - 00007168 _____ C:\Windows\system32\Drivers\ute2odqx.sys
2015-11-08 14:35 - 2015-06-23 12:27 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-11-08 14:32 - 2015-11-08 14:33 - 09842759 _____ C:\Users\jallenh\Downloads\avz4.zip
2015-11-08 14:24 - 2015-11-08 14:24 - 00000000 ____D C:\KVRT_Data
2015-11-08 14:23 - 2015-11-08 14:24 - 94162072 _____ (Kaspersky Lab ZAO) C:\Users\jallenh\Downloads\KVRT.exe
2015-11-08 13:58 - 2015-11-08 13:58 - 01898368 _____ (Kaspersky Lab) C:\Users\jallenh\Downloads\kav16.0.0.614en_8627.exe
2015-11-08 13:35 - 2015-11-08 13:35 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-08 08:50 - 2015-11-08 08:50 - 00000207 _____ C:\Windows\tweaking.com-regbackup-L-156021761-Microsoft-Windows-7-Enterprise-(32-bit).dat
2015-11-08 08:49 - 2015-11-08 08:49 - 00000000 ____D C:\RegBackup
2015-11-08 08:49 - 2015-11-08 08:48 - 00001078 _____ C:\Users\jallenh\Desktop\Simple_System_Tweaker.exe - Shortcut.lnk
2015-11-08 08:42 - 2015-11-08 08:42 - 00000000 ____D C:\ProgramData\CheckPoint
2015-11-08 08:26 - 2015-11-08 08:26 - 00000544 _____ C:\Users\jallenh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Service Manager.lnk
2015-11-08 08:02 - 2015-11-11 15:45 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-08 08:02 - 2015-11-08 08:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-08 08:02 - 2015-11-08 08:02 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-08 08:02 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-08 08:02 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-08 08:00 - 2015-11-08 08:02 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Malwarebytes
2015-11-08 07:58 - 2015-11-08 08:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-08 07:58 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-08 07:34 - 2015-11-08 07:34 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-07 14:06 - 2015-11-07 14:06 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Sun
2015-11-05 16:54 - 2015-11-05 16:54 - 00000000 ____D C:\Users\jallenh\AppData\Local\StimulsoftReportsResources
2015-11-05 16:54 - 2015-11-05 16:54 - 00000000 ____D C:\Users\jallenh\AppData\Local\Stimulsoft
2015-11-05 13:41 - 2015-11-05 13:41 - 00000000 ____D C:\Users\jallenh\AppData\Local\Hewlett-Packard_Developme
2015-11-05 13:38 - 2015-11-05 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software
2015-11-05 13:35 - 2015-11-05 13:35 - 00000000 ____D C:\Program Files\HP
2015-11-05 13:34 - 2015-11-05 13:34 - 00000000 ____D C:\Program Files\Microsoft WSE
2015-11-04 10:18 - 2015-11-04 10:18 - 00000000 ____D C:\Windows\system32\Adobe
2015-11-04 10:16 - 2015-11-04 10:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun
2015-11-04 10:16 - 2015-11-04 10:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun
2015-11-04 10:14 - 2015-11-04 10:14 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-11-04 10:14 - 2015-11-04 10:14 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-10-30 13:53 - 2015-11-03 12:46 - 00000018 _____ C:\Users\jallenh\Desktop\New Text Document (2).txt
2015-10-28 09:28 - 2015-10-28 09:33 - 00000000 ____D C:\Users\jallenh\Desktop\Cortex
2015-10-26 17:20 - 2015-10-26 17:20 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-10-22 13:15 - 2015-11-06 15:31 - 00000000 ____D C:\Users\jallenh\Desktop\IBM
2015-10-18 18:14 - 2015-10-18 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-10-18 18:12 - 2015-11-10 07:47 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Winamp
2015-10-18 16:30 - 2015-10-18 16:30 - 00000000 ____D C:\Users\jallenh\Documents\Diablo III
2015-10-18 14:40 - 2015-10-18 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-10-18 14:20 - 2015-11-11 16:07 - 00000000 ____D C:\Users\jallenh\AppData\Local\Battle.net
2015-10-18 14:20 - 2015-10-18 14:22 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Battle.net
2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\Users\jallenh\AppData\Local\Blizzard Entertainment
2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-10-18 14:20 - 2015-10-18 14:20 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-10-18 14:18 - 2015-10-18 14:18 - 00000000 ____D C:\ProgramData\Battle.net
2015-10-17 08:49 - 2015-10-17 08:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggsomc_01009.Wdf
2015-10-17 08:49 - 2015-10-17 08:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2015-10-17 08:39 - 2015-11-08 07:33 - 00000000 ____D C:\Users\jallenh\.oracle_jre_usage
2015-10-17 08:39 - 2015-10-17 08:39 - 00026328 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggsomc.sys
2015-10-17 08:39 - 2015-10-17 08:39 - 00013528 _____ (Sony Mobile Communications) C:\Windows\system32\Drivers\ggflt.sys
2015-10-17 08:39 - 2015-10-17 08:39 - 00000000 ____D C:\ProgramData\Sony Mobile
2015-10-17 08:39 - 2015-10-17 08:39 - 00000000 ____D C:\Program Files\Sony Mobile
2015-10-16 10:24 - 2015-10-26 17:20 - 00000000 ____D C:\Users\jallenh\AppData\Local\Sony
2015-10-16 10:23 - 2015-10-26 17:20 - 00000000 ____D C:\Program Files\Common Files\Sony Shared
2015-10-16 10:23 - 2015-10-16 10:23 - 00001855 _____ C:\Users\Public\Desktop\Media Go.lnk
2015-10-16 10:23 - 2010-05-26 10:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-10-16 10:22 - 2015-10-16 10:23 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\Sony
2015-10-16 10:22 - 2015-10-16 10:23 - 00000000 ____D C:\Program Files\Sony Media Go Install
2015-10-16 10:17 - 2015-10-16 10:26 - 00001982 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-10-16 10:17 - 2015-10-16 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-10-16 10:17 - 2015-10-16 10:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-10-16 10:16 - 2015-10-16 10:23 - 00000000 ____D C:\Program Files\Sony
2015-10-16 10:16 - 2015-10-16 10:16 - 00000000 ____D C:\ProgramData\Sony
2015-10-14 09:43 - 2015-10-14 09:43 - 00001804 _____ C:\Windows\SMSAdvancedClient.configmgr2012ac-sp2r2sp1-kb3074857-i386.mif
2015-10-14 09:43 - 2015-10-14 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center
2015-10-14 09:42 - 2015-10-14 09:42 - 00004764 _____ C:\Windows\system32\CcmFramework.ini
2015-10-14 09:42 - 2015-10-14 09:42 - 00000621 _____ C:\Windows\system32\CcmFramework.h
2015-10-14 09:41 - 2015-10-14 09:41 - 00000000 ____D C:\Windows\ms
2015-10-13 15:07 - 2015-11-06 16:40 - 00000000 ____D C:\Users\jallenh\Desktop\Service Transition
2015-10-13 14:56 - 2015-10-26 14:12 - 00000000 ____D C:\Users\jallenh\Desktop\Interfaces
2015-10-13 12:16 - 2015-10-16 15:20 - 00000000 ____D C:\Users\jallenh\Desktop\metrics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-12 13:46 - 2014-06-20 17:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-12 13:12 - 2014-06-20 18:01 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-12 12:54 - 2009-07-14 04:34 - 00027472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-12 12:54 - 2009-07-14 04:34 - 00027472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-12 12:21 - 2015-08-27 14:36 - 00002006 ____H C:\Users\jallenh\Documents\Default.rdp
2015-11-12 11:04 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\security
2015-11-12 10:34 - 2015-07-22 14:00 - 00000000 ____D C:\Users\jallenh\Desktop\L&P
2015-11-12 10:26 - 2014-06-20 18:01 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-12 10:19 - 2015-08-17 15:49 - 00000000 ____D C:\Users\jallenh\Desktop\HP-PC
2015-11-11 16:56 - 2015-07-02 16:24 - 00000240 _____ C:\Windows\system32\config\netlogon.ftl
2015-11-11 15:12 - 2015-07-03 13:29 - 00000570 _____ C:\Windows\SMSCFG.ini
2015-11-11 14:09 - 2010-11-20 21:01 - 00783834 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 14:05 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 15:23 - 2015-09-24 07:12 - 00000000 ____D C:\Users\jallenh\Desktop\ITM
2015-11-10 08:03 - 2015-07-30 07:57 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-11-10 08:03 - 2015-07-30 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-10 07:46 - 2014-07-25 13:57 - 00000000 ____D C:\ProgramData\Sonic
2015-11-08 16:22 - 2015-07-03 13:17 - 00630365 __RSH C:\ProgramData\ntuser.pol
2015-11-08 15:08 - 2015-06-08 19:43 - 00039304 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-11-08 15:07 - 2015-07-04 02:18 - 00044728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-11-08 15:03 - 2009-07-14 02:37 - 00000000 ___RD C:\Users\Public
2015-11-08 14:10 - 2015-07-02 16:22 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-11-08 14:10 - 2015-07-02 16:19 - 00000000 ____D C:\ProgramData\McAfee
2015-11-08 14:10 - 2015-07-02 16:19 - 00000000 ____D C:\Program Files\McAfee
2015-11-08 14:10 - 2014-06-20 18:00 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-11-08 10:35 - 2015-07-30 09:39 - 00000000 ____D C:\Users\jallenh\Desktop\OAT
2015-11-08 08:53 - 2011-04-12 01:34 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-08 08:47 - 2015-09-24 16:15 - 00000000 ____D C:\Users\jallenh\Desktop\test docs
2015-11-08 08:12 - 2015-09-30 09:56 - 00000000 ____D C:\Users\jallenh\AppData\Roaming\wsInspector
2015-11-08 07:37 - 2015-08-04 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-08 07:37 - 2015-08-04 10:04 - 00000000 ____D C:\ProgramData\Oracle
2015-11-08 07:37 - 2015-08-04 10:04 - 00000000 ____D C:\Program Files\Java
2015-11-08 07:33 - 2015-08-04 10:05 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-11-07 14:00 - 2014-06-20 18:00 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-11-05 13:34 - 2015-10-04 08:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-04 10:18 - 2014-06-20 17:59 - 00000000 ____D C:\Windows\system32\Macromed
2015-11-04 10:13 - 2014-06-20 18:00 - 00001045 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-04 10:12 - 2014-06-20 17:59 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-04 10:12 - 2014-06-20 17:59 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-04 10:00 - 2015-07-03 13:29 - 00000000 ____D C:\Windows\ccmcache
2015-11-02 09:18 - 2015-08-27 14:40 - 00000187 _____ C:\Users\jallenh\Desktop\Terminal Server.txt
2015-10-30 09:16 - 2014-06-20 09:00 - 00000000 ____D C:\Program Files\Settings
2015-10-26 17:19 - 2015-07-20 10:48 - 00000000 ____D C:\Users\jallenh
2015-10-25 11:31 - 2015-07-20 10:48 - 00001944 __RSH C:\Users\jallenh\ntuser.pol
2015-10-18 18:13 - 2014-07-25 13:56 - 00000000 ____D C:\Program Files\Common Files\PX Storage Engine
2015-10-16 10:26 - 2014-07-25 13:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-10-15 13:10 - 2014-06-20 18:02 - 00000000 ____D C:\Temp
2015-10-15 06:08 - 2015-07-03 13:29 - 00000000 ____D C:\Windows\CCM
2015-10-14 09:42 - 2015-07-03 13:30 - 00007194 _____ C:\Windows\system32\InstallUtil.InstallLog
2015-10-14 09:42 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-14 09:41 - 2015-07-03 13:51 - 00000000 ____D C:\Windows\system32\{3DA228BE-34DA-49f4-A081-66465B077429}
 
Some files in TEMP:
====================
C:\Users\te15927t\AppData\Local\Temp\Uninstall_CompleteTorrent.exe
C:\Users\user1\AppData\Local\Temp\Uninstall_CompleteTorrent.exe
C:\Users\user1\AppData\Local\Temp\{5C7FABA7-7A57-42BB-AA2A-55DADADA416D}-GoogleUpdateSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-10 09:46
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
Ran by jallenh (2015-11-12 13:51:11)
Running from D:\temp
Microsoft Windows 7 Enterprise  Service Pack 1 (X86) (2014-07-25 13:46:31)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3452821577-3394138591-3816337184-500 - Administrator - Disabled)
Guest (S-1-5-21-3452821577-3394138591-3816337184-501 - Limited - Disabled)
user1 (S-1-5-21-3452821577-3394138591-3816337184-1000 - Administrator - Enabled) => C:\Users\user1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\{1F5E5F2E-5E61-431D-B796-58CCC6B68E28}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\{C4B32291-F7B2-4BEC-BA4D-4195676A08CC}) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM\...\{A4488E5C-1022-432A-8066-72E1C4023310}) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\{A580818A-6519-4120-AB1C-F4F6FCFAA7D0}) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\{222B5B5E-DE82-48AB-A906-FB366339338A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Cisco Systems VPN Client 5.0.06.0160 (HKLM\...\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}) (Version: 5.0.6 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 12.1.0.30 - Citrix Systems, Inc.)
ConfigMgr Client Setup Bootstrap (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden
Configuration Manager Client (Version: 5.00.8239.1000 - Microsoft Corporation) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Gail Howard's Smart Luck Advantage Gold™ version 4.0.1.92 (HKLM\...\{27743227-FA7F-4265-8802-0FA36262B349}_is1) (Version: 4.0.1.92 - Gail Howard's Smart Luck)
Google Chrome (HKLM\...\{B903EB60-537C-3462-836A-514220BAD8F3}) (Version: 66.101.32853 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HP LoadRunner - Analysis (HKLM\...\{4636C03A-B041-442B-AA33-C0BF6C40B3A9}) (Version: 12.0.2739.0 - HP)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.1 - Intel)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3040 - Intel Corporation)
i-TOUCH (HKLM\...\{4396FAB0-7E28-4FC8-A3CE-B7D4147A9CE7}) (Version: 1.0.0 - Wipro)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Juniper Networks Network Connect 7.4.0 (HKLM\...\Juniper Network Connect 7.4.0) (Version: 7.4.0.30667 - Juniper Networks)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\Juniper_Setup_Client) (Version: 7.4.9.45013 - Juniper Networks, Inc.)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Host Intrusion Prevention (HKLM\...\{6B005DF6-6B6E-4551-B632-B0001DF50499}_Uninst) (Version: 8.00.0402 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0402 - McAfee, Inc.) Hidden
MDOP MBAM (HKLM\...\{D369D2E5-3330-499C-8FE7-81BA660FA8BB}) (Version: 2.5.0244.0 - Microsoft Corporation)
Media Go (HKLM\...\{C9ACDF2C-F9A5-4F17-A6FA-97FF908DC4AA}) (Version: 3.0.278 - Sony)
Media Go Network Downloader (HKLM\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.107.05220 (HKLM\...\{7348D0F2-3DAC-0BE7-4E7C-64844D2E3CA9}) (Version: 2.20.107.05220 - Sony)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySupport Manager ODC V1.1 (HKLM\...\MySupport Manager ODC V1.1_is1) (Version: 1.1 - Wipro)
Nexthink Collector (Version: 5.3.02003 - Nexthink S.A.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
ParaBlu EPA (HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\{44EEB8EA-37A5-4866-8852-0AC4B90F86CD}_is1) (Version: 1.1506.35 - ParaBlu)
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Service Manager (HKLM\...\Service Manager) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.15.14.201510090937 - Sony Mobile Communications Inc.)
Sony PC Companion 2.10.289 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.289 - Sony)
TestFrame Engine v2013.05 (Build 68) (HKLM\...\TestFrame Engine_is1) (Version:  - CGI, Nederland BV)
TestFrame Toolbar V3 Release 2013.02.4 Beta (Build 460) (HKLM\...\TestFrame Toolbar_is1) (Version: 2013.02.4 Beta - CGI Nederland BV, IKC T&QM)
Uninstall Startup Inspector (HKLM\...\{DE114695-AE58-4B66-8E0F-2505188602FB}_is1) (Version:  - )
VNC Viewer 5.2.3 (HKLM\...\{F8E906E7-1077-4476-8CA2-57912B72B0A8}) (Version: 5.2.3 - RealVNC Ltd)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-57989841-616249376-1801674531-742043_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\T30_MC\atucfobj.dll (Cisco WebEx LLC)
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-30 09:05 - 2015-11-09 13:43 - 01027100 ____N C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu
 
There are 12287 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {012803E5-639E-4B2C-AEDD-943A916CBB33} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {0B096CAD-B767-4E63-857E-A814686C2421} - System32\Tasks\{508CAF50-0478-498E-A280-8DD8EEEFF506} => pcalua.exe -a C:\Users\jallenh\Downloads\chromeinstall-8u51.exe -d C:\Users\jallenh\Downloads
Task: {3F4E00E6-96D5-42E7-8D46-999D613DF106} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {56BDCFD7-3291-483A-9FF1-C82DE7F8D701} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {28348617-86c3-47db-b4aa-377291623094} L-156021761.wipro.com => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {639068DC-58B1-4AE8-A23B-DBF8637CC448} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {89A01C6F-C676-4ED7-9AD1-0E6154EAE397} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-04] (Adobe Systems Incorporated)
Task: {947E91C5-2C75-49AE-B674-2E5338202CED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {ABCD278C-2512-46AF-BD4F-D5D94DC57E36} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {ADA26E5A-4DEA-43AF-9514-88FEDA3C3E76} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F6E02F92-7BC5-4767-8969-48076E208CCA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {F98328CB-BAE3-4471-A2F1-3ECA20C3B831} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-04-14] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-10-01 19:33 - 2012-10-01 19:33 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-03 19:39 - 2013-04-03 19:39 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 10:15 - 2010-10-20 10:15 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-07-25 14:00 - 2014-04-29 17:06 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2012-10-01 19:32 - 2012-10-01 19:32 - 01014400 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2015-11-11 08:44 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 08:44 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\sharepoint.com -> hxxps://wipro365.sharepoint.com
IE trusted site: HKU\S-1-5-21-57989841-616249376-1801674531-742043\...\twutil.net -> hxxp://hpcwp02.twutil.net
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-57989841-616249376-1801674531-742043\Control Panel\Desktop\\Wallpaper -> C:\Users\jallenh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.179.2.249 - 10.179.2.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: ehRecvr => 2
MSCONFIG\Services: ehSched => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IEEtwCollectorService => 3
MSCONFIG\Services: Mcx2Svc => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: tgsrvc_mysupport => 2
MSCONFIG\Services: WinDefend => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^i-TOUCH.lnk => C:\Windows\pss\i-TOUCH.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: Wipro => "C:\Program Files\Settings\WiproRunReg.vbs"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E82054DF-9F59-49D8-9CF5-C8097D1B7B1A}] => (Allow) C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{6FFF93D2-16DA-4545-8A2C-83579EC6B5F3}] => (Allow) C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{80278F12-5726-4736-93F7-1DA78D8F88BE}] => (Allow) C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{50382A82-2924-4D6B-99C5-A6705C0E0A58}] => (Allow) C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{C8A3E259-8C54-4C32-8E01-D101834F9552}] => (Allow) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{E22DA5C2-3431-4C69-8CEA-14C2630D55BE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{5A5DED08-2E8F-47B8-8B0D-5B1AA133C8C0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{B9F2C758-DCA2-4EAA-9BB7-197E7EA00E64}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{27632B57-DCF3-4F63-8BE2-9A5ADD5922E9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2BC11B17-538D-46FC-A08C-078B8BC89A91}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AC5A65B7-0E03-4780-923E-1B63021826BB}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{1B2DEC32-CF43-4ABC-B941-908EBB79DDC9}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{1D6629D1-2F52-4388-AF39-6CA5B032F90B}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{28839D75-1D46-4C98-BAEC-4D7CE07965A7}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [UDP Query User{856708E9-DC82-49BC-A755-B33570F9E3E7}C:\program files\microsoft office\office15\lync.exe] => (Allow) C:\program files\microsoft office\office15\lync.exe
FirewallRules: [{9340129A-C4A7-4EC1-BED7-1E429CC58E30}] => (Allow) LPort=64313
FirewallRules: [{AADEF0FE-E001-48E3-A26F-6D57824354FA}] => (Allow) LPort=5000
FirewallRules: [{D18E9586-7F63-41B8-B923-D02574418D44}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{CAE1D08C-25DC-4E70-8CEC-9A3B50AA1BDC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2B293F62-7C15-44DF-9367-8EEFA7989CDC}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{000CAE9C-063A-4AAF-B6FE-4A9D3B3E6E55}] => (Allow) C:\Program Files\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [TCP Query User{F882B879-4470-4D8B-AEEF-877D28D595A2}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{631B412B-8ABA-4F95-A31E-6F90D194ABC3}D:\diablo iii\diablo iii.exe] => (Allow) D:\diablo iii\diablo iii.exe
FirewallRules: [{A5E2E278-1052-48AC-85FE-2AB08CBA8135}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{8C8EBF29-98D9-4EE6-AD0C-DD717BAC77B1}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{DEFD5342-1F43-4AE0-AF4E-9959075C6D6A}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{1B3A537C-1B72-40AB-A9C3-D984F2D0A5F7}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{EF48A8BA-7644-45CF-B5B4-D9C5EDAE6642}] => (Allow) D:\Winamp\winamp.exe
FirewallRules: [{8091EC72-44FF-4854-97CF-EE789C490E95}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/12/2015 12:24:55 PM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 11:18:56 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 11:04:12 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 10:58:08 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 10:36:21 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 10:16:51 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 10:09:00 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 09:58:07 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005
 
Error: (11/12/2015 09:28:03 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
Error: (11/12/2015 09:23:11 AM) (Source: Outlook) (EventID: 62) (User: )
Description: Unable to create a Microsoft Classification Engine session for user: [email protected] - error code 0x80040206.
 
 
System errors:
=============
Error: (11/12/2015 12:58:38 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: WIPRO)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/12/2015 11:17:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/12/2015 11:03:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (11/12/2015 11:03:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (11/12/2015 11:03:48 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (11/12/2015 11:03:38 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1054) (User: WIPRO)
Description: The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
 
Error: (11/12/2015 11:03:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (11/12/2015 11:03:23 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
Error: (11/12/2015 11:03:23 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (11/12/2015 11:03:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: 
%%1058
 
 
CodeIntegrity:
===================================
  Date: 2015-11-12 12:07:53.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:07:53.729
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.249
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-11-12 12:05:15.217
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\KLELAMX86\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 3240.9 MB
Available physical RAM: 1104.06 MB
Total Virtual: 6480.09 MB
Available Virtual: 3799.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:97.56 GB) (Free:62.83 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:123.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 22F8D777)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements


#2
akudashaku

akudashaku

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

This issue started when I unplugged a Barco dongle, before ejecting from Windows.

 

It has since gone away, but it seemed to act like a virus.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP