Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 7 Main Start Disk Spins And System Doesn't Work


  • Please log in to reply

#46
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

I figured out how to re-associate through OFFICE repair


  • 0

Advertisements


#47
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Right click on Computer and select Manage then Device Manager.  View, Show Hidden Devices.  In the right pane do you have any yellow flagged items?  What are they?

 

Run Speedfan as before.  This time click on the S.M.A.R.T. tab.  Click on the down arrow to the right of the Hard Disk box.  Select your hard drive.  Click on Perform and In-depth Online Analysis of this hard disk.  Your browser will open.

 

At the bottom of the new page will be a line:  

 
The link to get back and see a new report about this hard disk in the future is this.
 
Right click on the underlined "this" and select Copy Link Address.  Move to a Reply and Paste (Ctrl + v).
 
If that won't work then run Speccy again and attach its log.
 
I want to compare the current drive stats with the previous speccy log.  My feeling is that the drive needs to be replaced ASAP and that we are just rearranging deck chairs on the Titanic.

  • 0

#48
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Yellow cautions are on:

LANDdesk Remote Control Mirror Driver

Officejet 7500 E910

 

 

 

http://www.hddstatus...cation=452BB7ED


  • 0

#49
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Clicked on a message in Outlook causing disc spin and system freeze...
 
Interrupts spiked as high as 12.2
 
 
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 80.16 0 K 24 K 0
Interrupts 7.89 0 K 0 K n/a Hardware Interrupts and DPCs
sqlservr.exe 6.53 43,908 K 8,848 K 2816 SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 0.49 28,956 K 53,600 K 2316 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 1.32 161,420 K 127,756 K 1556 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
System 1.35 140 K 708 K 4
chrome.exe 0.87 30,776 K 60,192 K 5328 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.79 59,636 K 49,388 K 7100 Google Chrome Google Inc. (Verified) Google Inc
csrss.exe 0.07 11,356 K 64,256 K 504
chrome.exe 0.20 32,780 K 53,848 K 7120 Google Chrome Google Inc. (Verified) Google Inc
mbam.exe 0.12 33,548 K 55,328 K 1888
ApMsgFwd.exe < 0.01 2,716 K 5,916 K 4456
FF_Protection.exe 0.02 2,284 K 7,400 K 4588 FF_Protection MFC Application (Verified) STMicroelectronics
hasplms.exe 0.02 15,064 K 16,052 K 2244 Aladdin HASP License Manager Service Aladdin Knowledge Systems Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
AppleMobileDeviceService.exe 0.01 3,980 K 10,880 K 692 MobileDeviceService Apple Inc. (Verified) Apple Inc.
explorer.exe 0.04 72,960 K 97,140 K 5064 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Apoint.exe < 0.01 3,908 K 10,656 K 1696 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
OUTLOOK.EXE 0.01 97,644 K 177,444 K 5720 Microsoft Outlook Microsoft Corporation (Verified) Microsoft Corporation
LMS.exe < 0.01 2,216 K 5,696 K 2360 Local Manageability Service Intel Corporation (Verified) Intel Corporation - Intel® Management Engine Firmware
BCMWLTRY.EXE 0.01 34,736 K 28,924 K 2016
svchost.exe < 0.01 16,476 K 26,304 K 1012 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 248,496 K 256,040 K 988 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 27,712 K 31,788 K 1204 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 16,184 K 19,196 K 1536 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 7,528 K 11,092 K 616
svchost.exe 0.01 4,960 K 11,184 K 1280 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe < 0.01 30,436 K 49,932 K 332 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spnsrvnt.exe 2,044 K 5,356 K 2964 Sentinel Protection Server for SuperPro and UltraPro network keys SafeNet, Inc (Verified) SafeNet
taskhost.exe < 0.01 14,104 K 16,912 K 4764 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 0.01 59,316 K 53,400 K 1816 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
OfficeClickToRun.exe < 0.01 29,268 K 47,048 K 2096 Microsoft Office Click-to-Run Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe < 0.01 3,548 K 5,912 K 420
IntuitUpdateService.exe < 0.01 22,700 K 8,708 K 4412 Intuit Update Service Intuit Inc. (Verified) Intuit
localsch.exe 0.01 6,020 K 11,828 K 2284 LocalSch LANDESK Software, Inc. and its affiliates. (Verified) LANDesk Software
wmpnetwk.exe < 0.01 9,924 K 12,092 K 2368 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
sntlkeyssrvr.exe < 0.01 2,272 K 5,732 K 2928 SafeNet, Inc. (Verified) SafeNet
HPSupportSolutionsFrameworkService.exe < 0.01 48,476 K 46,036 K 4924 HP Support Solutions Framework Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
nvvsvc.exe < 0.01 6,376 K 15,156 K 1464
stacsv64.exe < 0.01 6,672 K 7,528 K 352 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
SearchProtocolHost.exe < 0.01 3,196 K 8,888 K 4708 Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe < 0.01 13,812 K 23,484 K 1140 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,848 K 5,256 K 4020
WUDFHost.exe 2,128 K 6,208 K 3872
WmiPrvSE.exe 8,532 K 14,024 K 3504
WLTRYSVC.EXE 1,512 K 3,728 K 1920
wlanext.exe 1,948 K 5,368 K 1928
winlogon.exe 3,432 K 8,604 K 568
wininit.exe 1,744 K 4,752 K 512
vpnagent.exe 6,628 K 15,192 K 1416 VPN Agent Service Cisco Systems, Inc. (Verified) Cisco Systems
upeksvr.exe 5,204 K 13,364 K 1620
TrustedInstaller.exe 10,512 K 15,548 K 2692 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 26,016 K 22,092 K 944 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,672 K 10,988 K 748 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 6,380 K 10,352 K 860 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1,184 K 3,028 K 2792
svchost.exe 4,852 K 8,732 K 1232 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,936 K 5,360 K 3960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,660 K 6,112 K 3972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,192 K 5,848 K 2788 Host Process for Windows Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 6,916 K 12,880 K 2200 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 9,008 K 19,268 K 4656 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
sqlwriter.exe 2,184 K 6,532 K 2624 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe 1,624 K 4,472 K 2416 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 556 K 1,248 K 312
SearchFilterHost.exe 2,248 K 5,452 K 5800
scanner64.exe 18,012 K 28,600 K 7148
procexp.exe 2,588 K 8,084 K 5616 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
powershell.exe 27,264 K 23,300 K 1124
pds.exe 2,164 K 5,616 K 2388
NvXDSync.exe 8,988 K 20,760 K 1456
nvvsvc.exe 2,992 K 7,740 K 820 NVIDIA Driver Helper Service, Version 327.62 NVIDIA Corporation (Verified) NVIDIA Corporation
nvtray.exe 3,492 K 8,468 K 4488 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
mbamservice.exe < 0.01 319,496 K 165,180 K 2696 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
mbamscheduler.exe 5,272 K 10,912 K 2568 Malwarebytes Anti-Malware Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe 2,980 K 4,804 K 636
lsass.exe 27,868 K 32,552 K 624 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
kavehost.exe 1,296 K 4,028 K 2512 Kaspersky Anti-Virus SDK 8 Level 3 Kaspersky Lab ZAO (Verified) Kaspersky Lab
jhi_service.exe 1,384 K 4,880 K 2480 Intel  IPT Host Interface Service Intel Corporation (Verified) Intel® Identity Protection Technology Software
IPROSetMonitor.exe 1,720 K 4,504 K 2452 Intel® PROSet Monitoring Service Intel Corporation (Verified) Intel Corporation
HostStorageService.exe 1,948 K 4,600 K 1176 Host Storage Application Broadcom Corporation (Verified) Broadcom Corp
HostControlService.exe 2,688 K 5,044 K 1380 Host Control Application Broadcom Corporation (Verified) Broadcom Corp
hidfind.exe 1,920 K 4,848 K 3428 Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Alps Electric Co.
GWX.exe < 0.01 4,436 K 708 K 5940 GWX Microsoft Corporation (Verified) Microsoft Windows
GoogleUpdate.exe 2,268 K 528 K 2064
explorer.exe 380 K 264 K 5548 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2,112 K 5,944 K 4568 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DCPSysMgrSvc.exe 3,296 K 10,668 K 3160 Dell - System Manager Service Dell Inc. (Verified) Dell Inc
conhost.exe 1,092 K 2,916 K 1940
conhost.exe 1,764 K 4,900 K 1008 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1,172 K 3,256 K 288
client64.exe 6,768 K 13,724 K 3060 Snow Inventory Client Snow Software AB (No signature was present in the subject) Snow Software AB
chrome.exe 0.02 2,448 K 5,668 K 5636 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1,604 K 4,696 K 2716 Google Chrome Google Inc. (Verified) Google Inc
btwdins.exe 2,628 K 6,500 K 2056 Bluetooth Support Server Broadcom Corporation. (A certificate was explicitly revoked by its issuer) Broadcom Corporation.
BBPrint.exe 1,668 K 4,416 K 1428 BBPrint Application Bluebeam Software, Inc. (Verified) Bluebeam Software
ApntEx.exe 2,552 K 5,684 K 5096 Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Alps Electric Co.
amtmon.exe 1,776 K 5,372 K 2540 amtmon service application LANDesk Software, Inc. and its affiliates. (No signature was present in the subject) LANDesk Software, Inc. and its affiliates.

Edited by cloroxmartini, 23 June 2016 - 12:54 AM.

  • 0

#50
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP
Yellow cautions are on:
LANDdesk Remote Control Mirror Driver
Officejet 7500 E910

 

 

 
I told you that LANDdesk was broken and needed to be reinstalled.  Have you done that?
 
Not sure what is wrong with Officejet 7500 E910
 
Is this a printer that is still attached to the PC?  If not, uninstall it.  If still in use then uninstall it and download a new copy and reinstall.
 
How big is your .pst file in Outlook?  Have you archived it recently?
Unless they have changed it the .pst file where it keeps all of your messages can grow to ridiculous size unless archived.  With your weak drive opening a very large .pst file or making changes to it can really stress the drive.

 
Interrupts 7.89 0 K 0 K n/a Hardware Interrupts and DPCs
sqlservr.exe 6.53 
 

 

 

Don't think I've ever seen Interrupts that high.
 
Sometimes a high Interrupts on a laptop can be caused by a very dead battery so if this is a laptop, shut it down remove the battery and restart it then after things have settled down from the reboot, run process explorer again.
 
Sometimes it's the video driver so boot into the safe mode menu and try the Low Resolution Video option run process explorer again
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears)
Sometimes it's a program so go into Safe Mode  and  run process explorer again (You won't be able to post it until you reboot into normal mode or into Safe Mode with Networking.)
 
If  Interrupts drops to a reasonable level (under 1.5)  when you go into Safe Mode then go in to msconfig and Go to Services tab and click on the box to hide Microsoft Services then uncheck everything that remains.  Go to Startup tab and uncheck everything.  OK and reboot.  If it doesn't reduce Interrupts then go back into msconfig and recheck the things you turned off.  If it helps then go back and turn on a few items each
time until you find the culprit.

  • 0

#51
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Interrupts on safe mode with networking ran 1.55 to 1.7

 

I turned off everything in MSCONFIG and when I would start program such as outlook or chrome the interrupts clipped up to 5 or 6, then settled back down to 1.8 to 2.2.


  • 0

#52
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Opened BLUEBEAM to do some work and interrupts went to 5 and stayed there. Once I closed it they went back to 1.8 to 2.2


  • 0

#53
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Closing everything bring them down to 1.77 or so with 2.08 every few seconds. Hard drive DOES NOT spin like it did when I open programs or a file. It will spurt until the program opens then almost nothing. Earlier today I had BLUEBEAM and OUTLOOK open and the thing froze to the point where I had to hard shut it down.


  • 0

#54
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

Currently I have speccy, bluebeam, and outlook open and interrupts are averaging 2.0


  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Did you get LANDesk and the HP Printer software reinstalled?

 

Can I see a new Speccy log?  Also Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

Let's see what it looks like with everything turned off in msconfig.

  • 0

Advertisements


#56
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

speccy file

Attached Files


  • 0

#57
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by RSB3 (administrator) on 590W7RSB3 (25-06-2016 21:39:02)
Running from C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
Loaded Profiles: RSB3 (Available Profiles: UpdatusUser & RSB3 & RSB3)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Sysinternals - www.sysinternals.com) C:\Users\RSB3.HENSELPHELPS\Desktop\Utils\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\RSB3~1.HEN\AppData\Local\Temp\procexp64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Policies\Explorer: [NoNetConnectDisconnect] 1
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-28] (Wave Systems Corp.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{32859399-331D-44E2-BEE4-1A667E4D1B94}: [DhcpNameServer] 10.100.102.1
Tcpip\..\Interfaces\{7828D661-366E-43A5-973A-8B0DA5E29CC3}: [DhcpNameServer] 213.57.2.5 213.57.22.5
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USREL/1
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://bing.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {56408579-CBE9-40B2-A4C5-808AFF2A63A0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> DefaultScope {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {D5F5BEBD-2505-40C8-ABCE-24611C638040} URL = hxxp://www.bing.com/search?q={searchTerms}&form=OSDSRC
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-23] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-06-23] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-06-23] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-23] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-06-23] (Microsoft Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.isqft.com/Applets/ScriptX/ScriptX.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} hxxps://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.henselphelps.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: HKLM-x32 {DE625294-70E6-45ED-B895-CFFA13AEB044} hxxp://ibeam4019.eairlink.com/activex/AMC.cab
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\32.0.1700.107\npchrome_frame.dll [2014-02-02] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-23] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll [2013-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll [2013-07-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-06-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: @citrixonline.com/appdetectorplugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-02-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: LWAPlugin15.8 -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: panasonic.com/PanasonicDrmPlugin -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Panasonic Avionics Corporation\Panasonic DRM Plugin\1.2.1.0\npPanasonicDrmPlugin.dll [2014-02-06] (Panasonic Avionics Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi.dll [2016-02-26] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin64-16.2 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\npGatewayNpapi-x64.dll [2016-02-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2014-11-25] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected] => not found
 
Chrome: 
=======
CHR Profile: C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RSB3.HENSELPHELPS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S4 Beck Technology Broker; C:\Program Files (x86)\Beck Technology\Beck Technology Client Broker\btbrkrsvc.exe [159744 2012-06-30] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2855152 2016-06-05] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
S4 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\localsch.exe [239776 2015-09-16] (LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.) [File not signed]
S4 kavehost; C:\Program Files (x86)\LANDesk\LDClient\antivirus\kavehost.exe [91992 2012-03-14] (Kaspersky Lab ZAO)
S4 LANDesk® Out-of-Band Monitor Service; C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [1058304 2011-10-14] (LANDesk Software, Inc. and its affiliates.) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$BECKTECHNOLOGY; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-11] (Microsoft Corporation)
S4 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-19] () [File not signed]
S4 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
S4 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)
S4 SnowInventoryClient; C:\Program Files\INVENTORYCLIENT\client64.exe [4822528 2015-10-16] (Snow Software AB) [File not signed]
S4 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [21120 2011-08-09] (SafeNet Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-10-07] (SafeNet Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-25] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-13] (Cisco Systems, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 21:35 - 2016-06-25 21:35 - 00000798 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-06-23 14:54 - 2016-06-23 14:54 - 00002378 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\Word 2016.lnk
2016-06-23 14:54 - 2016-06-23 14:54 - 00002340 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\Excel 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002419 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002383 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002341 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00002320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-23 10:32 - 2016-06-23 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-06-23 10:30 - 2016-06-23 10:51 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-23 10:28 - 2016-06-23 10:28 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-23 08:56 - 2016-06-23 08:56 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2016-06-22 23:15 - 2016-06-22 23:15 - 00002004 _____ C:\Users\Public\Desktop\Bluebeam Revu 2016.lnk
2016-06-22 23:15 - 2016-06-22 23:15 - 00001737 _____ C:\Users\Public\Desktop\Bluebeam Stapler 2016.lnk
2016-06-22 23:08 - 2016-06-22 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
2016-06-22 23:07 - 2016-06-22 23:07 - 00000000 ____D C:\ProgramData\ABBYY
2016-06-22 22:10 - 2016-06-22 22:52 - 1607043568 _____ (Bluebeam Software, Inc.) C:\Users\RSB3.HENSELPHELPS\Downloads\BbRevu2016.1_eXtreme (1).exe
2016-06-22 15:07 - 2016-06-22 15:07 - 00036182 _____ C:\Users\RSB3.HENSELPHELPS\Documents\Yanush - overhead sheet.xlsx
2016-06-22 11:32 - 2016-06-22 11:32 - 00000207 _____ C:\Windows\tweaking.com-regbackup-590W7RSB3-Windows-7-Professional-(64-bit).dat
2016-06-22 11:32 - 2016-06-22 11:32 - 00000000 ____D C:\RegBackup
2016-06-22 10:58 - 2016-06-22 10:58 - 00185921 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2016-06-22 10:58 - 2016-06-22 10:58 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-06-22 10:57 - 2016-06-22 10:57 - 21657496 _____ (Tweaking.com) C:\Users\RSB3.HENSELPHELPS\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-06-22 08:16 - 2016-06-22 08:16 - 00003288 _____ C:\bootsqm.dat
2016-06-22 08:11 - 2016-06-22 08:11 - 00000000 __SHD C:\found.000
2016-06-22 07:43 - 2016-06-25 21:35 - 00813654 _____ C:\Windows\ntbtlog.txt
2016-06-21 22:53 - 2016-06-21 23:22 - 1607043568 _____ (Bluebeam Software, Inc.) C:\Users\RSB3.HENSELPHELPS\Downloads\BbRevu2016.1_eXtreme.exe
2016-06-21 22:47 - 2016-06-21 22:50 - 08192770 _____ (Bluebeam Software, Inc.) C:\Users\RSB3.HENSELPHELPS\Desktop\BbRevu2016.1_eXtreme.exe
2016-06-21 20:42 - 2016-06-22 07:41 - 00000000 ____D C:\Windows\pss
2016-06-21 20:34 - 2016-06-21 20:34 - 00014558 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\cc_20160621_203431.reg
2016-06-21 19:51 - 2016-06-21 19:51 - 00000526 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (5).txt
2016-06-21 18:21 - 2016-06-21 18:21 - 00001391 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (4).txt
2016-06-21 18:20 - 2011-07-15 21:31 - 00022128 _____ (ST Microelectronics) C:\Windows\system32\Drivers\stdcfltn.sys
2016-06-21 17:51 - 2011-04-16 07:00 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-06-21 17:48 - 2016-06-21 17:59 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\dell
2016-06-21 17:47 - 2013-01-24 02:19 - 00057376 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2016-06-21 17:47 - 2006-01-12 15:52 - 00001904 _____ C:\Windows\system32\SetupBD.din
2016-06-21 17:46 - 2013-02-20 22:14 - 00495888 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2016-06-21 17:46 - 2013-02-06 17:17 - 00544568 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2016-06-21 17:46 - 2012-12-06 03:21 - 00073032 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2016-06-21 17:46 - 2012-11-14 04:07 - 00101224 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2016-06-21 17:46 - 2010-09-16 02:00 - 00017776 _____ C:\Windows\EvtMessage.dll
2016-06-21 17:45 - 2013-05-21 23:04 - 00496432 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2016-06-21 17:45 - 2013-03-01 05:29 - 00116056 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2016-06-21 17:40 - 2016-06-21 17:40 - 00420192 _____ () C:\Users\RSB3.HENSELPHELPS\Downloads\DellSystemDetectLauncher.exe
2016-06-21 17:40 - 2016-06-21 17:40 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-06-21 15:25 - 2016-06-21 15:26 - 00057319 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\blow.pdf
2016-06-21 09:00 - 2016-06-21 09:00 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\RSB3.HENSELPHELPS\Downloads\procexp (1).exe
2016-06-21 08:58 - 2016-06-21 08:58 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (3).txt
2016-06-21 08:58 - 2016-06-21 08:58 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (2).txt
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist.txt
2016-06-20 08:16 - 2016-06-20 08:16 - 00003644 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\fixlist (1).txt
2016-06-19 13:19 - 2016-06-19 13:36 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\INTEL ISRAEL
2016-06-19 13:12 - 2016-06-19 13:19 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\Desktop\PROGRAM SHORTCUTS
2016-06-19 11:39 - 2016-06-19 11:39 - 00000000 ____D C:\Windows\CheckSur
2016-06-19 11:31 - 2016-06-23 15:01 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2016-06-19 11:31 - 2016-06-23 08:56 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-06-19 11:30 - 2016-06-19 11:30 - 02218504 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\instspeedfan451.exe
2016-06-19 11:29 - 2016-06-19 11:31 - 564744309 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\Windows6.1-KB947821-v34-x64.msu
2016-06-19 08:53 - 2016-06-22 12:42 - 00015148 _____ C:\VEW.txt
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW.exe
2016-06-19 08:37 - 2016-06-19 08:37 - 00061440 _____ ( ) C:\Users\RSB3.HENSELPHELPS\Downloads\VEW (1).exe
2016-06-19 08:33 - 2016-06-19 08:33 - 02694816 _____ (Sysinternals - www.sysinternals.com) C:\Users\RSB3.HENSELPHELPS\Downloads\procexp.exe
2016-06-19 08:28 - 2016-06-19 08:29 - 05111240 _____ (Piriform Ltd) C:\Users\RSB3.HENSELPHELPS\Downloads\spsetup129.exe
2016-06-17 20:14 - 2016-06-17 20:14 - 00000448 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\spldr.zip
2016-06-17 20:14 - 2016-06-17 20:14 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Downloads\spldr
2016-06-17 13:27 - 2016-06-17 13:30 - 50716384 _____ (Microsoft Corporation) C:\Users\RSB3.HENSELPHELPS\Downloads\Windows-KB890830-x64-V5.37.exe
2016-06-17 13:02 - 2016-06-25 21:39 - 00000000 ____D C:\FRST
2016-06-17 13:02 - 2016-06-17 13:02 - 02386944 _____ (Farbar) C:\Users\RSB3.HENSELPHELPS\Downloads\FRST64.exe
2016-06-15 08:17 - 2016-05-18 19:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-15 08:17 - 2016-05-18 19:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-15 08:17 - 2016-05-12 20:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-15 08:17 - 2016-05-12 18:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-15 08:17 - 2016-05-12 17:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-15 08:17 - 2016-05-12 17:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-15 08:17 - 2016-05-12 16:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-15 08:16 - 2016-06-06 19:58 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-15 08:16 - 2016-06-06 19:50 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-15 08:16 - 2016-06-03 16:05 - 01413120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-15 08:16 - 2016-05-27 16:06 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-06-15 08:16 - 2016-05-22 16:06 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-15 08:16 - 2016-05-14 01:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-15 08:16 - 2016-05-14 01:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-15 08:16 - 2016-05-14 00:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-15 08:16 - 2016-05-14 00:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-15 08:16 - 2016-05-14 00:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-15 08:16 - 2016-05-12 20:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-15 08:16 - 2016-05-12 20:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-15 08:16 - 2016-05-12 20:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 20:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-15 08:16 - 2016-05-12 20:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-15 08:16 - 2016-05-12 20:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-15 08:16 - 2016-05-12 18:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-15 08:16 - 2016-05-12 18:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-15 08:16 - 2016-05-12 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-15 08:16 - 2016-05-12 18:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-15 08:16 - 2016-05-12 17:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-15 08:16 - 2016-05-12 17:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-15 08:16 - 2016-05-12 17:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-15 08:16 - 2016-05-12 17:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-15 08:16 - 2016-05-12 17:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-15 08:16 - 2016-05-12 16:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-12 16:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-15 08:16 - 2016-05-11 20:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-15 08:16 - 2016-05-11 18:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-15 08:16 - 2016-05-11 18:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 18:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-15 08:16 - 2016-05-11 17:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-15 08:16 - 2016-03-09 22:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-06-15 08:16 - 2016-03-09 21:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-06-15 08:15 - 2016-05-24 02:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-15 08:15 - 2016-05-24 01:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-15 08:15 - 2016-05-21 20:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-15 08:15 - 2016-05-21 19:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-15 08:15 - 2016-05-21 01:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-15 08:15 - 2016-05-21 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-15 08:15 - 2016-05-21 01:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-15 08:15 - 2016-05-21 01:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-15 08:15 - 2016-05-21 01:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-15 08:15 - 2016-05-21 01:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 01:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-15 08:15 - 2016-05-21 01:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-15 08:15 - 2016-05-21 00:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-15 08:15 - 2016-05-21 00:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-15 08:15 - 2016-05-21 00:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-15 08:15 - 2016-05-21 00:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-15 08:15 - 2016-05-21 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-15 08:15 - 2016-05-21 00:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-15 08:15 - 2016-05-21 00:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-15 08:15 - 2016-05-21 00:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-15 08:15 - 2016-05-21 00:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-15 08:15 - 2016-05-21 00:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-15 08:15 - 2016-05-21 00:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-15 08:15 - 2016-05-21 00:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-15 08:15 - 2016-05-21 00:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-15 08:15 - 2016-05-21 00:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-15 08:15 - 2016-05-21 00:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-15 08:15 - 2016-05-21 00:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-15 08:15 - 2016-05-21 00:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-15 08:15 - 2016-05-21 00:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-15 08:15 - 2016-05-21 00:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-15 08:15 - 2016-05-21 00:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-15 08:15 - 2016-05-21 00:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-15 08:15 - 2016-05-21 00:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-15 08:15 - 2016-05-21 00:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-15 08:15 - 2016-05-21 00:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-15 08:15 - 2016-05-20 23:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-15 08:15 - 2016-05-20 23:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-15 08:15 - 2016-05-20 23:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-15 08:15 - 2016-04-14 19:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-15 08:15 - 2016-04-14 19:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-15 08:15 - 2016-04-14 19:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-15 08:15 - 2016-04-14 18:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-15 08:15 - 2016-04-14 18:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-15 08:15 - 2016-04-14 18:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-15 08:15 - 2016-04-09 09:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-06-15 08:15 - 2016-04-09 09:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-06-15 08:15 - 2016-04-09 08:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-15 08:15 - 2016-04-09 08:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-13 12:52 - 2016-06-13 12:52 - 00142086 _____ C:\Users\RSB3.HENSELPHELPS\Desktop\cc_20160613_125156.reg
2016-06-13 11:20 - 2016-06-19 11:28 - 00000000 ____D C:\ProgramData\Avira
2016-06-13 11:19 - 2016-06-13 11:20 - 04630840 _____ (Avira Operations GmbH & Co. KG) C:\Users\RSB3.HENSELPHELPS\Downloads\avira_en_av_575e6cb2edd39__ws.exe
2016-06-13 10:30 - 2016-06-13 11:06 - 00000000 ____D C:\Program Files (x86)\LingoCom
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\Windows\SysWOW64\winsys.lng
2016-06-13 10:30 - 2016-06-13 10:30 - 00000928 _____ C:\ProgramData\winsys.lng
2016-06-13 10:30 - 2007-05-03 18:00 - 00081920 _____ C:\Windows\SysWOW64\GkSui20.EXE
2016-06-13 10:29 - 2016-06-13 10:29 - 02796627 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\LingoWare-heb.exe
2016-06-09 18:15 - 2016-06-25 18:38 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForRSB3.job
2016-06-09 18:15 - 2016-06-23 17:32 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForRSB3
2016-06-09 15:59 - 2016-06-09 15:59 - 00002235 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2016-06-08 13:40 - 2016-06-08 13:40 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\HpReg_Backup
2016-06-08 13:33 - 2016-06-09 18:15 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Hewlett-Packard
2016-06-08 13:33 - 2016-06-08 13:33 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:51 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\System.sav
2016-06-08 13:30 - 2016-06-08 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-06-08 13:29 - 2016-06-08 13:29 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\hpqLog
2016-06-08 13:27 - 2016-06-08 13:51 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-06-08 13:26 - 2016-06-08 13:30 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-06-08 13:24 - 2016-06-08 13:24 - 03836976 _____ (Oleg N. Scherbakov) C:\Users\RSB3.HENSELPHELPS\Downloads\HPSupportSolutionsFramework-12.3.11.29.exe
2016-06-05 11:08 - 2016-06-05 11:08 - 00635120 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-06-05 11:08 - 2016-06-05 11:08 - 00390408 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-06-05 11:08 - 2016-06-05 11:08 - 00333080 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-06-05 11:08 - 2016-06-05 11:08 - 00088816 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-06-05 08:55 - 2016-06-05 08:55 - 00439536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-06-05 08:55 - 2016-06-05 08:55 - 00267008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-06-05 08:55 - 2016-06-05 08:55 - 00243480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-06-05 08:55 - 2016-06-05 08:55 - 00085232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-06-01 14:25 - 2016-06-01 14:25 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\New folder
2016-05-29 10:04 - 2016-05-30 12:47 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\ISRAEL Tel Nof Airbase
2016-05-26 14:48 - 2016-05-26 14:48 - 00268800 _____ C:\Users\RSB3.HENSELPHELPS\Downloads\yazdayrr.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-06-25 21:38 - 2013-12-19 02:24 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
2016-06-25 21:37 - 2011-10-26 19:30 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Outlook Files
2016-06-25 21:14 - 2009-07-14 07:45 - 00031312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-06-25 21:14 - 2009-07-14 07:45 - 00031312 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-06-25 21:03 - 2009-07-14 08:13 - 00871934 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-25 21:03 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\inf
2016-06-25 20:59 - 2009-07-14 08:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-25 19:05 - 2014-11-11 10:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-25 18:37 - 2013-03-14 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-06-25 18:37 - 2013-03-14 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-06-24 15:30 - 2011-10-26 16:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-24 03:02 - 2013-03-14 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-06-23 17:34 - 2014-08-17 14:45 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Recover Documents
2016-06-23 16:26 - 2016-05-05 09:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\UAV ISRAEL BEST VALUE
2016-06-23 12:56 - 2016-01-08 16:55 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Desktop Excel Files
2016-06-23 12:51 - 2011-10-26 19:24 - 00165312 _____ C:\Users\RSB3.HENSELPHELPS\AppData\Local\GDIPFONTCACHEV1.DAT
2016-06-23 12:39 - 2009-07-14 07:45 - 01830216 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-23 11:44 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\LiveKernelReports
2016-06-23 10:30 - 2009-07-14 06:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-06-23 08:34 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\rescache
2016-06-23 05:14 - 2011-10-26 19:14 - 00000256 _____ C:\Windows\system32\config\netlogon.ftl
2016-06-22 23:03 - 2011-10-26 19:38 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Downloaded Installations
2016-06-22 22:26 - 2016-03-31 08:55 - 00000496 __RSH C:\Users\RSB3.HENSELPHELPS\ntuser.pol
2016-06-22 22:26 - 2011-10-26 19:21 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS
2016-06-22 22:09 - 2015-01-15 18:39 - 00000000 ____D C:\IT
2016-06-22 21:59 - 2011-10-26 19:16 - 00018610 __RSH C:\ProgramData\ntuser.pol
2016-06-22 21:51 - 2011-10-18 11:48 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-06-22 21:50 - 2009-07-14 08:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-06-22 15:22 - 2016-03-12 16:57 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\OLD UAV Israel
2016-06-22 12:29 - 2009-07-14 05:34 - 00000514 _____ C:\Windows\win.ini
2016-06-22 12:27 - 2011-02-10 17:33 - 00871934 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-06-22 06:49 - 2015-05-30 17:46 - 00000704 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-22 06:49 - 2014-02-14 19:48 - 00000608 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job
2016-06-22 06:49 - 2011-11-02 00:36 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-22 06:49 - 2011-11-02 00:36 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-22 00:02 - 2015-05-30 14:24 - 00000000 ____D C:\Program Files (x86)\QHOCR
2016-06-21 23:33 - 2010-11-21 10:17 - 00000000 ____D C:\Windows\ShellNew
2016-06-21 20:57 - 2015-05-30 17:46 - 00003738 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-21 20:57 - 2011-11-02 00:36 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-06-21 20:57 - 2011-11-02 00:36 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-06-21 20:56 - 2014-02-14 19:48 - 00003642 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391
2016-06-21 18:20 - 2015-11-20 20:11 - 00000000 ___RD C:\Users\RSB3.HENSELPHELPS\iCloudDrive
2016-06-21 18:05 - 2011-10-18 13:18 - 00000000 ____D C:\Program Files\DellTPad
2016-06-21 17:51 - 2011-10-18 13:24 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-21 17:45 - 2011-10-18 11:53 - 00000000 ____D C:\ProgramData\Dell
2016-06-21 17:43 - 2013-11-13 20:33 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Dell Downloads
2016-06-21 17:40 - 2011-11-03 00:45 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\Deployment
2016-06-21 09:12 - 2011-10-18 12:11 - 00000000 ____D C:\ProgramData\Sonic
2016-06-21 09:03 - 2009-07-14 05:34 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts_bak_578
2016-06-21 08:48 - 2012-04-05 18:51 - 00000000 ____D C:\ProgramData\vulScan
2016-06-20 08:18 - 2009-07-14 06:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-06-20 08:01 - 2012-04-05 18:54 - 00000000 ____D C:\ProgramData\LANDeskAV
2016-06-19 13:36 - 2015-02-04 08:35 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Randy Personal June 16
2016-06-19 13:17 - 2016-01-08 17:01 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Desktop\Monti
2016-06-19 13:11 - 2011-10-18 11:30 - 00000000 ____D C:\Users\UpdatusUser
2016-06-19 12:39 - 2013-07-26 23:47 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-19 11:28 - 2014-06-12 20:15 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-19 08:10 - 2009-07-14 08:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-06-17 20:59 - 2014-11-23 09:49 - 00000000 ____D C:\Program Files\Defraggler
2016-06-17 13:38 - 2013-06-11 22:53 - 00000000 ____D C:\Program Files (x86)\Axis Communications
2016-06-17 13:30 - 2011-10-26 18:07 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-17 03:36 - 2014-12-14 08:35 - 00000000 ____D C:\Windows\system32\appraiser
2016-06-17 03:17 - 2013-07-15 17:46 - 00000000 ____D C:\Windows\system32\MRT
2016-06-16 17:21 - 2014-09-14 06:52 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Local\CrashDumps
2016-06-13 19:31 - 2010-11-21 06:27 - 00484008 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-13 11:27 - 2014-12-22 15:59 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Mozilla
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-06-13 11:12 - 2014-11-11 10:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-06-09 16:02 - 2012-02-11 18:27 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\.gimp-2.6
2016-06-08 13:39 - 2014-08-10 10:44 - 00000000 ____D C:\ProgramData\HP
2016-05-29 15:59 - 2014-06-12 01:53 - 00000000 ____D C:\Users\RSB3.HENSELPHELPS\Documents\Intel Israel
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-27 03:00 - 2015-04-07 04:47 - 00000000 ___SD C:\Windows\system32\GWX
 
==================== Files in the root of some directories =======
 
2012-10-03 17:31 - 2013-06-13 17:53 - 7656960 _____ () C:\Program Files (x86)\Common Files\Innovaya BIM Software.msi
2012-08-10 19:33 - 2012-08-10 19:33 - 0000118 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\history.Word.pwcdat
2015-05-14 12:54 - 2015-05-14 12:54 - 0004096 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\keyfile3.drm
2016-06-09 15:59 - 2016-06-09 15:59 - 0002235 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\recently-used.xbel
2014-05-08 18:24 - 2015-03-23 11:50 - 0007624 _____ () C:\Users\RSB3.HENSELPHELPS\AppData\Local\Resmon.ResmonCfg
2014-08-10 10:44 - 2014-08-10 10:44 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-05-08 18:04 - 2015-03-04 08:21 - 0000828 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-01-08 17:28 - 2014-09-16 08:53 - 0000441 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-06-13 10:30 - 2016-06-13 10:30 - 0000928 _____ () C:\ProgramData\winsys.lng
 
Files to move or delete:
====================
C:\Users\RSB3.HENSELPHELPS\ccsetup312.exe
 
 
Some files in TEMP:
====================
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\procexp64.exe
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfamcc00001.dll
C:\Users\RSB3.HENSELPHELPS\AppData\Local\Temp\sfextra.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-06-17 00:32
 
==================== End of FRST.txt ============================

  • 0

#58
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2016 01
Ran by RSB3 (2016-06-25 21:39:55)
Running from C:\Users\RSB3.HENSELPHELPS\Desktop\Utils
Windows 7 Professional Service Pack 1 (X64) (2011-10-26 13:43:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1338001094-3292723480-2479503419-500 - Administrator - Disabled)
cba_anonymous (S-1-5-21-1338001094-3292723480-2479503419-1005 - Limited - Enabled)
Guest (S-1-5-21-1338001094-3292723480-2479503419-501 - Limited - Disabled)
RSB3 (S-1-5-21-1338001094-3292723480-2479503419-1001 - Administrator - Enabled) => C:\Users\RSB3
UpdatusUser (S-1-5-21-1338001094-3292723480-2479503419-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version:  - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.34 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assemble Publisher Add-Ins (HKLM\...\{9D2BDAF2-059B-4D74-BCF5-98A4316B6AC4}) (Version: 2.0.5093 - Assemble Systems)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DWG TrueView 2015 - English (HKLM\...\DWG TrueView 2015 - English) (Version: 20.0.51.0 - Autodesk)
Autodesk MapGuide® Viewer ActiveX Control Release 6.5 (HKLM-x32\...\{E031338C-839D-4EDD-9537-99B653C39D81}) (Version: 6.5.6.11 - Autodesk, Inc.)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Revit 2014 (HKLM\...\Autodesk Revit 2014) (Version: 13.03.08151 - Autodesk)
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
Beck Technology Client Broker (HKLM-x32\...\InstallShield_{E0575819-21B7-4351-8671-7A5EA8A1B02E}) (Version: 2013.1.0.0 - Beck Technology)
Beck Technology Client Broker (x32 Version: 2013.1.0.0 - Beck Technology) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bluebeam Localization x64 (Version: 16.1.0 - Bluebeam Software, Inc.) Hidden
Bluebeam Revu x64 2016.1 (HKLM\...\{50464486-13F5-41CA-AF25-AD56C0DC1D02}) (Version: 16.1.0 - Bluebeam Software, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
C.H.I. Overhead Doors Division 8 Binder (HKLM-x32\...\{53F6F4AA-8D9E-4BFA-8D32-3CE71D62D3CE}) (Version: 1.2.0 - C.H.I. Overhead Doors)
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05152 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05152 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Crystal Reports Runtime (HKLM-x32\...\{974518D4-7C04-4B2D-AADC-0D4F303E275F}) (Version: 1.00.0000 - Autodesk)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dell ControlVault Host Components Installer 64 bit (Version: 2.1.6.214 - Broadcom Corporation) Hidden
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.002 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.002 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Detect (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\58d94f3ce2c27db0) (Version: 7.6.0.4 - Dell)
Dell System Manager (HKLM\...\{FDF509ED-9624-4FDE-9BAA-9566C186AB96}) (Version: 1.6.00000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DellAccess (Version: 01.01.00.072 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
doPDF 7.2 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
DProfiler (HKLM-x32\...\InstallShield_{43D028A6-8D0C-4D6F-AD95-983F0D916FBE}) (Version: 2013.1.0.0 - Beck Technology)
DProfiler (x32 Version: 2013.1.0.0 - Beck Technology) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.235.13 - Dell Inc.)
DWG TrueView 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden
EMBASSY Security Center (Version: 04.03.00.121 - Wave Systems Corp.) Hidden
FARO LS 1.1.408.2 (HKLM-x32\...\{91221AAC-F2A0-4028-8016-C7DAF63CB6CC}) (Version: 4.8.2.25521 - FARO Scanner Production)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FARO LS 4.8.2.25521 (HKLM-x32\...\FARO LS_is1) (Version:  - FARO Technologies)
FileZilla Client 3.16.0 (HKLM-x32\...\FileZilla Client) (Version: 3.16.0 - Tim Kosse)
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GIMP 2.6.12 (HKLM\...\GIMP-2_is1) (Version: 2.6.12 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Chrome Frame (HKLM-x32\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.19.0.5102 (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\GoToMeeting) (Version: 7.19.0.5102 - CitrixOnline)
HASP SRM Run-time (HKLM-x32\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 3.50.1.8213 - Aladdin Knowledge Systems Ltd. ® 1985-2008.)
HEDB Search (HKLM-x32\...\{510FE46E-7A12-4A6B-BC67-D52F1320265A}) (Version: 2.0.0 - RhinoWare)
HP Officejet 7500 E910 Basic Device Software (HKLM\...\{7CF50183-026B-418D-A26C-A254290BD824}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.4.18.7 - HP)
ICE (HKLM-x32\...\ICE) (Version:  - )
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Innovaya BIM Software (HKLM-x32\...\{77308AFD-5146-4B93-94CA-195B70DD5A2E}) (Version: 13.06.13 - Innovaya, LLC)
Innovaya BIM Software (x32 Version: 13.06.13 - Innovaya, LLC) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.70.1205 - Intel Corporation)
Intel® Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
iSqFt Full Viewer V4.01 (HKLM-x32\...\{19A71C4F-94D9-44EA-AC98-FF8A045273AB}) (Version:  - )
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KONICA MINOLTA C554Series(PS_PCL_FAX) (HKLM\...\KONICA MINOLTA C554Series Installer(PS_PCL_FAX)) (Version:  - KONICA MINOLTA)
LANDesk Advance Agent (x32 Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Antivirus (HKLM-x32\...\LANDesk Antivirus) (Version: 9.0.3.45 - LANDesk Software)
LANDesk® Common Base Agent 8 (x32 Version: 9.0.3.5 - LANDesk Software, Ltd) Hidden
Lotus Notes 6 (HKLM-x32\...\{9C7D4FF4-6494-4E7C-ABE5-D850DAC4AFA6}) (Version: 6.00.2269 - IBM)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Marketing Fonts (HKLM\...\{DB5BBA53-18F6-4F1B-B86D-2F4B5BB6503F}) (Version: 1.00 - Hensel Phelps Construction Co.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{3184EDDE-ED8D-4A3F-A575-99BD5FE3A524}) (Version: 15.8.8945.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2048 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6281.1202 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{0CB3B7EE-52C7-4136-AF40-605567D90318}) (Version: 3.0.07.23 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.07.23 - O2Micro International LTD.) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1029 - Microsoft Corporation) Hidden
On-Screen Takeoff (HKLM-x32\...\{028CDFF6-4C1B-4A70-8501-1267F02D2DC0}) (Version: 3.9.0.6 - On Center Software, Inc.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Panasonic DRM Plugin (HKLM-x32\...\{9C267E0B-9058-49D4-96F4-D42056D22B59}) (Version: 1.2.1.0 - Panasonic Avionics Corporation)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 9.0 - PlotSoft LLC)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.03.00.074 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.022 - Wave Systems Corp.) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Revit 2014 (Version: 13.03.08151 - Autodesk) Hidden
Revit 2014 Language Pack - English (Version: 13.03.08151 - Autodesk) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Meetings App (HKLM-x32\...\{240D565E-3537-4048-8920-FAAB2A136A84}) (Version: 16.2.0.23 - Microsoft Corporation)
Snow Inventory Client for Windows (x64) (HKLM\...\{7C22D831-EF1A-4780-B30F-B5AD8618E10B}) (Version: 3.7.03 - Snow Software AB)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VEO (HKLM\...\{8E5F8472-D15D-40C3-B3B1-31EFC90D473B}) (Version: 1.10.2.8 - M-SIX)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.67.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.033 - Wave Systems Corp) Hidden
WDO HEDB Input (HKLM-x32\...\{90AE3C9A-FCD2-4983-8ABA-71AE16C0AA28}) (Version: 2.0.0 - RhinoWare)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7900 - Broadcom Corporation)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinEx Master 8.6 (HKLM-x32\...\ROCTEKWXM_is1) (Version:  - Roctek Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2015 - English\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\RSB3.HENSELPHELPS\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.23\GatewayVersion-x64.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {09BE93C0-E9CA-4B32-BFED-CA650F2C000F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH58T2B0Y1 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {250E59BB-9F93-4776-AAA1-CFB28544380A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {3037077E-2725-44A3-A9A4-E11424DEDC46} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN54B1R13F => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {3BA66887-070C-4E7A-9B22-FED2EB56F8B1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-23] (Microsoft Corporation)
Task: {3C8D347F-62D9-4453-BC5F-08FA11FC4414} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN48E1M09J => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {3FB7CCFA-9DAD-4A73-8A13-B3C5A0DE26E3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4B273B21-7393-4270-8668-6249AD64D28B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {501E0B71-A4F9-4837-B7F8-2A47E420D52B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {7D85EAD0-0B56-4C0C-AA2B-102B9802FEEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {96AC5031-CF00-43D5-A9F2-3A14B2B43303} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN42DB612Q => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {A3E665F0-992B-49AE-8B13-3CDDADBF42E0} - System32\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391 => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe [2016-06-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {AB2B4663-4F80-4390-8766-356B3FFC2DA6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-06-23] (Microsoft Corporation)
Task: {AF9B8701-628E-4295-B929-D0419202C5FF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-05] (Microsoft Corporation)
Task: {B6066635-8E67-4A85-BD9B-D7C5E789B9DC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C6FF5ADC-C18A-4203-9F2B-5A01F779CB29} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {C779DC7B-412E-401E-AB03-D1F70FC57CDE} - System32\Tasks\HPCeeScheduleForRSB3 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {C89F8304-2EC5-49C5-9338-DE6B1187DD3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {CB099B0B-501D-495A-92AC-B408A7C851B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {D206A83A-453F-4C61-ADF2-A7EBBC1688C7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {D2C2A4A7-B2FA-4B2E-886B-0C6CB9DF1636} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {E6E5B1D8-5DD2-4827-A7BF-4AA094B1A9C8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-06-23] (Microsoft Corporation)
Task: {EA5A557B-FAE6-4F7F-BFB2-36E605A68A74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN46SC605T => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-06-08] (HP Inc.)
Task: {EE06BCD0-22ED-471D-BED1-E70235CA2983} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {F046DDE2-EE66-42E8-A24F-89E2351F7F14} - System32\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391 => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe [2016-06-19] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FBE46357-80F8-4A66-B784-4271DE49FAE7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupdate.exe C:\Users\RSB3.HEN
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2903611290-4059586168-1443931954-5841391.job => C:\Users\RSB3.HENSELPHELPS\AppData\Local\Citrix\GoToMeeting\5102\g2mupload.exe C:\Users\RSB3.HEN
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForRSB3.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-10-31 21:17 - 2010-09-21 20:11 - 00015360 _____ () C:\Windows\System32\KOAZ8A_L.DLL
2013-06-14 21:50 - 2009-12-26 04:52 - 00015360 _____ () C:\Windows\System32\KOAYTJ_L.DLL
2011-06-17 17:49 - 2011-06-17 17:49 - 00034304 _____ () C:\Windows\System32\ssp8ml6.dll
2016-06-23 10:28 - 2016-06-05 05:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-06-23 10:32 - 2016-06-23 10:32 - 08919240 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-02-29 13:23 - 2016-02-29 13:23 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-11-11 06:53 - 2010-11-11 06:53 - 00817136 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2011-10-18 13:25 - 2013-12-04 12:22 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2016-06-23 10:32 - 2016-06-23 10:32 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-06-19 12:39 - 2016-06-15 12:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 12:39 - 2016-06-15 12:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
2016-06-23 10:30 - 2016-06-23 10:30 - 00158400 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2016-06-23 10:29 - 2016-06-23 10:30 - 01073856 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-06-23 10:32 - 2016-06-23 10:32 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
2016-06-23 10:32 - 2016-06-23 10:36 - 00467656 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\msfad.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Software\Classes\.scr: DWGTrueViewScriptFile => C:\Windows\system32\notepad.exe "%1"
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\isqft.com -> hxxps://www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\isqft.com -> www.isqft.com
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\samsungsetup.com -> hxxp://www.samsungsetup.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\123simsen.com -> www.123simsen.com
 
There are 7856 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2016-06-22 12:30 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Control Panel\Desktop\\Wallpaper -> C:\Users\RSB3.HENSELPHELPS\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.100.102.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Beck Technology Broker => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Credential Vault Host Control Service => 2
MSCONFIG\Services: Credential Vault Host Storage => 2
MSCONFIG\Services: dcpsysmgrsvc => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: Intel Local Scheduler Service => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: kavehost => 2
MSCONFIG\Services: LANDesk® Out-of-Band Monitor Service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: nvUpdatusService => 2
MSCONFIG\Services: O2SDIOAssist => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SBSDWSCService => 2
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Services: SentinelKeysServer => 2
MSCONFIG\Services: SentinelProtectionServer => 2
MSCONFIG\Services: SnowInventoryClient => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: tcsd_win32.exe => 2
MSCONFIG\Services: TdmService => 2
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: Wave Authentication Manager Service => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^Users^RSB3.HENSELPHELPS^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: BbInstallUser_2016 => C:\Program Files\Bluebeam Software\Bluebeam Revu\2016\Pushbutton PDF\Bluebeam Admin User.exe
MSCONFIG\startupreg: BbPrintMonitor_2016 => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\2016\Brewery\V45\Printer Support\BBPrint.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: FreeFallProtection => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MSCONFIG\startupreg: GoToMeeting => "C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Officejet 7500 E910 (NET) => "C:\Program Files\HP\HP Officejet 7500 E910\Bin\ScanToPCActivationApp.exe" -deviceID "MY3CG4101H05JB:NW" -scfn "HP Officejet 7500 E910 (NET)" -AutoStart 1
MSCONFIG\startupreg: iCloudDrive => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
MSCONFIG\startupreg: iCloudPhotos => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TdmNotify => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{09DC3A69-14F5-4F76-850A-43738484FE45}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{92A633B8-C7F1-45EF-B05F-0710BE9CB274}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CEA6EEE4-ECC1-4488-B3A4-A28AC603AFC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F3F9491E-7075-4ECB-8D0E-11FB6673AAC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{94559D38-1D98-4894-8437-8FE2FF39D17B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D43D0FE8-AA0E-4BF9-A063-EF14B553D74A}] => (Allow) LPort=2869
FirewallRules: [{6B106493-479F-4B88-8BB7-E7E9F84C2440}] => (Allow) LPort=1900
FirewallRules: [{87F28516-97DF-4E24-8221-98546F44C26A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9AD703F9-B18A-4A13-94E0-923C0777C1AE}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{4F597DDC-9DA9-4B1D-A4DF-831C8CAE2976}] => (Allow) C:\Program Files (x86)\MC² Software\ice.exe
FirewallRules: [{51D40BC4-848F-4421-B8D0-A20C08416122}] => (Allow) C:\Program Files (x86)\MC² Software\ice.exe
FirewallRules: [{C200DFBF-E53C-45A2-B095-00FE74ADCB8C}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{D150C8EB-DA4C-4779-BA38-7642DA94F6BC}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{35EF6013-5AAD-4D96-B77F-24E2B3246054}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{E704DE47-FCEC-4BC6-A614-FC0C4DCA7DA2}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{2CF56BB3-0C81-45BB-9DCA-ABB70F851FA8}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{8F21FE6A-D366-4D58-B592-058D892AE0B5}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{CCF7AC55-7D97-4A22-90EF-39E7353956C9}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{22F09475-889E-48BA-9F0A-76BA9782FD2D}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{6605B5F7-C9F5-4F3A-AE85-00A6FC14D24B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{81B0251A-A135-45C8-930C-8D0696BCA691}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{3DD5C678-CCCB-419B-993E-AB05E5AF167F}] => (Allow) LPort=1947
FirewallRules: [{5C42A92D-0DA0-42A9-95E1-6CB365581235}] => (Allow) LPort=1947
FirewallRules: [TCP Query User{EB5ADA33-8801-4A37-BAAD-43D575762C03}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [UDP Query User{D10D20DA-132B-42FF-BA7A-4A8411F36670}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [{D01B929B-2072-4CD6-9EF4-678F33E40964}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{BD9F41FB-FDE2-4782-A5DD-8F0A2F5D35F5}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
FirewallRules: [{6449FC24-6222-47EC-9B3A-8D326A3D0E78}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{17DB7700-B1E9-45B9-A9F2-57B5676E3E13}] => (Allow) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
FirewallRules: [{9DF12F63-2D8D-4587-97B0-36F0F3674A36}] => (Allow) LPort=18081
FirewallRules: [TCP Query User{1E81EC20-0EF0-4CCE-8472-C1BAD06CC22F}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [UDP Query User{6FC2C4BD-D8E8-45A1-9576-EFF440CF956D}C:\program files (x86)\mc² software\icelicsv.exe] => (Allow) C:\program files (x86)\mc² software\icelicsv.exe
FirewallRules: [{C2412DA9-FF8D-4E99-A9ED-41FE021F7ECC}] => (Allow) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [{3382B3FF-DA91-4780-9718-11281A29D1F5}] => (Allow) C:\Users\RSB3.HENSELPHELPS\AppData\Local\Akamai\netsession_win.exe
FirewallRules: [TCP Query User{5886D275-87A4-45E9-8BD8-47B75537264D}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{AD757494-5EE2-4350-A530-BC0D436D3842}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{A607C44D-B3D9-4FC2-B00D-FFEEFDC22046}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{A275070F-328E-4629-8D7D-64FE989300CF}C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\rsb3.henselphelps\appdata\local\akamai\netsession_win.exe
FirewallRules: [{BD5F3C63-2E54-4E1C-8277-1925E7A3AE66}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8216FDC2-4CCE-4F52-9E55-1133BCE2650F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1622D060-31E4-49DD-8BDE-1DFBE5FC91AD}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{09C394A8-9460-4474-9AF5-0BAFEFD62018}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [TCP Query User{10791C5C-D6A9-47DA-9514-7778B57F1498}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{7C98427B-EF00-4FFE-B1EC-A7AA3FC737EC}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [TCP Query User{ADC9A384-FDE8-4358-96D4-4B5F45AF9E88}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{20B02D3A-ED8E-4D59-B70B-8F58164EC818}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{AD8A1122-DFE0-46D1-B3C0-11E00985D904}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\FaxApplications.exe
FirewallRules: [{75F2F4F3-A3BE-4206-9AE0-874647E1FC81}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\DigitalWizards.exe
FirewallRules: [{6058E809-3541-4F0A-BD96-904FA53B9B8A}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\bin\SendAFax.exe
FirewallRules: [{4DB50116-59B8-47AF-B5D5-399F726A7BC9}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\DeviceSetup.exe
FirewallRules: [{34AC213D-AAAC-402B-97CA-15F1650482D8}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicator.exe
FirewallRules: [{7398540A-0622-41F5-9094-D06E47AEA122}] => (Allow) C:\Program Files\HP\HP Officejet 7500 E910\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{B53BFB45-C813-4D75-BF43-DDE85EBB79E7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{1A3B1A4D-88F9-4EBF-879E-A7461AC3B42B}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{E7DCB63D-BC31-4AD6-8802-86B0237092D7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{F55F3AFE-8681-4B75-A865-8BF9461D7D6C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{0A3B9598-88BB-4208-9895-EE02CEDF8380}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{1F39A7DB-1A70-42FA-81E9-66E975EB5956}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{EEA7D928-327A-488E-BA44-C7BC2A27E11C}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{A6347896-E600-4FB7-B964-51013F661237}C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{BB637511-33DB-406F-B22D-53EE0C6D41FF}] => (Block) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{FEE9DD08-210A-4DCA-ABFF-4CB9EECF99CB}] => (Block) C:\users\rsb3.henselphelps\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [TCP Query User{2CB8F0CC-1735-4443-A495-4D43FBE93A8A}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [UDP Query User{70436D8B-93B5-484E-B55D-7C6DFCF4F700}C:\program files\m-six\veo\veo.exe] => (Allow) C:\program files\m-six\veo\veo.exe
FirewallRules: [{B0492D2A-A6F9-4B93-83E5-3DE92D8C13AE}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{542BDFBC-B020-4A18-8F69-40F0DD24AA9B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{791998C7-3738-4DF5-81D2-234F807CD9FA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BAA3C795-1A22-4865-99BD-6CC53456811C}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{16FBB992-2217-4417-829B-818E7846C4EB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{51CEFA99-5114-4623-B0F4-580DD62D2329}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0E195DAB-2688-4FE0-9CA6-C10FD4DEAAAB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2223CA30-8027-4DB9-93FB-30D7115384BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B0CE9D5B-7B0B-49D1-9730-4B7923CD105E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{12CEF7A5-066D-442B-AF11-0D89AC89F010}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDE7754C-7632-49F2-9A84-400D55F52244}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{76D0BC88-557A-4D15-A6BD-F2EB58C4F4FB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0245A02C-F8EC-44BE-ACA0-D086B560A640}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{BE5484A7-453F-4382-8D16-27919956217E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{3C155DB7-67A3-4138-93DC-82DD3F9956C3}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{AA078FF6-6B06-4A31-A992-CBDF60F939EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6026D766-CEC1-45E2-A51B-E79D50F99064}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{EF0C789F-4811-4240-92F0-08750F7C880F}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{3685C7CE-BBD3-44E7-8E33-70CC3F688465}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{83CEF9FF-A2EF-4655-B8EF-6C879FB3CC9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E113DA9F-1C9E-45D7-A2A9-48E7E5841F5B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
 
==================== Restore Points =========================
 
24-06-2016 03:00:30 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: LANDesk Remote Control Mirror Driver
Description: LANDesk Remote Control Mirror Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: LANDesk Software, Inc.
Service: ldmirror
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: Integrated Webcam
Description: USB Video Device
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/25/2016 09:09:25 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (06/25/2016 09:01:19 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/25/2016 08:59:23 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:22 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (06/25/2016 08:59:21 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (06/25/2016 09:00:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HENSELPHELPS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (06/25/2016 08:59:22 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (06/25/2016 08:59:22 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HENSELPHELPS due to the following: 
%%1311 = There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (06/25/2016 08:10:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (06/25/2016 08:10:59 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (06/25/2016 08:10:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/25/2016 08:10:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/25/2016 08:09:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
Error Code: 21
 
Error: (06/25/2016 08:08:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
spldr
Wanarpv6
 
Error: (06/25/2016 08:08:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Application Identity service depends on the AppID Driver service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 6025.02 MB
Available physical RAM: 3486.6 MB
Total Virtual: 12048.21 MB
Available Virtual: 9321.14 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.98 GB) (Free:144.76 GB) NTFS
Drive f: (CORSAIR) (Removable) (Total:115.05 GB) (Free:56.21 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 64582CAE)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 115.1 GB) (Disk ID: 89577FF5)
Partition 1: (Not Active) - (Size=115.1 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#59
cloroxmartini

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 134 posts

looks like my post didn't make it. I can't uninstall LANdesk (don't know how) and I did uninstall the printer. Will reinstall if I need it.


  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,021 posts
  • MVP

Speccy log didn't work.  Looks like garbage.

 

We can remove LANDesk with FRST fixlist if you like tho I would think that the uninstall should work (tho you need to check the LANDESK entries in msconfig before trying to uninstall them.)  If this is required for work then your IT people should have a copy for you.

 

This line

2016-06-22 08:11 - 2016-06-22 08:11 - 00000000 __SHD C:\found.000

 

 

is where the disk check put the files that it recovered.  Let's see if what it found is any use:

 

Copy the next 2 lines:

 
dir /a C:\found.000 > \junk.txt
notepad \junk.txt
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator.  Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP