Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Main Start Disk Spins And System Doesn't Work


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

It looked like you might have part of bluebeam turned off in msconfig.  Wonder if that could cause the lock up?

 

Can you do any of these:

 

Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), 
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top about 10 lines down.) Save the file.  Attach the file to your next post.  (More Reply Options, Choose File, Open, Attach This File)
 
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 

  • 0

Advertisements


#17
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
I will have to shut down and try safe mode. When I came out of the warning screen Bluebeam was shut down and everything is slogging through mud. It seems like each action or click to do anything creates problems and I can hover over icons and they hilight but actions are not working they just cause this freeze up.
  • 0

#18
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Here is the speccy file


  • 0

#19
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
I forgot to boot to full system before running files
  • 0

#20
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Full boot speccy file

Attached Files


  • 0

#21
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
 
Hardware Interrupts and DPCs TXT file
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 84.60 0 K 24 K 0
TrustedInstaller.exe 5.67 6,168 K 11,304 K 4160 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 2.46 6,720 K 13,856 K 7820 Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1.99 205,952 K 142,416 K 1008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 1.36 34,908 K 58,464 K 656 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
ActiveHealth.exe 0.72 61,144 K 70,848 K 128 HP Active Health HP Inc. (Verified) Hewlett-Packard Company
mbam.exe 0.67 29,220 K 128,524 K 4736 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
Interrupts 0.54 0 K 0 K n/a Hardware Interrupts and DPCs
System 0.37 124 K 340 K 4
softmon.exe 0.31 31,992 K 57,588 K 3768 LANDESK Software Monitor LANDESK Software, Inc. and its affiliates. (Verified) LANDesk Software
csrss.exe 0.13 12,448 K 65,804 K 528 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
Avira.ServiceHost.exe 0.13 41,540 K 13,048 K 3836 Avira Service Host Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
dwm.exe 0.12 140,244 K 93,824 K 3660 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
vpnui.exe 0.11 8,116 K 51,180 K 4416 Cisco AnyConnect User Interface Cisco Systems, Inc. (Verified) Cisco Systems
svchost.exe 0.11 233,324 K 241,084 K 948 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 0.11 4,548 K 8,004 K 1616 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.08 16,348 K 18,632 K 1044 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.08 71,368 K 157,608 K 7136 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.05 4,004 K 8,496 K 1116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.05 66,748 K 32,292 K 4336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
netsession_win.exe 0.04 8,092 K 44,300 K 6116 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
mbamservice.exe 0.03 299,820 K 201,824 K 2568 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsass.exe 0.02 26,952 K 32,192 K 584 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
FF_Protection.exe 0.02 2,276 K 27,976 K 5380 FF_Protection MFC Application (Verified) STMicroelectronics
Avira.Systray.exe 0.02 57,164 K 5,580 K 1476 Avira Launcher Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
WLIDSVC.EXE 0.02 8,024 K 15,844 K 3824 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
BCMWLTRY.EXE 0.02 43,748 K 35,228 K 1652 DW WLAN Card Wireless Network Controller Dell Inc. (No signature was present in the subject) Dell Inc.
hasplms.exe 0.02 14,588 K 26,248 K 2460 Aladdin HASP License Manager Service Aladdin Knowledge Systems Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
services.exe 0.02 9,236 K 13,256 K 568 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
WLTRAY.EXE 0.01 47,752 K 35,820 K 5732 DW WLAN Card Wireless Network Tray Applet Dell Inc. (No signature was present in the subject) Dell Inc.
svchost.exe 0.01 6,400 K 10,592 K 828 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiApSrv.exe 0.01 2,472 K 6,824 K 7608 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.01 42,568 K 99,424 K 1160 Google Chrome Google Inc. (Verified) Google Inc
SearchIndexer.exe 0.01 62,396 K 53,196 K 2740 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.01 50,128 K 66,324 K 6024 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 0.01 3,208 K 5,128 K 592 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
Apoint.exe 0.01 3,472 K 10,328 K 5764 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
svchost.exe < 0.01 9,736 K 19,140 K 972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe < 0.01 35,600 K 44,796 K 2160 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe < 0.01 2,660 K 7,264 K 6852 iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
tmcsvc.exe < 0.01 6,340 K 33,140 K 2932 Targeted Multicast Client Service Executable LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
daemonu.exe < 0.01 15,772 K 53,804 K 2704 NVIDIA Settings Update Manager NVIDIA Corporation (Verified) NVIDIA Corporation
kavehost.exe < 0.01 170,740 K 71,464 K 2884 Kaspersky Anti-Virus SDK 8 Level 3 Kaspersky Lab ZAO (Verified) Kaspersky Lab
wlanext.exe < 0.01 1,968 K 5,416 K 1544 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
OfficeClickToRun.exe < 0.01 32,204 K 46,688 K 2276 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
LMS.exe < 0.01 2,880 K 14,492 K 6200 Local Manageability Service Intel Corporation (Verified) Intel Corporation
AppleMobileDeviceService.exe < 0.01 4,276 K 11,468 K 2144 MobileDeviceService Apple Inc. (Verified) Apple Inc.
SASCore64.exe < 0.01 1,720 K 4,356 K 1372 Core Service SUPERAntiSpyware.com (Verified) SUPERAntiSpyware.com
csrss.exe < 0.01 2,700 K 5,496 K 432 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
residentAgent.exe < 0.01 2,780 K 572 K 2240 Resident Agent Application Avocent Corporation (No signature was present in the subject) Avocent Corporation
localsch.exe < 0.01 5,988 K 37,176 K 2532 LocalSch LANDESK Software, Inc. and its affiliates. (Verified) LANDesk Software
wmpnetwk.exe < 0.01 7,124 K 8,132 K 7024 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 13,492 K 14,188 K 2572 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
iCloudDrive.exe < 0.01 21,468 K 106,124 K 6088 iCloud Drive Apple Inc. (Verified) Apple Inc.
HPSupportSolutionsFrameworkService.exe < 0.01 49,276 K 45,872 K 6140 HP Support Solutions Framework Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
iCloudServices.exe < 0.01 61,580 K 159,512 K 1952 iCloud Services Apple Inc. (Verified) Apple Inc.
SDIOAssist.exe < 0.01 2,560 K 27,876 K 3724 SDIOAssist O2Micro. (Verified) O2Micro Inc.
issuser.exe < 0.01 3,740 K 29,340 K 2816 Remote Control Client LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
AVService.exe < 0.01 8,684 K 49,396 K 2992 LANDesk AV Service LANDesk Software, Inc. and its affiliates. (Verified) LANDesk Software
nvvsvc.exe < 0.01 6,624 K 15,940 K 1676 NVIDIA Driver Helper Service, Version 327.62 NVIDIA Corporation (Verified) NVIDIA Corporation
iTunesHelper.exe < 0.01 5,132 K 14,424 K 4640 iTunesHelper Apple Inc. (Verified) Apple Inc.
spoolsv.exe < 0.01 15,552 K 25,552 K 1800 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
netsession_win.exe < 0.01 3,244 K 35,220 K 5784 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
conhost.exe < 0.01 1,208 K 3,384 K 1552 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
stacsv64.exe < 0.01 6,832 K 7,928 K 116 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WUDFHost.exe 1,884 K 5,548 K 3648 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 25,476 K 39,332 K 3956 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLTRYSVC.EXE 1,608 K 3,940 K 1516 DW WLAN Card Wireless Network Service Dell Inc. (No signature was present in the subject) Dell Inc.
WLIDSVCM.EXE 1,548 K 3,888 K 3880 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 3,636 K 9,056 K 400 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,756 K 5,020 K 508 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WaveAMService.exe 2,424 K 6,092 K 3860 WaveAMService Wave Systems Corp. (No signature was present in the subject) Wave Systems Corp.
vpnagent.exe 5,944 K 46,176 K 1344 VPN Agent Service Cisco Systems, Inc. (Verified) Cisco Systems
upeksvr.exe 5,296 K 13,836 K 2004 Fingerprint Server Process for Vista UPEK Inc. (Verified) UPEK Inc.
UNS.exe 5,904 K 36,904 K 8008 User Notification Service Intel Corporation (Verified) Intel Corporation
TdmService.exe 3,220 K 9,940 K 2032 TDM Service Wave Systems Corp. (Verified) Wave Systems Corp.
taskeng.exe 2,736 K 7,388 K 2192 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,816 K 7,712 K 5888 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 13,532 K 16,668 K 1996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,224 K 11,360 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,500 K 21,032 K 896 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,744 K 7,924 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,376 K 7,020 K 8148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 8,276 K 14,564 K 2424 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,268 K 6,128 K 3784 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,584 K 6,248 K 5020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 9,008 K 19,720 K 5320 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
srvany.exe 1,004 K 7,012 K 3368 (No signature was present in the subject)
sqlwriter.exe 2,396 K 6,824 K 3256 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 48,352 K 58,332 K 3172 SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe 1,676 K 8,616 K 4072 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
sppsvc.exe 2,700 K 8,684 K 5008 Microsoft Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Windows
spnsrvnt.exe 2,028 K 9,996 K 4028 Sentinel Protection Server for SuperPro and UltraPro network keys SafeNet, Inc (Verified) SafeNet
sntlkeyssrvr.exe 2,320 K 10,680 K 3792 SafeNet, Inc. (Verified) SafeNet
smss.exe 600 K 1,296 K 320 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
rcgui.exe 1,868 K 24,112 K 2656 Remote Control Client LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
procexp.exe 2,584 K 8,184 K 1780 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PrintIsolationHost.exe 1,932 K 5,216 K 7104 PrintIsolationHost Microsoft Corporation (Verified) Microsoft Windows
policy.client.invoker.exe 4,152 K 32,424 K 2912 LANDesk Policy Invoker Service LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
PDVD9Serv.exe 1,540 K 24,316 K 5780 PowerDVD RC Service CyberLink Corp. (Verified) CyberLink
pds.exe 2,100 K 5,544 K 2712 CBA -- Ping Discovery Service LANDesk Software Ltd. (No signature was present in the subject) LANDesk Software Ltd.
ONENOTEM.EXE 2,512 K 26,760 K 5628 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
o2flash.exe 1,104 K 10,780 K 3244 O2 Flash Memory Service O2Micro International (Verified) O2Micro Inc.
NvXDSync.exe 9,760 K 22,060 K 1668 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 3,392 K 8,360 K 788 NVIDIA Driver Helper Service, Version 327.62 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 3,772 K 9,012 K 4404 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
msiexec.exe 2,620 K 6,984 K 3132 Windows® installer Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 2,396 K 6,184 K 2184 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamscheduler.exe 5,232 K 39,328 K 3016 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
LDAV.exe 4,100 K 36,528 K 4196 LANDesk Antivirus client LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
jhi_service.exe 1,400 K 13,968 K 2844 Intel  IPT Host Interface Service Intel Corporation (Verified) Intel® Identity Protection Technology Software
IPROSetMonitor.exe 1,732 K 4,752 K 2772 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
IntuitUpdateService.exe 22,044 K 116,240 K 6588 Intuit Update Service Intuit Inc. (Verified) Intuit
iCloudPhotos.exe 23,764 K 129,752 K 4848 iCloud Photo Library Apple Inc. (Verified) Apple Inc.
HostStorageService.exe 1,972 K 4,876 K 1940 Host Storage Application Broadcom Corporation (Verified) Broadcom Corp
HostControlService.exe 2,712 K 5,332 K 1904 Host Control Application Broadcom Corporation (Verified) Broadcom Corp
hidfind.exe 1,904 K 5,208 K 1100 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
GWX.exe 4,812 K 3,544 K 4708 GWX Microsoft Corporation (Verified) Microsoft Windows
DCPSysMgrSvc.exe 3,312 K 10,936 K 5116 Dell - System Manager Service Dell Inc. (Verified) Dell Inc
conhost.exe 1,284 K 3,568 K 2384 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,804 K 5,304 K 6084 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
collector.exe 1,324 K 9,624 K 2360 collector Application LANDesk Software, Inc. and its affiliates (No signature was present in the subject) LANDesk Software, Inc. and its affiliates 
client64.exe 6,388 K 13,688 K 3588 Snow Inventory Client Snow Software AB (No signature was present in the subject) Snow Software AB
chrome.exe 85,952 K 95,940 K 7744 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,488 K 21,976 K 7640 Google Chrome Google Inc. (Verified) Google Inc
btwdins.exe 2,664 K 6,496 K 2208 Bluetooth Support Server Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
BBPrint.exe 1,944 K 4,892 K 4656 BBPrint Application Bluebeam Software, Inc. (Verified) Bluebeam Software
audiodg.exe 16,888 K 16,928 K 968 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
APSDaemon.exe 6,404 K 77,800 K 2528 Apple Push Apple Inc. (Verified) Apple Inc.
ApplePhotoStreams.exe 14,388 K 119,312 K 1360 iCloud Photo Stream Apple Inc. (Verified) Apple Inc.
ApntEx.exe 2,480 K 5,992 K 5308 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Alps Electric Co.
ApMsgFwd.exe 2,680 K 6,308 K 1292 ApMsgFwd Alps Electric Co., Ltd. (Verified) Alps Electric Co.
amtmon.exe 1,784 K 29,128 K 2964 amtmon service application LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.
AESTSr64.exe 1,324 K 3,136 K 1828 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher

  • 0

#22
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

VEW SYSTEM

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/06/2016 8:53:43 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/06/2016 5:25:12 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/06/2016 5:41:21 AM
Type: Error Category: 0
Event: 1129 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Log: 'System' Date/Time: 19/06/2016 5:39:42 AM
Type: Error Category: 0
Event: 1055 Source: Microsoft-Windows-GroupPolicy
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:  a) Name Resolution failure on the current domain controller.  b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Log: 'System' Date/Time: 19/06/2016 5:39:42 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The NTRU TSS v1.2.1.36 TCS service depends the following service: TBS. This service might not be installed.
 
Log: 'System' Date/Time: 19/06/2016 5:39:42 AM
Type: Error Category: 0
Event: 5719 Source: NETLOGON
This computer was not able to set up a secure session with a domain controller in domain HENSELPHELPS due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.    ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
 
Log: 'System' Date/Time: 19/06/2016 5:35:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:35:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:35:07 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:34:41 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:34:41 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:34:41 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:34:10 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
Log: 'System' Date/Time: 19/06/2016 5:33:54 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
 
Log: 'System' Date/Time: 19/06/2016 5:33:46 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
 
Log: 'System' Date/Time: 19/06/2016 5:33:01 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:33:01 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:33:01 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:32:43 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:32:43 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:32:43 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
 
Log: 'System' Date/Time: 19/06/2016 5:29:53 AM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/06/2016 5:43:41 AM
Type: Warning Category: 0
Event: 10154 Source: Microsoft-Windows-WinRM
The WinRM service failed to create the following SPNs: WSMAN/590W7RSB3.henselphelps.com; WSMAN/590W7RSB3.    Additional Data   The error received was 1355: %%1355.   User Action   The SPNs can be created by an administrator using setspn.exe utility.
 
Log: 'System' Date/Time: 19/06/2016 5:40:35 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
Log: 'System' Date/Time: 19/06/2016 5:40:33 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
Log: 'System' Date/Time: 19/06/2016 5:40:33 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name henselphelps.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/06/2016 5:39:42 AM
Type: Warning Category: 0
Event: 19 Source: Sentinel64
The event description cannot be found.
 
Log: 'System' Date/Time: 19/06/2016 5:39:34 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 19/06/2016 5:39:20 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.
 
Log: 'System' Date/Time: 19/06/2016 5:38:38 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped. 
 
Log: 'System' Date/Time: 19/06/2016 5:26:23 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name henselphelps.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/06/2016 5:25:35 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.
 
Log: 'System' Date/Time: 19/06/2016 5:25:20 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device USB\VID_0A5C&PID_5800&MI_01\7&66de6c9&0&0001.
 
Log: 'System' Date/Time: 19/06/2016 5:25:19 AM
Type: Warning Category: 0
Event: 27 Source: e1cexpress
Intel® 82579LM Gigabit Network Connection  Network link is disconnected. 
 
Log: 'System' Date/Time: 19/06/2016 5:01:34 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name cn1.redswoosh.akadns.net timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/06/2016 4:55:47 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
Log: 'System' Date/Time: 19/06/2016 4:55:45 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
Log: 'System' Date/Time: 19/06/2016 4:55:35 AM
Type: Warning Category: 0
Event: 27 Source: e1cexpress
Intel® 82579LM Gigabit Network Connection  Network link is disconnected. 
 
Log: 'System' Date/Time: 19/06/2016 4:22:38 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name henselphelps.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/06/2016 4:22:03 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name henselphelps.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/06/2016 4:22:01 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
Log: 'System' Date/Time: 19/06/2016 4:22:00 AM
Type: Warning Category: 0
Event: 129 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a domain peer to use as a time source because of discovery error. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The entry is not found. (0x800706E1)
 
 
VEW APPLICATION
 
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 19/06/2016 8:55:16 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/06/2016 5:50:37 AM
Type: Error Category: 0
Event: 401 Source: HP Active Health
SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Log: 'Application' Date/Time: 19/06/2016 5:49:52 AM
Type: Error Category: 0
Event: 1100 Source: HP Active Health
Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.    at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)    at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Log: 'Application' Date/Time: 19/06/2016 5:49:52 AM
Type: Error Category: 0
Event: 1101 Source: HP Active Health
DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Log: 'Application' Date/Time: 19/06/2016 5:46:20 AM
Type: Error Category: 0
Event: 401 Source: HP Active Health
SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Log: 'Application' Date/Time: 19/06/2016 5:46:08 AM
Type: Error Category: 0
Event: 1100 Source: HP Active Health
Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.    at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)    at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Log: 'Application' Date/Time: 19/06/2016 5:46:07 AM
Type: Error Category: 0
Event: 1101 Source: HP Active Health
DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Log: 'Application' Date/Time: 19/06/2016 5:42:49 AM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 19/06/2016 5:40:09 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Log: 'Application' Date/Time: 19/06/2016 5:39:39 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:39 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:39 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:39 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Log: 'Application' Date/Time: 19/06/2016 5:39:38 AM
Type: Error Category: 2
Event: 2002 Source: Microsoft-Windows-EapHost
Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/06/2016 5:52:14 AM
Type: Warning Category: 0
Event: 401 Source: HP Active Health
SmartDrive executable didn't pass digital signature validation - won't collect hard drive information. [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Log: 'Application' Date/Time: 19/06/2016 5:50:21 AM
Type: Warning Category: 0
Event: 6 Source: HP Active Health
Invalid SerialNumber for manufacture date
 
Log: 'Application' Date/Time: 19/06/2016 5:49:56 AM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
 
Log: 'Application' Date/Time: 19/06/2016 5:49:51 AM
Type: Warning Category: 0
Event: 30 Source: HP Active Health
Using alternative method to task creation
 
Log: 'Application' Date/Time: 19/06/2016 5:46:05 AM
Type: Warning Category: 0
Event: 6 Source: HP Active Health
Invalid SerialNumber for manufacture date
 
Log: 'Application' Date/Time: 19/06/2016 5:45:59 AM
Type: Warning Category: 0
Event: 30 Source: HP Active Health
Using alternative method to task creation
 
Log: 'Application' Date/Time: 19/06/2016 5:41:19 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> took 86 second(s) to handle the notification event (Logon).
 
Log: 'Application' Date/Time: 19/06/2016 5:40:52 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <Profiles> is taking long time to handle the notification event (Logon).
 
Log: 'Application' Date/Time: 19/06/2016 5:40:05 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance BECKTECHNOLOGY is not valid.
 
Log: 'Application' Date/Time: 19/06/2016 5:38:38 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   8 user registry handles leaked from \Registry\User\S-1-5-21-2903611290-4059586168-1443931954-5841391:
Process 524 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391
Process 524 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391
Process 892 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main\FeatureControl
Process 524 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\SystemCertificates\MY
Process 524 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\SystemCertificates\CA
Process 524 (\Device\HarddiskVolume3\Windows\System32\lsass.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\SystemCertificates\Disallowed
Process 892 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 892 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Windows\CurrentVersion\Internet Settings
 
 
Log: 'Application' Date/Time: 19/06/2016 5:38:38 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 19/06/2016 5:38:37 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 19/06/2016 5:27:16 AM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
 
Log: 'Application' Date/Time: 19/06/2016 5:18:07 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-1338001094-3292723480-2479503419-1001}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 19/06/2016 5:18:07 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <csc://{S-1-5-21-2903611290-4059586168-1443931954-2447}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 19/06/2016 5:18:07 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{S-1-5-21-1338001094-3292723480-2479503419-1001}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
(HRESULT : 0x80004005) (0x80004005)
 
 
Log: 'Application' Date/Time: 19/06/2016 5:14:53 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <mapi://{S-1-5-21-2903611290-4059586168-1443931954-5841391}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
Document filtering cannot be completed because the document server did not respond within the specified timeout. Try crawling the server later, or increase the timeout values.  (HRESULT : 0x80040d7b) (0x80040d7b)
 
 
Log: 'Application' Date/Time: 19/06/2016 5:10:55 AM
Type: Warning Category: 3
Event: 10023 Source: Microsoft-Windows-Search
The protocol host process 8000 did not respond and is being forcibly terminated {filter host process 4772}. 
 
 
Log: 'Application' Date/Time: 19/06/2016 5:06:00 AM
Type: Warning Category: 0
Event: 36 Source: Outlook
Search cannot complete the indexing of your Outlook data. Indexing cannot continue for C:\Users\RSB3.HENSELPHELPS\Documents\Outlook Files\Randy Files.pst (error=0x8194081f). If this error continues, contact Microsoft Support.
 
Log: 'Application' Date/Time: 19/06/2016 5:05:55 AM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <ONEINDEX16://{S-1-5-21-2903611290-4059586168-1443931954-5841391}/> cannot be accessed.
 
Context:  Application, SystemIndex Catalog
 
Details:
Document filtering cannot be completed because the document server did not respond within the specified timeout. Try crawling the server later, or increase the timeout values.  (HRESULT : 0x80040d7b) (0x80040d7b)
 
 

  • 0

#23
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

I just ran sfc /scannow and it did not find anything.


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Speccy says it's running a bit hot.  65 C.  Make sure you run it on a hard surface.  A soft surface will block the air vents.

 

 
  See if you can get Speedfan to work:
 
 
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
 
It will tell you your temps in real time.  65 is marginal.  70 and above time for concern.
 
 

 

Speccy also says your hard drive is dying.

 

Following attributes are not looking that good even tho status is good:

 

01
Attribute name Read Error Rate
Real value 0
Current 103
Worst 86
Threshold 6
Raw Value 000B7569EA
Status Good
 
...
05
Attribute name Reallocated Sectors Count
Real value 9
Current 100
Worst 100
Threshold 36
Raw Value 0000000009
Status Good
07
Attribute name Seek Error Rate
Real value 0
Current 74
Worst 60
Threshold 30
Raw Value 001462FE7C
Status Good
 
...
 
 
BB
Attribute name Reported Uncorrectable Errors
Real value 1,612
Current 1
Worst 1
Threshold 0
Raw Value 000000064C
Status Good
BC
Attribute name Command Timeout
Real value 98
Current 100
Worst 90
Threshold 0
Raw Value 0000000062
Status Good
 
BF
Attribute name G-sense error rate
Real value 192
Current 100
Worst 100
Threshold 0
Raw Value 00000000C0
Status Good

 

 

 
It's a Seagate and they never last very long.  Time to clone it before it fails.  Stick with Western Digital (Black if you can afford it)
 
Process Explorer says you have a windows update in progress.  
 
TrustedInstaller.exe 5.67
 
Try the System Update Readiness Tool for Windows 7
 
This link is for 64 bit:
 
 
 
 
Also I see Kaspersky and Avira programs when it appears you have LANDesk Antivirus client.  These may be leftover from previous installs.  But they should be removed.
 
You have some odd errors in your logs but I don't have time tonight to look at them.

  • 0

#25
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Speedfan

GPU: 0C

HD0: 37C

Temp1: 25C

Core 0: 54C-63C Hovers mainly upper 50s

Core 1: 57C-66C Hovers mainly upper 50s


  • 0

Advertisements


#26
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

I disabled the screensaver because on return to login screen it would lockup.


  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Turn off Windows Search:

 

http://www.howtogeek...h-in-windows-7/

 

Clear the Java Cache by following the instructions on
 
You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
 
Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.
 
If you feel you must have Java:
Get the latest Java at:
 
Save it to your PC then close all browsers and install it.  Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.
 
(If you also want the 64 bit version then use the 64 bit version of IE to get it.)
 
 
 
Since you have Avira and it's newer than Landesk I would uninstall
 
LANDesk® Antivirus 
 
Two antiviruses are never a good thing.  They fight each other.
 
Also uninstall
 
SUPERAntiSpyware
 
Go in to msconfig and check everything.  It's hard to work on things when they are unchecked in msconfig.
 
 
 
 
1. Open Avira AntiVir Personal. (There is likely an icon on your desktop, or in your system tray by the clock.)
2. Click the "Configuration" link on the main screen. This opens the configuration panel.
3. Check the "Expert mode" option.
4. Click on General > Security.
5. *Uncheck* the option titled "Protect files and registry entries from manipulation".
6. Click the "OK" button.
7. Reboot your computer.
 
 
 
Download the attached fixlist.txt to the same location as FRST
 
Attached File  fixlist.txt   3.56KB   41 downloads
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 

 


  • 0

#28
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

I had previously uninstalled Avira.

 

Had to turn search back on to get MSCONFIG. Set to start all.

 

Deleted SuperantiSpy and Java. Did not reinstall Java.

 

Here are the 3 logs from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by RSB3 (administrator) on 590W7RSB3 (20-06-2016 08:47:20)
Running from C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
Loaded Profiles: UpdatusUser & RSB3 (Available Profiles: UpdatusUser & RSB3 & RSB3)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Avocent Corporation) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LANDesk Software, Inc. and its affiliates ) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\localsch.exe
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\kavehost.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Snow Software AB) C:\Program Files\INVENTORYCLIENT\client64.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Akamai Technologies, Inc.) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\LDAV.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-28] (Wave Systems Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-02] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LANDesk Antivirus] => C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDav.exe [911872 2011-11-22] (LANDesk Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-09] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe -update activex
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [Akamai NetSession Interface] => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe [40376 2013-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
Startup: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5
Tcpip\..\Interfaces\{32859399-331D-44E2-BEE4-1A667E4D1B94}: [DhcpNameServer] 143.185.76.234
Tcpip\..\Interfaces\{7828D661-366E-43A5-973A-8B0DA5E29CC3}: [DhcpNameServer] 213.57.2.5 213.57.22.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> DefaultScope {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = 
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.isqft.com/Applets/ScriptX/ScriptX.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} hxxps://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.henselphelps.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://ibeam4019.eairlink.com/activex/AMC.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-07-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: @citrixonline.com/appdetectorplugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: LWAPlugin15.8 -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: panasonic.com/PanasonicDrmPlugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Plugin\1.2.1.0\npPanasonicDrmPlugin.dll [2014-02-06] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin64-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] => not found
 
Chrome: 
=======
CHR Profile: C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Beck Technology Broker; C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe [159744 2012-06-30] () [File not signed]
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [147456 2011-08-01] (Avocent Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-05-01] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\localsch.exe [239776 2015-09-16] (LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.) [File not signed]
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1459200 2011-10-20] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 kavehost; C:\Program Files (x86)\LANDesk\LDClient\antivirus\kavehost.exe [91992 2012-03-14] (Kaspersky Lab ZAO)
R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [207872 2011-09-29] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2011-10-19] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LANDesk® Out-of-Band Monitor Service; C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [1058304 2011-10-14] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LDAVService; C:\Program Files (x86)\LANDesk\LDClient\antivirus\avservice.exe [597336 2011-11-23] (LANDesk Software, Inc. and its affiliates.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$BECKTECHNOLOGY; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)
R2 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client64.exe [4822528 2015-10-16] (Snow Software AB) [File not signed]
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [681128 2015-04-09] (LANDESK Software, Inc. and its affiliates.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-03-14] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-03-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [362072 2012-03-14] (Kaspersky Lab)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 pmem; \??\C:\Users\RSB3~1.HEN\AppData\Local\Temp\_MEI84002\drivers\winpmem64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist.txt
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (1).txt
2016-06-19 13:19 - 2016-06-19 13:36 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\INTEL ISRAEL
2016-06-19 13:12 - 2016-06-19 13:19 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\Desktop\PROGRAM SHORTCUTS
2016-06-19 13:05 - 2016-06-19 13:05 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\ElevatedDiagnostics
2016-06-19 11:39 - 2016-06-19 11:39 - 00000000 ___HT C:\Windows\wusa.lock
2016-06-19 11:39 - 2016-06-19 11:39 - 00000000 ____D C:\Windows\CheckSur
2016-06-19 11:31 - 2016-06-19 14:24 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-06-19 11:31 - 2016-06-19 11:31 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-06-19 11:31 - 2016-06-19 11:31 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-06-19 11:30 - 2016-06-19 11:30 - 02218504 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\instspeedfan451.exe
2016-06-19 11:29 - 2016-06-19 11:31 - 564744309 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-06-19 08:53 - 2016-06-19 08:55 - 00013749 _____ C:\VEW.txt
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW.exe
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW (1).exe
2016-06-19 08:33 - 2016-06-19 08:33 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\RSB3.HENSELPHELPS\Downloads\procexp.exe
2016-06-19 08:28 - 2016-06-19 08:29 - 05111240 _____ (Piriform Ltd) C:\Users\RSB3.HENSELPHELPS\Downloads\spsetup129.exe
2016-06-17 20:14 - 2016-06-17 20:14 - 00000448 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\spldr.zip
2016-06-17 20:14 - 2016-06-17 20:14 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Downloads\spldr
2016-06-17 13:27 - 2016-06-17 13:30 - 50716384 _____ (Microsoft Corporation) C:\Users\RSB3.HENSELPHELPS\Downloads\Windows-KB890830-x64-V5.37.exe
2016-06-17 13:02 - 2016-06-20 08:47 - 00000000 ____D C:\FRST
2016-06-17 13:02 - 2016-06-17 13:02 - 02386944 _____ (Farbar) C:\Users\RSB3.HENSELPHELPS\Downloads\FRST64.exe
2016-06-17 12:54 - 2016-06-19 12:55 - 00396006 _____ C:\Windows\ntbtlog.txt
2016-06-15 08:17 - 2016-05-18 19:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 08:17 - 2016-05-18 19:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 08:17 - 2016-05-12 20:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 08:17 - 2016-05-12 18:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 08:17 - 2016-05-12 17:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 08:17 - 2016-05-12 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 08:17 - 2016-05-12 16:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 08:16 - 2016-06-06 19:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 08:16 - 2016-06-06 19:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 08:16 - 2016-06-03 16:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 08:16 - 2016-05-22 16:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 08:16 - 2016-05-14 01:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 08:16 - 2016-05-14 00:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 08:16 - 2016-05-12 20:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 08:16 - 2016-05-12 20:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 08:16 - 2016-05-12 20:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 08:16 - 2016-05-12 20:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 08:16 - 2016-05-12 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 08:16 - 2016-05-12 18:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 08:16 - 2016-05-12 17:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 08:16 - 2016-05-12 17:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 08:16 - 2016-05-12 17:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 16:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-12 16:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 18:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 17:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 08:16 - 2016-03-09 22:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 08:16 - 2016-03-09 21:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 08:15 - 2016-05-24 02:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 08:15 - 2016-05-24 01:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 08:15 - 2016-05-21 20:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 08:15 - 2016-05-21 19:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 08:15 - 2016-05-21 01:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 08:15 - 2016-05-21 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 08:15 - 2016-05-21 01:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 01:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 08:15 - 2016-05-21 01:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 08:15 - 2016-05-21 00:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 08:15 - 2016-05-21 00:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 08:15 - 2016-05-21 00:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 08:15 - 2016-05-21 00:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 08:15 - 2016-05-21 00:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 08:15 - 2016-05-21 00:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 08:15 - 2016-05-21 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 08:15 - 2016-05-21 00:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 08:15 - 2016-05-21 00:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 08:15 - 2016-05-20 23:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 08:15 - 2016-05-20 23:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 08:15 - 2016-04-14 19:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 08:15 - 2016-04-14 19:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 08:15 - 2016-04-14 18:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 08:15 - 2016-04-09 09:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 08:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 08:15 - 2016-04-09 08:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-13 12:52 - 2016-06-13 12:52 - 00142086 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\cc_20160613_125156.reg
2016-06-13 11:20 - 2016-06-19 11:28 - 00000000 ____D C:\ProgramData\Avira
2016-06-13 11:19 - 2016-06-13 11:20 - 04630840 _____ (Avira Operations GmbH & Co. KG) C:\Users\RSB3.HENSELPHELPS\Downloads\avira_en_av_575e6cb2edd39__ws.exe
2016-06-13 10:30 - 2016-06-13 11:06 - 00000000 ____D C:\Program Files (x86)\LingoCom
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\Windows\SysWOW64\winsys.lng
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\ProgramData\winsys.lng
2016-06-13 10:30 - 2007-05-03 18:00 - 00081920 _____ C:\Windows\SysWOW64\GkSui20.EXE
2016-06-13 10:29 - 2016-06-13 10:29 - 02796627 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\LingoWare-heb.exe
2016-06-09 18:15 - 2016-06-17 03:39 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRSB3.job
2016-06-09 18:15 - 2016-06-16 18:36 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRSB3
2016-06-09 15:59 - 2016-06-09 15:59 - 00002235 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2016-06-08 13:40 - 2016-06-08 13:40 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\HpReg_Backup
2016-06-08 13:33 - 2016-06-09 18:15 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Hewlett-Packard
2016-06-08 13:33 - 2016-06-08 13:33 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\System.sav
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-06-08 13:29 - 2016-06-08 13:29 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\hpqLog
2016-06-08 13:27 - 2016-06-08 13:51 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-06-08 13:26 - 2016-06-08 13:30 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-06-08 13:24 - 2016-06-08 13:24 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\RSB3.HENSELPHELPS\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-06-01 14:25 - 2016-06-01 14:25 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\New folder
2016-05-29 10:04 - 2016-05-30 12:47 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\ISRAEL Tel Nof Airbase
2016-05-26 14:48 - 2016-05-26 14:48 - 00268800 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\yazdayrr.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-20 08:46 - 2009-07-14 08:13 - 00871934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-20 08:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-20 08:45 - 2013-12-19 02:24 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
2016-06-20 08:43 - 2012-04-05 18:51 - 00000000 ____D C:\ProgramData\vulScan
2016-06-20 08:41 - 2015-11-20 20:11 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\iCloudDrive
2016-06-20 08:40 - 2014-11-11 10:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 08:40 - 2011-11-02 00:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 08:39 - 2011-11-02 00:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 08:37 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 08:35 - 2009-07-14 07:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 08:35 - 2009-07-14 07:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 08:23 - 2011-10-26 19:30 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Outlook Files
2016-06-20 08:18 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-20 08:01 - 2012-04-05 18:54 - 00000000 ____D C:\ProgramData\LANDeskAV
2016-06-20 07:52 - 2014-02-14 19:48 - 00000608 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-20 07:51 - 2015-05-30 17:46 - 00000704 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-19 16:31 - 2014-08-17 14:45 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Recover Documents
2016-06-19 13:36 - 2015-02-04 08:35 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Randy Personal June 16
2016-06-19 13:17 - 2016-01-08 17:01 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Monti
2016-06-19 13:11 - 2011-10-18 11:30 - 00000000 ____D C:\Users\UpdatusUser
2016-06-19 12:39 - 2013-07-26 23:47 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 11:28 - 2014-06-12 20:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-19 09:45 - 2016-05-05 09:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\UAV ISRAEL BEST VALUE
2016-06-19 09:25 - 2015-05-30 17:46 - 00003736 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-19 09:25 - 2014-02-14 19:48 - 00003640 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-19 08:43 - 2011-10-18 12:11 - 00000000 ____D C:\ProgramData\Sonic
2016-06-19 08:10 - 2009-07-14 08:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-17 20:59 - 2014-11-23 09:49 - 00000000 ____D C:\Program Files\Defraggler
2016-06-17 13:38 - 2013-06-11 22:53 - 00000000 ____D C:\Program Files (x86)\Axis Communications
2016-06-17 13:30 - 2011-10-26 18:07 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-17 04:29 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 03:40 - 2009-07-14 07:45 - 00587760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 03:36 - 2014-12-14 08:35 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 03:17 - 2013-07-15 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 17:21 - 2014-09-14 06:52 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\CrashDumps
2016-06-13 19:31 - 2010-11-21 06:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 11:27 - 2014-12-22 15:59 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-13 10:15 - 2016-03-12 16:57 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\OLD UAV Israel
2016-06-10 12:58 - 2016-01-08 16:55 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Desktop Excel Files
2016-06-09 16:02 - 2012-02-11 18:27 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\.gimp-2.6
2016-06-08 13:39 - 2014-08-10 10:44 - 00000000 ____D C:\ProgramData\HP
2016-06-08 13:30 - 2011-10-18 11:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-08 13:27 - 2011-10-26 19:24 - 00165400 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-29 15:59 - 2014-06-12 01:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Intel Israel
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-25 11:55 - 2011-10-26 19:21 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft Help
2016-05-24 08:04 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-22 16:51 - 2013-02-05 01:51 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Estimating Class
 
==================== Files in the root of some directories =======
 
2012-10-03 17:31 - 2013-06-13 17:53 - 7656960 _____ () C:\Program Files (x86)\Common Files\Innovaya BIM Software.msi
2012-08-10 19:33 - 2012-08-10 19:33 - 0000118 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\history.Word.pwcdat
2015-05-14 12:54 - 2015-05-14 12:54 - 0004096 ____H () C:\Users\RSB3.HENSELPHELPS\AppData\Local\keyfile3.drm
2016-06-09 15:59 - 2016-06-09 15:59 - 0002235 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2014-05-08 18:24 - 2015-03-23 11:50 - 0007624 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\Resmon.ResmonCfg
2014-08-10 10:44 - 2014-08-10 10:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-08 18:04 - 2015-03-04 08:21 - 0000828 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-01-08 17:28 - 2014-09-16 08:53 - 0000441 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-06-13 10:30 - 2016-06-13 10:30 - 0000928 _____ () C:\ProgramData\winsys.lng
 
Files to move or delete:
====================
C:\Users\RSB3.HENSELPHELPS\ccsetup312.exe
 
 
Some files in TEMP:
====================
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfamcc00001.dll
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 00:32
 
==================== End of FRST.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2016 01
Ran by RSB3 (administrator) on 590W7RSB3 (20-06-2016 08:48:59)
Running from C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
Loaded Profiles: UpdatusUser & RSB3 (Available Profiles: UpdatusUser & RSB3 & RSB3)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Avocent Corporation) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LANDesk Software, Inc. and its affiliates ) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\localsch.exe
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\kavehost.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\AVService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\SysWOW64\srvany.exe
(O2Micro.) C:\Windows\SysWOW64\SDIOAssist.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Snow Software AB) C:\Program Files\INVENTORYCLIENT\client64.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Akamai Technologies, Inc.) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\Antivirus\LDAV.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-28] (Wave Systems Corp.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-02] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LANDesk Antivirus] => C:\Program Files (x86)\LANDesk\LDClient\antivirus\LDav.exe [911872 2011-11-22] (LANDesk Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-09] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [Babylon Client] => C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe -update activex
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [Akamai NetSession Interface] => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [HP Officejet 7500 E910 (NET)] => C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe [40376 2013-03-07] (Citrix Online, a division of Citrix Systems, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
Startup: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-05-18]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * lsdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 213.57.2.5 213.57.22.5
Tcpip\..\Interfaces\{32859399-331D-44E2-BEE4-1A667E4D1B94}: [DhcpNameServer] 143.185.76.234
Tcpip\..\Interfaces\{7828D661-366E-43A5-973A-8B0DA5E29CC3}: [DhcpNameServer] 213.57.2.5 213.57.22.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.com/
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> DefaultScope {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = 
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-05-01] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-05-01] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-05-01] (Microsoft Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.isqft.com/Applets/ScriptX/ScriptX.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} hxxps://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.henselphelps.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://ibeam4019.eairlink.com/activex/AMC.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-07-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-05-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: @citrixonline.com/appdetectorplugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: LWAPlugin15.8 -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: panasonic.com/PanasonicDrmPlugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Plugin\1.2.1.0\npPanasonicDrmPlugin.dll [2014-02-06] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin64-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] => not found
 
Chrome: 
=======
CHR Profile: C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Beck Technology Broker; C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe [159744 2012-06-30] () [File not signed]
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [147456 2011-08-01] (Avocent Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2912496 2016-05-01] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\localsch.exe [239776 2015-09-16] (LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.) [File not signed]
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1459200 2011-10-20] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 kavehost; C:\Program Files (x86)\LANDesk\LDClient\antivirus\kavehost.exe [91992 2012-03-14] (Kaspersky Lab ZAO)
R2 LANDesk Policy Invoker; C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [207872 2011-09-29] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [179200 2011-10-19] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LANDesk® Out-of-Band Monitor Service; C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [1058304 2011-10-14] (LANDesk Software, Inc. and its affiliates.) [File not signed]
R2 LDAVService; C:\Program Files (x86)\LANDesk\LDClient\antivirus\avservice.exe [597336 2011-11-23] (LANDesk Software, Inc. and its affiliates.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$BECKTECHNOLOGY; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
R2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)
R2 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client64.exe [4822528 2015-10-16] (Snow Software AB) [File not signed]
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [681128 2015-04-09] (LANDESK Software, Inc. and its affiliates.)
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2012-03-14] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2012-03-14] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [362072 2012-03-14] (Kaspersky Lab)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2011-05-13] (LANDesk Software, Inc. and its affiliates.)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
S3 pmem; \??\C:\Users\RSB3~1.HEN\AppData\Local\Temp\_MEI84002\drivers\winpmem64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist.txt
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (1).txt
2016-06-19 13:19 - 2016-06-19 13:36 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\INTEL ISRAEL
2016-06-19 13:12 - 2016-06-19 13:19 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\Desktop\PROGRAM SHORTCUTS
2016-06-19 13:05 - 2016-06-19 13:05 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\ElevatedDiagnostics
2016-06-19 11:39 - 2016-06-19 11:39 - 00000000 ___HT C:\Windows\wusa.lock
2016-06-19 11:39 - 2016-06-19 11:39 - 00000000 ____D C:\Windows\CheckSur
2016-06-19 11:31 - 2016-06-19 14:24 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-06-19 11:31 - 2016-06-19 11:31 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-06-19 11:31 - 2016-06-19 11:31 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-06-19 11:30 - 2016-06-19 11:30 - 02218504 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\instspeedfan451.exe
2016-06-19 11:29 - 2016-06-19 11:31 - 564744309 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-06-19 08:53 - 2016-06-19 08:55 - 00013749 _____ C:\VEW.txt
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW.exe
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW (1).exe
2016-06-19 08:33 - 2016-06-19 08:33 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\RSB3.HENSELPHELPS\Downloads\procexp.exe
2016-06-19 08:28 - 2016-06-19 08:29 - 05111240 _____ (Piriform Ltd) C:\Users\RSB3.HENSELPHELPS\Downloads\spsetup129.exe
2016-06-17 20:14 - 2016-06-17 20:14 - 00000448 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\spldr.zip
2016-06-17 20:14 - 2016-06-17 20:14 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Downloads\spldr
2016-06-17 13:27 - 2016-06-17 13:30 - 50716384 _____ (Microsoft Corporation) C:\Users\RSB3.HENSELPHELPS\Downloads\Windows-KB890830-x64-V5.37.exe
2016-06-17 13:02 - 2016-06-20 08:48 - 00000000 ____D C:\FRST
2016-06-17 13:02 - 2016-06-17 13:02 - 02386944 _____ (Farbar) C:\Users\RSB3.HENSELPHELPS\Downloads\FRST64.exe
2016-06-17 12:54 - 2016-06-19 12:55 - 00396006 _____ C:\Windows\ntbtlog.txt
2016-06-15 08:17 - 2016-05-18 19:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 08:17 - 2016-05-18 19:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 08:17 - 2016-05-12 20:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 08:17 - 2016-05-12 18:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 08:17 - 2016-05-12 17:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 08:17 - 2016-05-12 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 08:17 - 2016-05-12 16:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 08:16 - 2016-06-06 19:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 08:16 - 2016-06-06 19:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 08:16 - 2016-06-03 16:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 08:16 - 2016-05-22 16:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 08:16 - 2016-05-14 01:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 08:16 - 2016-05-14 00:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 08:16 - 2016-05-12 20:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 08:16 - 2016-05-12 20:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 08:16 - 2016-05-12 20:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 08:16 - 2016-05-12 20:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 08:16 - 2016-05-12 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 08:16 - 2016-05-12 18:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 08:16 - 2016-05-12 17:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 08:16 - 2016-05-12 17:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 08:16 - 2016-05-12 17:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 16:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-12 16:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 18:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 17:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 08:16 - 2016-03-09 22:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 08:16 - 2016-03-09 21:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 08:15 - 2016-05-24 02:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 08:15 - 2016-05-24 01:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 08:15 - 2016-05-21 20:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 08:15 - 2016-05-21 19:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 08:15 - 2016-05-21 01:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 08:15 - 2016-05-21 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 08:15 - 2016-05-21 01:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 01:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 08:15 - 2016-05-21 01:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 08:15 - 2016-05-21 00:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 08:15 - 2016-05-21 00:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 08:15 - 2016-05-21 00:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 08:15 - 2016-05-21 00:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 08:15 - 2016-05-21 00:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 08:15 - 2016-05-21 00:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 08:15 - 2016-05-21 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 08:15 - 2016-05-21 00:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 08:15 - 2016-05-21 00:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 08:15 - 2016-05-20 23:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 08:15 - 2016-05-20 23:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 08:15 - 2016-04-14 19:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 08:15 - 2016-04-14 19:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 08:15 - 2016-04-14 18:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 08:15 - 2016-04-09 09:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 08:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 08:15 - 2016-04-09 08:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-13 12:52 - 2016-06-13 12:52 - 00142086 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\cc_20160613_125156.reg
2016-06-13 11:20 - 2016-06-19 11:28 - 00000000 ____D C:\ProgramData\Avira
2016-06-13 11:19 - 2016-06-13 11:20 - 04630840 _____ (Avira Operations GmbH & Co. KG) C:\Users\RSB3.HENSELPHELPS\Downloads\avira_en_av_575e6cb2edd39__ws.exe
2016-06-13 10:30 - 2016-06-13 11:06 - 00000000 ____D C:\Program Files (x86)\LingoCom
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\Windows\SysWOW64\winsys.lng
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\ProgramData\winsys.lng
2016-06-13 10:30 - 2007-05-03 18:00 - 00081920 _____ C:\Windows\SysWOW64\GkSui20.EXE
2016-06-13 10:29 - 2016-06-13 10:29 - 02796627 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\LingoWare-heb.exe
2016-06-09 18:15 - 2016-06-17 03:39 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRSB3.job
2016-06-09 18:15 - 2016-06-16 18:36 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRSB3
2016-06-09 15:59 - 2016-06-09 15:59 - 00002235 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2016-06-08 13:40 - 2016-06-08 13:40 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\HpReg_Backup
2016-06-08 13:33 - 2016-06-09 18:15 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Hewlett-Packard
2016-06-08 13:33 - 2016-06-08 13:33 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\System.sav
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-06-08 13:29 - 2016-06-08 13:29 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\hpqLog
2016-06-08 13:27 - 2016-06-08 13:51 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-06-08 13:26 - 2016-06-08 13:30 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-06-08 13:24 - 2016-06-08 13:24 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\RSB3.HENSELPHELPS\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-06-01 14:25 - 2016-06-01 14:25 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\New folder
2016-05-29 10:04 - 2016-05-30 12:47 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\ISRAEL Tel Nof Airbase
2016-05-26 14:48 - 2016-05-26 14:48 - 00268800 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\yazdayrr.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-20 08:48 - 2009-07-14 07:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-20 08:48 - 2009-07-14 07:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-20 08:46 - 2009-07-14 08:13 - 00871934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-20 08:46 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-20 08:45 - 2013-12-19 02:24 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
2016-06-20 08:43 - 2012-04-05 18:51 - 00000000 ____D C:\ProgramData\vulScan
2016-06-20 08:41 - 2015-11-20 20:11 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\iCloudDrive
2016-06-20 08:40 - 2014-11-11 10:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-20 08:40 - 2011-11-02 00:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-20 08:39 - 2011-11-02 00:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-20 08:37 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 08:23 - 2011-10-26 19:30 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Outlook Files
2016-06-20 08:18 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-20 08:01 - 2012-04-05 18:54 - 00000000 ____D C:\ProgramData\LANDeskAV
2016-06-20 07:52 - 2014-02-14 19:48 - 00000608 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-20 07:51 - 2015-05-30 17:46 - 00000704 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-19 16:31 - 2014-08-17 14:45 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Recover Documents
2016-06-19 13:36 - 2015-02-04 08:35 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Randy Personal June 16
2016-06-19 13:17 - 2016-01-08 17:01 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Monti
2016-06-19 13:11 - 2011-10-18 11:30 - 00000000 ____D C:\Users\UpdatusUser
2016-06-19 12:39 - 2013-07-26 23:47 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 11:28 - 2014-06-12 20:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-19 09:45 - 2016-05-05 09:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\UAV ISRAEL BEST VALUE
2016-06-19 09:25 - 2015-05-30 17:46 - 00003736 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-19 09:25 - 2014-02-14 19:48 - 00003640 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-19 08:43 - 2011-10-18 12:11 - 00000000 ____D C:\ProgramData\Sonic
2016-06-19 08:10 - 2009-07-14 08:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-17 20:59 - 2014-11-23 09:49 - 00000000 ____D C:\Program Files\Defraggler
2016-06-17 13:38 - 2013-06-11 22:53 - 00000000 ____D C:\Program Files (x86)\Axis Communications
2016-06-17 13:30 - 2011-10-26 18:07 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-17 04:29 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-17 03:40 - 2009-07-14 07:45 - 00587760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-17 03:36 - 2014-12-14 08:35 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 03:17 - 2013-07-15 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 17:21 - 2014-09-14 06:52 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\CrashDumps
2016-06-13 19:31 - 2010-11-21 06:27 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 11:27 - 2014-12-22 15:59 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-13 10:15 - 2016-03-12 16:57 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\OLD UAV Israel
2016-06-10 12:58 - 2016-01-08 16:55 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Desktop Excel Files
2016-06-09 16:02 - 2012-02-11 18:27 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\.gimp-2.6
2016-06-08 13:39 - 2014-08-10 10:44 - 00000000 ____D C:\ProgramData\HP
2016-06-08 13:30 - 2011-10-18 11:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-08 13:27 - 2011-10-26 19:24 - 00165400 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-29 15:59 - 2014-06-12 01:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Intel Israel
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-25 11:55 - 2011-10-26 19:21 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft Help
2016-05-24 08:04 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-05-22 16:51 - 2013-02-05 01:51 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Estimating Class
 
==================== Files in the root of some directories =======
 
2012-10-03 17:31 - 2013-06-13 17:53 - 7656960 _____ () C:\Program Files (x86)\Common Files\Innovaya BIM Software.msi
2012-08-10 19:33 - 2012-08-10 19:33 - 0000118 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\history.Word.pwcdat
2015-05-14 12:54 - 2015-05-14 12:54 - 0004096 ____H () C:\Users\RSB3.HENSELPHELPS\AppData\Local\keyfile3.drm
2016-06-09 15:59 - 2016-06-09 15:59 - 0002235 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2014-05-08 18:24 - 2015-03-23 11:50 - 0007624 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\Resmon.ResmonCfg
2014-08-10 10:44 - 2014-08-10 10:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-08 18:04 - 2015-03-04 08:21 - 0000828 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-01-08 17:28 - 2014-09-16 08:53 - 0000441 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-06-13 10:30 - 2016-06-13 10:30 - 0000928 _____ () C:\ProgramData\winsys.lng
 
Files to move or delete:
====================
C:\Users\RSB3.HENSELPHELPS\ccsetup312.exe
 
 
Some files in TEMP:
====================
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfamcc00001.dll
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 00:32
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by RSB3 (2016-06-20 08:49:49)
Running from C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
Windows 7 Professional Service Pack 1 (X64) (2011-10-26 13:43:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1338001094-3292723480-2479503419-500 - Administrator - Disabled)
cba_anonymous (S-1-5-21-1338001094-3292723480-2479503419-1005 - Limited - Enabled)
Guest (S-1-5-21-1338001094-3292723480-2479503419-501 - Limited - Disabled)
RSB3 (S-1-5-21-1338001094-3292723480-2479503419-1001 - Administrator - Enabled) => C:\Users\RSB3
UpdatusUser (S-1-5-21-1338001094-3292723480-2479503419-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: LANDesk Antivirus client (Enabled - Up to date) {81FFFA3F-5728-2935-775B-945612FB42EE}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assemble Publisher Add-Ins (HKLM\...\{9D2BDAF2-059B-4D74-BCF5-98A4316B6AC4}) (Version: 2.0.5093 - Assemble Systems)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.6.11 - Autodesk, Inc.)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Revit 2014 (HKLM\...\Autodesk Revit 2014) (Version: 13.03.08151 - Autodesk)
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
Beck Technology Client Broker (HKLM-x32\...\InstallShield_{E0575819-21B7-4351-8671-7A5EA8A1B02E}) (Version: 2013.1.0.0 - Beck Technology)
Beck Technology Client Broker (x32 Version: 2013.1.0.0 - Beck Technology) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{8F81B206-1111-4EFA-8431-42BB992C5D76}) (Version: 12.5.0 - Bluebeam Software)
Bluebeam Revu x64 12 (Version: 12.5.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C.H.I. Overhead Doors Division 8 Binder (HKLM-x32\...\{53F6F4AA-8D9E-4BFA-8D32-3CE71D62D3CE}) (Version: 1.2.0 - C.H.I. Overhead Doors)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Crystal Reports Runtime (HKLM-x32\...\{974518D4-7C04-4B2D-AADC-0D4F303E275F}) (Version: 1.00.0000 - Autodesk)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.6.214 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DProfiler (HKLM-x32\...\InstallShield_{43D028A6-8D0C-4D6F-AD95-983F0D916FBE}) (Version: 2013.1.0.0 - Beck Technology)
DProfiler (x32 Version: 2013.1.0.0 - Beck Technology) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse)
Free Audio Editor 2015 9.2.2 (HKLM-x32\...\Free Audio Editor 2015_is1) (Version:  - FAE Distribution, Inc.)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GIMP 2.6.12 (HKLM\...\GIMP-2_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
HASP SRM Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.50.1.8213 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)
HEDB Search (HKLM-x32\...\{510FE46E-7A12-4A6B-BC67-D52F1320265A}) (Version: 2.0.0 - RhinoWare)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
ICE (HKLM-x32\...\ICE) (Version:  - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Innovaya BIM Software (HKLM-x32\...\{77308AFD-5146-4B93-94CA-195B70DD5A2E}) (Version: 13.06.13 - Innovaya, LLC)
Innovaya BIM Software (x32 Version: 13.06.13 - Innovaya, LLC) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
iSqFt Full Viewer V4.01 (HKLM-x32\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version:  - )
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KONICA MINOLTA C554Series(PS_PCL_FAX) (HKLM\...\KONICA MINOLTA C554Series Installer(PS_PCL_FAX)) (Version:  - KONICA MINOLTA)
LANDesk Advance Agent (x32 Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Antivirus (HKLM-x32\...\LANDesk Antivirus) (Version: 9.0.3.45 - LANDesk Software)
LANDesk® Common Base Agent 8 (x32 Version: 9.0.3.5 - LANDesk Software, Ltd) Hidden
Lotus Notes 6 (HKLM-x32\...\{9C7D4FF4-6494-4E7C-ABE5-D850DAC4AFA6}) (Version: 6.00.2269 - IBM)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marketing Fonts (HKLM\...\{DB5BBA53-18F6-4F1B-B86D-2F4B5BB6503F}) (Version: 1.00 - Hensel Phelps Construction Co.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{3184EDDE-ED8D-4A3F-A575-99BD5FE3A524}) (Version: 15.8.8945.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6001.1078 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
OCR program for Yiddish (HKLM-x32\...\{5A6F726F-6AB8-4772-6576-650200000001}) (Version: 1.0.1 - Ulrich Greve)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6001.1078 - Microsoft Corporation) Hidden
On-Screen Takeoff (HKLM-x32\...\{028CDFF6-4C1B-4A70-8501-1267F02D2DC0}) (Version: 3.9.0.6 - On Center Software, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Panasonic DRM Plugin (HKLM-x32\...\{9C267E0B-9058-49D4-96F4-D42056D22B59}) (Version: 1.2.1.0 - Panasonic Avionics Corporation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.55 - NCH Software)
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
QHOCR 0.8.3-alpha (HKLM-x32\...\QHOCR) (Version: 0.8.3-alpha - Diego Iastrubni)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revit 2014 (Version: 13.03.08151 - Autodesk) Hidden
Revit 2014 Language Pack - English (Version: 13.03.08151 - Autodesk) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Meetings App (HKLM-x32\...\{240D565E-3537-4048-8920-FAAB2A136A84}) (Version: 16.2.0.23 - Microsoft Corporation)
Snow Inventory Client for Windows (x64) (HKLM\...\{7C22D831-EF1A-4780-B30F-B5AD8618E10B}) (Version: 3.7.03 - Snow Software AB)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VEO (HKLM\...\{8E5F8472-D15D-40C3-B3B1-31EFC90D473B}) (Version: 1.10.2.8 - M-SIX)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WDO HEDB Input (HKLM-x32\...\{90AE3C9A-FCD2-4983-8ABA-71AE16C0AA28}) (Version: 2.0.0 - RhinoWare)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinEx Master 8.6 (HKLM-x32\...\ROCTEKWXM_is1) (Version:  - Roctek Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\GatewayVersion-x64.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {036DDC5B-5693-4909-8109-8229D870DE32} - System32\Tasks\HPCeeScheduleForRSB3 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {1A250898-7CD9-4BDD-B7D9-73DDC85BA32E} - System32\Tasks\{D7EE196F-D8AC-4E82-9512-51733FB40E21} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{E0575819-21B7-4351-8671-7A5EA8A1B02E}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {3037077E-2725-44A3-A9A4-E11424DEDC46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN54B1R13F => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {3C8D347F-62D9-4453-BC5F-08FA11FC4414} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN48E1M09J => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {3FB7CCFA-9DAD-4A73-8A13-B3C5A0DE26E3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4036B04A-485A-4260-B22A-F08F0372BB98} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {4B273B21-7393-4270-8668-6249AD64D28B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {501E0B71-A4F9-4837-B7F8-2A47E420D52B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {602EA474-68BB-4CFE-9C3C-99E81DE32960} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-05-01] (Microsoft Corporation)
Task: {7D85EAD0-0B56-4C0C-AA2B-102B9802FEEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {96AC5031-CF00-43D5-A9F2-3A14B2B43303} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN42DB612Q => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {A17371AF-CC0F-470A-B036-04CE2205DABD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-05-01] (Microsoft Corporation)
Task: {A3E665F0-992B-49AE-8B13-3CDDADBF42E0} - System32\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391 => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe [2016-06-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B01F7F52-C520-4DEB-AEB7-7ADFC884B491} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH58T2B0Y1 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {B6066635-8E67-4A85-BD9B-D7C5E789B9DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C0C42714-2531-4CD7-9BEA-E7EB17DB9774} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {C6FF5ADC-C18A-4203-9F2B-5A01F779CB29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {CB099B0B-501D-495A-92AC-B408A7C851B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {D206A83A-453F-4C61-ADF2-A7EBBC1688C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {D2C2A4A7-B2FA-4B2E-886B-0C6CB9DF1636} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {D4F4E11C-2197-4727-85AC-F8607C9E3E35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
Task: {EA5A557B-FAE6-4F7F-BFB2-36E605A68A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN46SC605T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-04-22] (HP Inc.)
Task: {F0358E70-E940-4563-B0C0-D786A163DB92} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-05-18] (HP Inc.)
Task: {F046DDE2-EE66-42E8-A24F-89E2351F7F14} - System32\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391 => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe [2016-06-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FBE46357-80F8-4A66-B784-4271DE49FAE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {FCECE817-D7AF-426C-ABB8-00410A4B3944} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-05-01] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe C:\Users\RSB3.HEN
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe C:\Users\RSB3.HEN
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRSB3.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-05-28 02:06 - 2013-10-29 02:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-10-31 21:17 - 2010-09-21 20:11 - 00015360 _____ () C:\Windows\System32\KOAZ8A_L.DLL
2013-06-14 21:50 - 2009-12-26 04:52 - 00015360 _____ () C:\Windows\System32\KOAYTJ_L.DLL
2011-06-17 17:49 - 2011-06-17 17:49 - 00034304 _____ () C:\Windows\System32\ssp8ml6.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-06-30 21:46 - 2012-06-30 21:46 - 00159744 _____ () C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe
2016-05-08 07:13 - 2016-05-01 04:52 - 00171712 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2011-10-18 11:50 - 2003-04-19 05:06 - 00008192 _____ () c:\Windows\SysWOW64\srvany.exe
2011-10-18 13:11 - 2013-12-04 12:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-05-18 07:25 - 2016-05-01 14:52 - 08911040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-29 13:23 - 2016-02-29 13:23 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-11-11 06:53 - 2010-11-11 06:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2011-10-18 11:48 - 2011-07-25 17:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-10-18 13:10 - 2011-06-10 21:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 18:35 - 2010-11-17 18:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-12-13 01:36 - 2013-12-13 01:36 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-06-30 21:46 - 2012-06-30 21:46 - 00032768 _____ () C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\Beck.Licensing.CommonResources.dll
2012-04-05 18:49 - 2011-10-14 14:29 - 00186880 _____ () C:\Program Files (x86)\LANDesk\LDClient\httprequest.dll
2012-04-05 18:49 - 2014-07-24 16:29 - 00107008 _____ () C:\Program Files (x86)\LANDesk\LDClient\rollinglog.dll
2012-04-05 18:49 - 2009-11-24 02:51 - 00433664 _____ () C:\Program Files (x86)\LANDesk\LDClient\sqlite3.dll
2012-04-05 18:49 - 2009-11-24 02:51 - 00024576 _____ () C:\Program Files (x86)\LANDesk\LDClient\ProcessRunner.dll
2012-04-05 18:50 - 2011-09-19 14:31 - 00073728 _____ () C:\Program Files (x86)\LANDesk\LDClient\policy.client.business.dll
2012-04-05 18:49 - 2011-11-22 06:44 - 00118272 _____ () C:\Program Files (x86)\LANDesk\LDClient\uncauthentication.dll
2012-04-05 18:49 - 2014-07-24 16:29 - 00107008 _____ () C:\Program Files (x86)\LANDesk\LDClient\RollingLog.dll
2012-04-05 18:49 - 2007-04-20 17:28 - 00106567 _____ () C:\Program Files (x86)\LANDesk\LDClient\ThinstallManageApi.dll
2016-05-18 07:25 - 2016-05-01 14:40 - 08911048 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2010-11-25 06:44 - 2010-11-25 06:44 - 00375280 _____ () C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
2016-06-19 12:39 - 2016-06-15 12:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 12:39 - 2016-06-15 12:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-1338001094-3292723480-2479503419-1000\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\isqft.com -> www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123simsen.com -> www.123simsen.com
 
There are 7856 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2015-02-04 23:56 - 00000009 ____A C:\Windows\system32\Drivers\etc\hosts
 
റഊഊ
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Control Panel\Desktop\\Wallpaper -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 213.57.2.5 - 213.57.22.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: SBSDWSCService => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{09DC3A69-14F5-4F76-850A-43738484FE45}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{92A633B8-C7F1-45EF-B05F-0710BE9CB274}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CEA6EEE4-ECC1-4488-B3A4-A28AC603AFC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F3F9491E-7075-4ECB-8D0E-11FB6673AAC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{94559D38-1D98-4894-8437-8FE2FF39D17B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D43D0FE8-AA0E-4BF9-A063-EF14B553D74A}] => (Allow) LPort=2869
FirewallRules: [{6B106493-479F-4B88-8BB7-E7E9F84C2440}] => (Allow) LPort=1900
FirewallRules: [{87F28516-97DF-4E24-8221-98546F44C26A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9AD703F9-B18A-4A13-94E0-923C0777C1AE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4F597DDC-9DA9-4B1D-A4DF-831C8CAE2976}] => (Allow) C:\Program Files (x86)\MC² Software\ice.exe
FirewallRules: [{51D40BC4-848F-4421-B8D0-A20C08416122}] => (Allow) C:\Program Files (x86)\MC² Software\ice.exe
FirewallRules: [{C200DFBF-E53C-45A2-B095-00FE74ADCB8C}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{D150C8EB-DA4C-4779-BA38-7642DA94F6BC}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{35EF6013-5AAD-4D96-B77F-24E2B3246054}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{E704DE47-FCEC-4BC6-A614-FC0C4DCA7DA2}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{2CF56BB3-0C81-45BB-9DCA-ABB70F851FA8}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{8F21FE6A-D366-4D58-B592-058D892AE0B5}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{CCF7AC55-7D97-4A22-90EF-39E7353956C9}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{22F09475-889E-48BA-9F0A-76BA9782FD2D}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{6605B5F7-C9F5-4F3A-AE85-00A6FC14D24B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{81B0251A-A135-45C8-930C-8D0696BCA691}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{3DD5C678-CCCB-419B-993E-AB05E5AF167F}] => (Allow) LPort=1947
FirewallRules: [{5C42A92D-0DA0-42A9-95E1-6CB365581235}] => (Allow) LPort=1947
FirewallRules: [TCP Query User{EB5ADA33-8801-4A37-BAAD-43D575762C03}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [UDP Query User{D10D20DA-132B-42FF-BA7A-4A8411F36670}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [{D01B929B-2072-4CD6-9EF4-678F33E40964}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{BD9F41FB-FDE2-4782-A5DD-8F0A2F5D35F5}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{6449FC24-6222-47EC-9B3A-8D326A3D0E78}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{17DB7700-B1E9-45B9-A9F2-57B5676E3E13}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{9DF12F63-2D8D-4587-97B0-36F0F3674A36}] => (Allow) LPort=18081
FirewallRules: [TCP Query User{1E81EC20-0EF0-4CCE-8472-C1BAD06CC22F}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [UDP Query User{6FC2C4BD-D8E8-45A1-9576-EFF440CF956D}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [{C2412DA9-FF8D-4E99-A9ED-41FE021F7ECC}] => (Allow) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{3382B3FF-DA91-4780-9718-11281A29D1F5}] => (Allow) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{5886D275-87A4-45E9-8BD8-47B75537264D}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AD757494-5EE2-4350-A530-BC0D436D3842}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A607C44D-B3D9-4FC2-B00D-FFEEFDC22046}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A275070F-328E-4629-8D7D-64FE989300CF}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BD5F3C63-2E54-4E1C-8277-1925E7A3AE66}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8216FDC2-4CCE-4F52-9E55-1133BCE2650F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1622D060-31E4-49DD-8BDE-1DFBE5FC91AD}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{09C394A8-9460-4474-9AF5-0BAFEFD62018}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [TCP Query User{10791C5C-D6A9-47DA-9514-7778B57F1498}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{7C98427B-EF00-4FFE-B1EC-A7AA3FC737EC}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [TCP Query User{ADC9A384-FDE8-4358-96D4-4B5F45AF9E88}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{20B02D3A-ED8E-4D59-B70B-8F58164EC818}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{AD8A1122-DFE0-46D1-B3C0-11E00985D904}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe
FirewallRules: [{75F2F4F3-A3BE-4206-9AE0-874647E1FC81}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe
FirewallRules: [{6058E809-3541-4F0A-BD96-904FA53B9B8A}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe
FirewallRules: [{4DB50116-59B8-47AF-B5D5-399F726A7BC9}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe
FirewallRules: [{34AC213D-AAAC-402B-97CA-15F1650482D8}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7398540A-0622-41F5-9094-D06E47AEA122}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B53BFB45-C813-4D75-BF43-DDE85EBB79E7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{1A3B1A4D-88F9-4EBF-879E-A7461AC3B42B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{E7DCB63D-BC31-4AD6-8802-86B0237092D7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{F55F3AFE-8681-4B75-A865-8BF9461D7D6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{0A3B9598-88BB-4208-9895-EE02CEDF8380}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1F39A7DB-1A70-42FA-81E9-66E975EB5956}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{EEA7D928-327A-488E-BA44-C7BC2A27E11C}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{A6347896-E600-4FB7-B964-51013F661237}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{BB637511-33DB-406F-B22D-53EE0C6D41FF}] => (Block) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{FEE9DD08-210A-4DCA-ABFF-4CB9EECF99CB}] => (Block) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [TCP Query User{2CB8F0CC-1735-4443-A495-4D43FBE93A8A}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{70436D8B-93B5-484E-B55D-7C6DFCF4F700}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [{B0492D2A-A6F9-4B93-83E5-3DE92D8C13AE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{542BDFBC-B020-4A18-8F69-40F0DD24AA9B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{791998C7-3738-4DF5-81D2-234F807CD9FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BAA3C795-1A22-4865-99BD-6CC53456811C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{16FBB992-2217-4417-829B-818E7846C4EB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{51CEFA99-5114-4623-B0F4-580DD62D2329}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E195DAB-2688-4FE0-9CA6-C10FD4DEAAAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2223CA30-8027-4DB9-93FB-30D7115384BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CE9D5B-7B0B-49D1-9730-4B7923CD105E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12CEF7A5-066D-442B-AF11-0D89AC89F010}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDE7754C-7632-49F2-9A84-400D55F52244}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{B42D776E-C4D4-4732-A0B8-61BCD632E0E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{76D0BC88-557A-4D15-A6BD-F2EB58C4F4FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{78F00D96-E6F3-4349-AF67-D30221BF1806}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0245A02C-F8EC-44BE-ACA0-D086B560A640}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{83F996A1-D5ED-4B53-8FA3-FBD989584CDA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BE5484A7-453F-4382-8D16-27919956217E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3C155DB7-67A3-4138-93DC-82DD3F9956C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{AA078FF6-6B06-4A31-A992-CBDF60F939EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6026D766-CEC1-45E2-A51B-E79D50F99064}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{EF0C789F-4811-4240-92F0-08750F7C880F}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
 
==================== Restore Points =========================
 
19-06-2016 11:26:28 Removed Avira Browser Safety
19-06-2016 11:39:42 Windows Update
20-06-2016 07:54:36 Windows Modules Installer
20-06-2016 08:16:27 Windows Modules Installer
20-06-2016 08:32:33 Removed Java 7 Update 55
 
==================== Faulty Device Manager Devices =============
 
Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 7500 E910
Description: Officejet 7500 E910
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/20/2016 08:45:23 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Error: (06/20/2016 08:45:12 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)
 
Error: (06/20/2016 08:45:10 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]
 
Error: (06/20/2016 08:39:32 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/20/2016 08:37:32 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/20/2016 08:37:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/20/2016 08:37:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (06/20/2016 08:37:29 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/20/2016 08:37:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/20/2016 08:37:26 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (06/20/2016 08:40:21 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HENSELPHELPS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/20/2016 08:37:32 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (06/20/2016 08:37:32 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HENSELPHELPS due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (06/20/2016 08:37:28 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (06/20/2016 08:21:36 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HENSELPHELPS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/20/2016 08:20:35 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/20/2016 08:19:33 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HENSELPHELPS due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (06/20/2016 08:19:25 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends the following service: TBS. This service might not be installed.
 
Error: (06/20/2016 08:00:07 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HENSELPHELPS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/20/2016 07:58:58 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 51%
Total physical RAM: 6025.02 MB
Available physical RAM: 2948.6 MB
Total Virtual: 12048.21 MB
Available Virtual: 8710.71 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:145.45 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 64582CAE)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 

  • 0

#29
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Ok, so here's a play by play:

 

After I post the FRST logs there were no running programs but Outlook.

 

Then I went to send an email and clicked on the NEW email icon in outlook. That's when the hard drive began spinning again and froze, just like what happened with Bluebeam. About 4 minutes later the new email window opened and when I clicked in the window to pull up the address it took a couple minutes to type then the body of the message took a couple minutes to type so by then it was taking so long I hit CTRL ALT DEL and that took forever to open but eventually did (the previous message that this option was not available did not pop up) and I tried to shut down OUTLOOK. After a while it shut down and then I shut the computer down and that took so long I finally did a hard shut down on the whole thing. I started it back up and now in full boot and none of that is going on.

 

What it feels like is that the system runs fine for a while, then I take some action that makes it freeze. The freeze feels like the image required to do anything is behind my request for action by several minutes, or, freezes up the machine. As I type this, the HD light is sporadic, not solid as when as when it freezes. If I stop typing, the HD light stays sporadic. From email to this post, with shut down and everything, with minor interruptions, has been 40 minutes.


  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Please do not make changes without telling me.

 

Doesn't appear that you ran the fixlist from  my last post.  Please do so then do a new FRST scan with Addition.txt checked.

 

Try leaving Process Explorer running and when you notice the hard drive starting to spin create a new process explorer log.  


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP