I am getting reimageplus.com popups semi-randomly. It seems to happen when I first open a Chrome windows but I haven't been able to determine a pattern after that.
I ran a Malwarebytes scan and here is the log:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/25/2016 Scan Time: 9:42 AM Logfile: Malwarebytes1.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.25.03 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: aschreiner Scan Type: Threat Scan Result: Completed Objects Scanned: 575549 Time Elapsed: 30 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 2 PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [e93ec839fd9d3105b8208e48e41fd42c], PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [3fe86e934a50b2848c4c5d790201cd33], Registry Values: 2 PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 0, Quarantined, [e93ec839fd9d3105b8208e48e41fd42c] PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 0, Quarantined, [3fe86e934a50b2848c4c5d790201cd33] Registry Data: 4 PUM.Optional.ConnectionControlRestriction, HKLM\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab, 1, Good: (0), Bad: (1),Replaced,[d05745bc0793092d2ea3df96b3512cd4] PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[9f880cf54a50999d57490075f11314ec] PUM.Optional.ConnectionControlRestriction, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|ConnectionsTab, 1, Good: (0), Bad: (1),Replaced,[091e05fcf8a2d5612ca5a7ce07fdb44c] PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DisableConfig, 1, Good: (0), Bad: (1),Replaced,[fe29e31ea7f30333c1df6411da2ab050] Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
I then ran a second Malwarebytes scan that came back clear:
Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/25/2016 Scan Time: 2:56 PM Logfile: Malwarebytes2.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.25.04 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: aschreiner Scan Type: Threat Scan Result: Completed Objects Scanned: 575763 Time Elapsed: 23 min, 59 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
I thought this may have solved the issue but it appears it hasn't. Here is my FRST scan log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-06-2016 02 Ran by aschreiner (administrator) on B705875 (27-06-2016 09:37:49) Running from C:\Users\aschreiner\Desktop Loaded Profiles: UpdatusUser & aschreiner (Available Profiles: UpdatusUser & Administrator & altdspcsvc & aschreiner & DefaultAppPool) Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe (Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Algorithmic Research Ltd.) C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe (Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.Hosts.AgentService.exe (Ultimate Net Tools) C:\Program Files (x86)\Common Files\Ultimate Net Tools\Auto Close Idle Updater\ACIUpdater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\cyserver.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\CyveraService.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (Avaya Inc.) C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe (www.printerlogic.com) C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\bin\PrinterInstallerClientLauncher.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\ramkMsgKernelSvc.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe (Intergraph PPM) C:\Win32App\INGR\SPLM\Bin\pdlice.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tda.exe (Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\tdawork.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe (X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe (www.printerlogic.com) C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\PrinterInstallerClient.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Altiris, Inc.) C:\Program Files\Altiris\Dagent\dagent.exe (WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (Flexera Software LLC) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe (Flexera Software LLC) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Apache Software Foundation) C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\raOSGi.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (Lenovo) C:\Program Files (x86)\Lenovo\ThinkPad WiFi Radio Control\WiFiRadioControl.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\daq.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe () C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Palo Alto Networks, Inc.) C:\Program Files\Palo Alto Networks\Traps\cytray.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Sepialine) C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.DesktopClient.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Igor Nys) C:\Users\aschreiner\AppData\trayit_4_6_5_5\TrayIt!.exe (www.printerlogic.com) C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\bin\PrinterInstallerClientInterface.exe (O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Condusiv Technologies) C:\Program Files\Condusiv Technologies\V-locity Endpoint\VService.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe (Absolute Software Corp.) C:\Windows\SysWOW64\AbtSvcHost_.exe () C:\ProgramData\Rpcnet\Bin\rpcld.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\UcMapi.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (LastPass) C:\Program Files (x86)\LastPass\nplastpass.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2015-05-27] (LogMeIn, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810096 2014-03-16] (Synaptics Incorporated) HKLM\...\Run: [Cyvera] => C:\Program Files\Palo Alto Networks\Traps\cytray.exe [536928 2015-11-10] (Palo Alto Networks, Inc.) HKLM-x32\...\Run: [CitrixReceiver] => [X] HKLM-x32\...\Run: [ConnectionCenter] => [X] HKLM-x32\...\Run: [Redirector] => [X] HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\BusinessMessaging.exe [3219456 2016-06-25] (Malwarebytes) HKLM Group Policy restriction on software: %UserProfile%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\*\fax*.exe <====== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\fax*.exe <====== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\*\*\fax*.exe <====== ATTENTION HKLM Group Policy restriction on software: %Temp%\*\fax*.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Windows\system32\fgdump.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Windows\system32\servpw.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Windows\system32\ncc.dat <====== ATTENTION HKLM Group Policy restriction on software: C:\Windows\system32\PWdump.exe <====== ATTENTION HKLM Group Policy restriction on software: C:\Windows\system32\nc.dat <====== ATTENTION HKLM Group Policy restriction on software: %Temp%\*.scr <====== ATTENTION HKLM Group Policy restriction on software: C:\windows\Psexesvc.exe <====== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %Temp%\fax*.exe <====== ATTENTION HKLM Group Policy restriction on software: %UserProfile%\*\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %Temp%\*\*.scr <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23496872 2016-05-17] (Google) HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB) HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\Run: [GoogleChromeAutoLaunch_87A70C93CE94F8995F990262CEA6D1BC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.) HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\Policies\system: [RunLogonScriptSync] 1 HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {08ff1e90-09d5-11e6-92de-5cc5d404e155} - H:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {5821b02b-1aab-11e5-95ce-54ee753fdd77} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {6b71a0ae-0902-11e6-8116-5cc5d404e155} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {6d97aa78-4d70-11e5-b61f-54ee753fdd77} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {784a56ae-742d-11e5-bc6d-54ee753fdd77} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {86ca6cea-3fa9-11e5-a1d3-54ee753fdd77} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {b350dcc6-c154-11e4-bd83-5cc5d404e155} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {b4477812-03fb-11e6-a3ba-5cc5d404e155} - G:\win\setup.exe -phs HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {e798efe6-c77f-11e5-8ac6-5cc5d404e155} - G:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MountPoints2: {eaacad6b-c5ad-11e4-a356-00059a3c7a00} - E:\VZW_Software_upgrade_assistant.exe HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\GPhotos.scr [4587520 2015-10-13] (Google Inc.) HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1310088 2015-01-27] (Autodesk, Inc.) HKU\S-1-5-18\...\Policies\Explorer: [] AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-28] (NVIDIA Corporation) AppInit_DLLs-x32: C:\WINDOWS\SYSWOW64\NVINIT.DLL => C:\WINDOWS\SYSWOW64\NVINIT.DLL [201576 2013-10-28] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-05-17] (Google) ShellIconOverlayIdentifiers: [AccellionHandler1] -> {D927FA16-4560-4EBA-B534-127CF823B89E} => C:\Program Files\Accellion\kitedrive\AccellionIconOverlays.dll [2014-11-17] (Accellion) ShellIconOverlayIdentifiers: [AccellionHandler2] -> {3652A8BF-9A09-4663-975B-C413B10977BE} => C:\Program Files\Accellion\kitedrive\AccellionIconOverlays.dll [2014-11-17] (Accellion) ShellIconOverlayIdentifiers: [AccellionHandler3] -> {BE298E1F-8884-4E8E-A125-42ACC47A092F} => C:\Program Files\Accellion\kitedrive\AccellionIconOverlays.dll [2014-11-17] (Accellion) ShellIconOverlayIdentifiers: [AccellionHandler4] -> {9BDB2FD0-BC0F-4134-AF93-A18C11694E59} => C:\Program Files\Accellion\kitedrive\AccellionIconOverlays.dll [2014-11-17] (Accellion) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2015-02-05] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) Startup: C:\Users\aschreiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneDrive for Business.lnk [2016-06-20] ShortcutTarget: OneDrive for Business.lnk -> C:\Program Files\Microsoft Office 15\root\office15\GROOVE.EXE (Microsoft Corporation) Startup: C:\Users\aschreiner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TrayIt!.lnk [2016-04-04] ShortcutTarget: TrayIt!.lnk -> C:\Users\aschreiner\AppData\trayit_4_6_5_5\TrayIt!.exe (Igor Nys) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 10.3.35.120 10.8.35.120 Tcpip\..\Interfaces\{1EB45DD6-BB51-4EA7-91ED-6E75443A2637}: [DhcpNameServer] 209.222.18.222 209.222.18.218 Tcpip\..\Interfaces\{2E4026C3-4397-46F8-A2DD-43DB8C6DBA73}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{782B81D3-6CD1-488D-AF7F-E06D6D2ADEC8}: [DhcpNameServer] 10.3.35.120 10.8.35.120 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/ HKU\S-1-5-21-1277301177-2924182014-3333776039-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet/ HKU\S-1-5-21-1277301177-2924182014-3333776039-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/ HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet/ HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intranet/ HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie SearchScopes: HKU\S-1-5-21-433564024-1784799946-3432143216-187969 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_92\bin\ssv.dll [2016-06-13] (Oracle Corporation) BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2015-07-06] (Cisco WebEx LLC) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-02] (LastPass) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_92\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-18] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-06-13] (Oracle Corporation) BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2015-07-06] (Cisco WebEx LLC) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-02] (LastPass) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-12-15] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-06-13] (Oracle Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-02] (LastPass) Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2015-07-06] (Cisco WebEx LLC) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM - DL Toolbar - {5E954256-9B33-430F-BB20-77AC5B30533B} - C:\Program Files (x86)\ColumbiaSoft\Document Locator\Client\64BIT\CSSLocatorSearch.dll [2015-04-21] (ColumbiaSoft Corporation) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-02] (LastPass) Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2015-07-06] (Cisco WebEx LLC) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - DL Toolbar - {5E954256-9B33-430F-BB20-77AC5B30533B} - C:\Program Files (x86)\ColumbiaSoft\Document Locator\Client\CSSLocatorSearch.dll [2015-04-21] (ColumbiaSoft Corporation) Toolbar: HKU\S-1-5-21-433564024-1784799946-3432143216-187969 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated) DPF: HKLM-x32 {529D447D-B36F-448F-A7D8-FB50EF58CA87} hxxp://brava.burnsmcd.com:8080/BravaSDK/ActiveX/viewer/client/BravaClientXWrapper.cab DPF: HKLM-x32 {A644122F-80E1-4AD1-B2E9-4F267FC58517} hxxp://brava.burnsmcd.com:8080/IGC/BravaClientXWrapper.cab DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1753 Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-23] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2015-04-08] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.92.2 -> C:\Program Files\Java\jre1.8.0_92\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation) FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-02] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems) FF Plugin: printerlogic.com/PrinterInstallerClientPlugin_x86_64 -> C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\bin\npPrinterInstallerClientPlugin64.dll [2014-01-10] (PrinterLogic) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2015-04-08] (Citrix Systems, Inc.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-06-13] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-06-13] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-02] (LastPass) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-18] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-23] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-28] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-28] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems) FF Plugin-x32: printerlogic.com/PrinterInstallerClientPlugin -> C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\bin\npPrinterInstallerClientPlugin32.dll [2014-01-09] (PrinterLogic) FF Plugin HKU\S-1-5-21-433564024-1784799946-3432143216-187969: @tools.google.com/Google Update;version=3 -> C:\Users\aschreiner\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin HKU\S-1-5-21-433564024-1784799946-3432143216-187969: @tools.google.com/Google Update;version=9 -> C:\Users\aschreiner\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-06-15] Chrome: ======= CHR Profile: C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-03-01] CHR Extension: (Google Slides) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-06-25] CHR Extension: (Google Docs) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02] CHR Extension: (Google Drive) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgjjammlemhdcocpejaompfoojnjjfn [2016-06-23] CHR Extension: (YouTube) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-06-27] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-01] CHR Extension: (Google Search) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-03-02] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-01-21] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-03-02] CHR Extension: (Google Sheets) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02] CHR Extension: (Plex) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2016-04-12] CHR Extension: (Chrome Remote Desktop) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-06-04] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-04] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-24] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2016-06-23] CHR Extension: (Google Play Music) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-06-07] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\idmmhhijggcmbeejedibpdcahpkneegg [2016-03-04] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-02] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lppkddfmnlpjbojooindbmcokchjgbib [2016-05-11] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikomkkhhpfoeamojhhgpfkpkdlfhfii [2015-03-02] CHR Extension: (Chrome Web Store Payments) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojohjpgmcfnholboljmkbcchbipcbci [2016-01-17] CHR Extension: (Late Night) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm [2015-03-02] CHR Extension: (Gmail) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR Extension: (Easy Auto Refresh) - C:\Users\aschreiner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-06-24] CHR HKLM\...\Chrome\Extension: [bfgjjammlemhdcocpejaompfoojnjjfn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKU\.DEFAULT\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bfgjjammlemhdcocpejaompfoojnjjfn] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-433564024-1784799946-3432143216-187969\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bfgjjammlemhdcocpejaompfoojnjjfn] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 1784-PCIDS DeviceNet; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [116952 2015-11-10] (Rockwell Automation) R2 AbtSvcHost; C:\Windows\SysWOW64\AbtSvcHost_.exe [84888 2015-10-09] (Absolute Software Corp.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated) R2 Altiris Deployment Agent; C:\Program Files\Altiris\Dagent\dagent.exe [2044416 2013-11-22] (Altiris, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ARcltsrv; C:\Program Files\ARX\ARX CryptoKit\utils\ARcltsrv.exe [117856 2010-12-12] (Algorithmic Research Ltd.) R2 ArgosAgentSvc; C:\Program Files (x86)\Sepialine\Argos7\Agent\Agent.Hosts.AgentService.exe [26120 2016-01-15] (Sepialine) R2 AutoCloseIdleUpdater; C:\Program Files (x86)\Common Files\Ultimate Net Tools\Auto Close Idle Updater\ACIUpdater.exe [456816 2013-07-10] (Ultimate Net Tools) R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1775288 2015-10-27] (Microsoft Corporation) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe [68488 2016-04-14] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation) R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [672440 2015-10-27] (Microsoft Corporation) R2 CyServer; C:\Program Files\Palo Alto Networks\Traps\cyserver.exe [162144 2015-11-10] (Palo Alto Networks, Inc.) R2 CyveraService; C:\Program Files\Palo Alto Networks\Traps\CyveraService.exe [570720 2015-11-10] (Palo Alto Networks, Inc.) S3 EmuLogix 5868 Slot2; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\\V24\EmuLogix5868.exe [3269848 2015-11-10] (Rockwell Automation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1443632 2014-03-10] (Flexera Software LLC) R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [157184 2015-12-01] (Rockwell Automation, Inc.) R2 FTAE_Archiver; C:\Program Files (x86)\Common Files\Rockwell\FTAEArchiver.exe [72920 2015-10-21] (Rockwell Automation, Inc.) R2 FTAE_HistServ; C:\Program Files (x86)\Common Files\Rockwell\FTAE_HistServ.exe [158936 2015-10-21] (Rockwell Automation, Inc.) R2 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [226240 2015-06-16] () R2 ftscanmgr; C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] () R2 FTSysDiagSvcHost; C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe [76504 2015-07-06] (Rockwell Automation, Inc.) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [795664 2016-05-25] (Garmin Ltd. or its subsidiaries) R2 hasplms; C:\Windows\system32\hasplms.exe [4412872 2012-08-23] (SafeNet Inc.) R2 iClarityQoSService; C:\Program Files (x86)\Common Files\Avaya\QoS\QosServM.exe [1660416 2015-02-12] (Avaya Inc.) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [419336 2016-06-10] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [509448 2016-06-10] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2015-05-27] (LogMeIn, Inc.) S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [82648 2015-10-25] (Rockwell Automation, Inc.) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2015-09-25] (Microsoft Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-03-25] (Microsoft Corporation) R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.) R2 MSSQL$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374336 2016-03-25] (Microsoft Corporation) R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [94208 2014-06-25] (Softex Inc.) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PrinterInstallerLauncher; C:\Program Files (x86)\Printer Properties Pro\Printer Installer Client\bin\PrinterInstallerClientLauncher.exe [736984 2016-05-19] (www.printerlogic.com) R2 radaq; C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\daq.exe [5337576 2015-11-03] (Rockwell Automation, Inc.) R2 ramkMsgKernelSvc; C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\ramkMsgKernelSvc.exe [51176 2015-11-03] (Rockwell Automation, Inc.) R2 raOSGi; C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\raOSGi.exe [86528 2015-11-03] (Apache Software Foundation) [File not signed] R2 RemoteServerWin; C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [4340992 2016-03-22] (Unified Intents AB) R2 RnaAeServer; C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe [165592 2015-10-21] (Rockwell Automation, Inc.) R2 RnaAlarmMux; C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe [736472 2015-10-21] (Rockwell Automation, Inc.) R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [112128 2015-08-15] (Rockwell Automation, Inc.) R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [209920 2015-08-15] (Rockwell Automation, Inc.) S3 RSLinx; C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE [3319000 2015-10-30] (Rockwell Automation, Inc.) R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [308440 2015-10-25] (Rockwell Automation, Inc.) S3 SimModuleService; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [102616 2015-11-10] () S3 smstsmgr; C:\Windows\CCM\TSManager.exe [317624 2015-10-27] (Microsoft Corporation) R2 SPLM - SmartPlant Licensing Manager; C:\Win32App\INGR\SPLM\bin\pdlice.exe [450641 2010-06-23] (Intergraph PPM) [File not signed] S4 SQLAgent$FTVIEWX64TAGDB; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation) R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [747800 2015-12-14] (DEVGURU Co., LTD.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH) R2 TrapsDumpAnalyzer; C:\Program Files\Palo Alto Networks\Traps\tda.exe [209760 2015-11-10] (Palo Alto Networks, Inc.) R2 V-locity; C:\Program Files\Condusiv Technologies\V-locity Endpoint\VService.exe [2683152 2014-05-28] (Condusiv Technologies) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [47504 2014-06-13] (Synaptics Incorporated) R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.) R2 WiFiRadioControl; C:\Program Files (x86)\Lenovo\ThinkPad WiFi Radio Control\WiFiRadioControl.exe [48192 2011-12-01] (Lenovo) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [533208 2015-08-19] (VMware, Inc.) R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [203088 2011-10-11] (X-Rite Inc.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation) S3 EmuLogix 5868 Slot0; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /0 [X] S3 EmuLogix 5868 Slot1; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /1 [X] S3 EmuLogix 5868 Slot10; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /10 [X] S3 EmuLogix 5868 Slot11; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /11 [X] S3 EmuLogix 5868 Slot12; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /12 [X] S3 EmuLogix 5868 Slot13; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /13 [X] S3 EmuLogix 5868 Slot14; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /14 [X] S3 EmuLogix 5868 Slot15; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /15 [X] S3 EmuLogix 5868 Slot16; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /16 [X] S3 EmuLogix 5868 Slot3; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /3 [X] S3 EmuLogix 5868 Slot4; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /4 [X] S3 EmuLogix 5868 Slot5; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /5 [X] S3 EmuLogix 5868 Slot6; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /6 [X] S3 EmuLogix 5868 Slot7; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /7 [X] S3 EmuLogix 5868 Slot8; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /8 [X] S3 EmuLogix 5868 Slot9; "C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe" /9 [X] R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AKSIFDH; C:\Windows\System32\DRIVERS\aksifdh.sys [62632 2008-07-30] (Aladdin Knowledge Systems, Ltd.) R3 btmaudio; C:\Windows\System32\drivers\btmaud.sys [88376 2013-03-18] (Motorola Solutions, Inc.) R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.) R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.) R1 CyveraK; C:\Program Files\Palo Alto Networks\Traps\cyverak.sys [193280 2015-11-10] (Palo Alto Networks, Inc.) R1 Cyvrfsfd; C:\Program Files\Palo Alto Networks\Traps\cyvrfsfd.sys [27392 2015-11-10] (Palo Alto Networks, Inc.) R1 cyvrmtgn; C:\Program Files\Palo Alto Networks\Traps\cyvrmtgn.sys [167168 2015-11-10] (Palo Alto Networks, Inc.) R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [41712 2014-01-16] (Condusiv Technologies) R3 DKRtWrt; C:\Windows\system32\drivers\DKRtWrt.sys [53520 2014-05-20] (Condusiv Technologies) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495888 2013-05-06] (Intel Corporation) S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [323584 2012-10-06] (SafeNet Inc.) R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-01] (Intel Corporation) R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [142280 2013-10-19] (Intel Corporation) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2015-05-27] (LogMeIn, Inc.) S4 LMIRfsClientNP; no ImagePath R2 mgdrv; C:\Windows\system32\drivers\mgdrv.sys [62712 2013-04-10] (Moxa Inc. ) R2 mgdrvfilter; C:\Windows\system32\drivers\mgdrvfilter.sys [43768 2013-04-10] (Moxa Inc. ) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation) R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3603424 2014-01-28] (Intel Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-28] (NVIDIA Corporation) R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [195768 2013-08-16] (O2Micro ) R1 OMNISMI; C:\Windows\SysWOW64\drivers\omnismi.sys [14776 2014-06-24] () R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation) S3 radpms; C:\Windows\System32\DRIVERS\radpms.sys [14944 2015-05-27] (LogMeIn, Inc.) U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [423128 2013-07-24] (Realsil Semiconductor Corporation) S2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-16] (Synaptics Incorporated) S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [63528 2011-05-27] (SafeNet, Inc.) R1 soldisk5; C:\Windows\system32\drivers\soldisk5.sys [230592 2013-12-12] (EldoS Corporation) R1 solfs5; C:\Windows\system32\drivers\solfs5.sys [418496 2013-12-12] (EldoS Corporation) S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [42112 2016-04-25] (Samsung Electronics Co., Ltd.) S3 U2SP; C:\Windows\System32\DRIVERS\u2s2kxp64.sys [91008 2010-05-27] (Magic Control Technology Corp.) R3 uvhid; C:\Windows\System32\DRIVERS\uvhid.sys [25592 2015-11-11] (Windows (R) Win 7 DDK provider) R1 vintmfs; C:\Windows\system32\drivers\vintmfs.sys [27376 2013-11-21] (Condusiv Technologies) R0 vintmsd; C:\Windows\System32\drivers\vintmsd.sys [145136 2013-11-21] (Condusiv Technologies) R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2015-02-26] (Rockwell Automation) S3 XRNBO; c:\windows\SysWOW64\drivers\XRNBO.sys [177152 2016-05-21] () [File not signed] S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [X] S3 RSSERIAL; \SystemRoot\SYSTEM32\RSSERIAL.SYS [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 09:37 - 2016-06-27 09:38 - 00057621 _____ C:\Users\aschreiner\Desktop\FRST.txt 2016-06-27 09:37 - 2016-06-27 09:37 - 02389504 _____ (Farbar) C:\Users\aschreiner\Desktop\FRST64.exe 2016-06-27 09:37 - 2016-06-27 09:37 - 00000000 ____D C:\Users\aschreiner\Desktop\FRST-OlderVersion 2016-06-27 09:37 - 2016-06-27 09:37 - 00000000 ____D C:\FRST 2016-06-27 09:36 - 2016-06-27 09:37 - 02388992 _____ (Farbar) C:\Users\aschreiner\Downloads\FRST64.exe 2016-06-27 09:13 - 2016-06-27 09:20 - 00002043 _____ C:\ProgramData\SCCMHealthCheck.xml 2016-06-27 09:12 - 2016-06-27 09:12 - 00000000 ___SH C:\DkHyperbootSync 2016-06-25 09:40 - 2016-06-25 15:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-25 09:40 - 2016-06-25 14:56 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-06-25 09:40 - 2016-06-25 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-25 09:40 - 2016-06-25 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-06-25 09:40 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-06-25 09:40 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-06-25 09:40 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-06-25 09:12 - 2016-06-25 09:12 - 00000004 ____H C:\ProgramData\cm-lock 2016-06-24 14:59 - 2016-01-21 11:14 - 00003330 _____ C:\Users\aschreiner\Desktop\KCPLHWTH_Update.lnk 2016-06-24 14:59 - 2014-10-14 10:07 - 00001831 _____ C:\Users\aschreiner\Desktop\KCPLHWTH_ICDB.lnk 2016-06-23 17:02 - 2016-06-27 09:16 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-06-23 17:02 - 2016-06-23 17:02 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-06-23 17:01 - 2016-06-27 09:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-06-23 17:01 - 2016-06-23 17:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-06-23 17:01 - 2016-06-23 17:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-23 17:01 - 2016-06-23 17:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-06-17 12:48 - 2016-06-17 12:48 - 00314880 _____ C:\Users\aschreiner\Desktop\CableSchedule_Rev_X.xls 2016-06-16 12:15 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe 2016-06-14 10:12 - 2016-06-14 10:12 - 00000000 ____D C:\Users\aschreiner\Desktop\mint 2016-06-13 13:24 - 2016-06-13 13:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-06-13 13:24 - 2016-06-13 13:24 - 00000000 ____D C:\Users\Default\AppData\Roaming\Sun 2016-06-13 13:24 - 2016-06-13 13:24 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Sun 2016-06-13 08:03 - 2016-06-13 08:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-13 08:03 - 2016-06-13 08:03 - 00000000 ____D C:\Program Files\iTunes 2016-06-13 08:03 - 2016-06-13 08:03 - 00000000 ____D C:\Program Files\iPod 2016-06-13 08:03 - 2016-06-13 08:03 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-13 07:55 - 2016-06-13 07:52 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-06-10 13:31 - 2016-06-10 13:32 - 00000000 ____D C:\Users\aschreiner\AppData\Local\Garmin_Ltd._or_its_subsid 2016-06-10 13:31 - 2016-06-10 13:31 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\Garmin 2016-06-10 13:31 - 2016-06-10 13:31 - 00000000 ____D C:\Program Files\DIFX 2016-06-10 13:30 - 2016-06-10 13:31 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-06-10 13:30 - 2016-06-10 13:30 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-06-10 13:30 - 2016-06-10 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-06-10 13:30 - 2016-06-10 13:30 - 00000000 ____D C:\ProgramData\Garmin ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-27 09:31 - 2015-03-02 14:59 - 00000000 ____D C:\Users\aschreiner\AppData\LocalLow\LastPass 2016-06-27 09:24 - 2016-05-20 08:24 - 00000911 _____ C:\Windows\Tasks\EPSON WF-7620 Series Update {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E}.job 2016-06-27 09:24 - 2016-05-20 08:24 - 00000725 _____ C:\Windows\Tasks\EPSON WF-7620 Series Invitation {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E}.job 2016-06-27 09:24 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp 2016-06-27 09:23 - 2009-07-13 23:45 - 00017952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-06-27 09:23 - 2009-07-13 23:45 - 00017952 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-06-27 09:20 - 2015-11-02 00:29 - 00002043 _____ C:\ProgramData\SCCMHealthCheck.xml.lst 2016-06-27 09:20 - 2015-11-02 00:29 - 00002043 _____ C:\ProgramData\SCCMHealthCheck.xml.before.repair 2016-06-27 09:20 - 2015-10-27 19:36 - 00000272 _____ C:\ProgramData\2013.par 2016-06-27 09:20 - 2015-02-19 19:25 - 00000152 __RSH C:\ProgramData\3002.xml 2016-06-27 09:19 - 2016-02-22 16:19 - 00000911 _____ C:\Windows\Tasks\EPSON WF-7620 Series Update {98294E8F-C703-42B2-B61A-42C92F168558}.job 2016-06-27 09:19 - 2016-02-22 16:19 - 00000725 _____ C:\Windows\Tasks\EPSON WF-7620 Series Invitation {98294E8F-C703-42B2-B61A-42C92F168558}.job 2016-06-27 09:14 - 2015-12-15 12:39 - 00000068 __RSH C:\Windows\system32\Drivers\ws2ifsl.winsecurity 2016-06-27 09:14 - 2015-03-05 15:14 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969UA.job 2016-06-27 09:14 - 2015-03-02 10:33 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-27 09:13 - 2015-12-15 12:39 - 00000068 __RSH C:\Windows\system32\Drivers\WdfLdr.winsecurity 2016-06-27 09:12 - 2012-06-20 10:02 - 00000464 _____ C:\Windows\system32\config\netlogon.ftl 2016-06-27 09:11 - 2015-06-23 11:08 - 00000000 ____D C:\ProgramData\LogMeIn 2016-06-27 09:11 - 2015-02-19 19:26 - 00017408 _____ C:\Windows\system32\rpcnetp.exe 2016-06-25 11:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf 2016-06-25 09:41 - 2015-03-24 08:05 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-06-25 09:41 - 2015-03-02 17:21 - 00000000 ____D C:\Users\aschreiner\AppData\Local\CrashDumps 2016-06-25 09:37 - 2015-08-25 15:06 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\vlc 2016-06-25 09:19 - 2009-07-14 00:13 - 00963484 _____ C:\Windows\system32\PerfStringBackup.INI 2016-06-25 09:17 - 2015-02-19 18:56 - 00000540 _____ C:\Windows\SMSCFG.ini 2016-06-25 09:16 - 2015-03-02 12:09 - 00000000 ___RD C:\Users\aschreiner\Google Drive 2016-06-25 09:15 - 2016-02-28 14:28 - 00000000 ____D C:\ProgramData\Unified Remote 2016-06-25 09:14 - 2015-03-02 10:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-25 09:12 - 2015-06-23 11:08 - 00000988 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2016-06-25 09:11 - 2015-02-19 19:22 - 00078032 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2016-06-25 09:09 - 2015-02-19 19:12 - 00000000 ____D C:\ProgramData\Validity 2016-06-25 09:09 - 2015-02-06 16:23 - 00000000 ____D C:\ProgramData\NVIDIA 2016-06-25 09:09 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-06-24 16:28 - 2015-08-14 10:04 - 00000000 ____D C:\Windows\ccmcache 2016-06-24 15:01 - 2015-03-02 16:02 - 00000902 _____ C:\Windows\ODBC.INI 2016-06-24 13:39 - 2015-03-02 10:26 - 00000000 ____D C:\Users\aschreiner\Documents\My Received Files 2016-06-24 12:57 - 2012-06-20 10:04 - 00107656 __RSH C:\ProgramData\ntuser.pol 2016-06-24 09:02 - 2015-03-05 15:14 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969Core.job 2016-06-23 16:53 - 2016-04-01 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Printer Installer 2016-06-23 12:46 - 2015-03-02 23:07 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\Notepad++ 2016-06-22 13:03 - 2015-03-05 16:43 - 00000000 ___RD C:\Users\aschreiner\Virtual Machines 2016-06-22 10:54 - 2015-03-02 10:27 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\ColumbiaSoft 2016-06-18 13:00 - 2015-03-02 10:34 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 13:01 - 2015-12-18 17:26 - 00000277 _____ C:\Windows\SlRegEDS.ini 2016-06-16 15:24 - 2015-03-02 10:26 - 00020602 __RSH C:\Users\aschreiner\ntuser.pol 2016-06-16 15:24 - 2015-03-02 10:26 - 00000000 ____D C:\Users\aschreiner 2016-06-16 15:16 - 2015-03-24 08:05 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\TeamViewer 2016-06-15 23:06 - 2012-06-20 10:20 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-06-15 10:02 - 2016-01-21 12:59 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Standard.lnk 2016-06-15 10:02 - 2016-01-21 12:59 - 00002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk 2016-06-13 13:24 - 2016-03-04 08:33 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-13 13:24 - 2015-12-18 17:33 - 00001764 _____ C:\Windows\.mif 2016-06-13 13:24 - 2015-04-07 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-13 08:30 - 2016-01-05 14:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-06-13 08:03 - 2015-07-02 09:35 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-13 07:55 - 2015-04-07 16:38 - 00000000 ____D C:\Program Files\Java 2016-06-13 07:53 - 2015-08-24 08:44 - 00000000 ____D C:\Users\aschreiner\.oracle_jre_usage 2016-06-13 07:52 - 2015-08-24 08:44 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-06-13 07:43 - 2015-03-02 16:00 - 00007660 _____ C:\Users\aschreiner\AppData\Local\Resmon.ResmonCfg 2016-06-10 13:30 - 2015-02-19 19:18 - 00000000 ____D C:\ProgramData\Package Cache 2016-06-10 13:24 - 2015-06-23 11:08 - 00000000 ____D C:\Program Files (x86)\LogMeIn 2016-06-10 13:23 - 2015-06-23 11:08 - 00122400 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll 2016-06-10 13:23 - 2015-06-23 11:08 - 00107520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll 2016-06-08 15:35 - 2016-03-09 10:09 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\VMware 2016-06-07 14:55 - 2015-03-02 11:01 - 00000000 ____D C:\Users\aschreiner\AppData\Local\IE Tab 2016-06-02 23:01 - 2015-03-02 10:33 - 00000000 ____D C:\Program Files (x86)\Google 2016-06-01 08:34 - 2016-02-23 14:32 - 00000000 ____D C:\Program Files\7-Zip 2016-06-01 08:26 - 2015-03-02 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-05-29 21:21 - 2016-04-25 22:51 - 00000000 ____D C:\Users\aschreiner\AppData\Roaming\uTorrent 2016-05-28 21:11 - 2015-02-19 18:56 - 00000000 ____D C:\Windows\CCM ==================== Files in the root of some directories ======= 2015-12-07 09:12 - 2015-12-07 09:12 - 6420480 _____ () C:\Program Files (x86)\GUTB0AC.tmp 2015-12-07 09:12 - 2015-12-07 09:15 - 6420480 _____ () C:\Program Files (x86)\GUTB0BB.tmp 2016-02-25 10:00 - 2009-10-27 13:38 - 0186464 _____ (Symantec, Inc.) C:\Program Files (x86)\UNWISE.EXE 2015-03-02 15:00 - 2015-03-02 15:00 - 14242360 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-03-03 09:37 - 2015-03-03 09:41 - 0026975 _____ () C:\Users\aschreiner\AppData\Roaming\Comma Separated Values (Windows).ADR 2015-05-13 12:46 - 2015-05-13 12:47 - 0140637 _____ () C:\Users\aschreiner\AppData\Roaming\redline2stapler.tmp 2015-03-02 16:00 - 2016-06-13 07:43 - 0007660 _____ () C:\Users\aschreiner\AppData\Local\Resmon.ResmonCfg 2015-10-05 12:17 - 2015-10-05 12:17 - 0000000 _____ () C:\Users\aschreiner\AppData\Local\{0302AB34-1CB7-4BE0-81CA-1A4B02B76856} 2015-09-28 10:27 - 2015-09-28 10:27 - 0000000 _____ () C:\Users\aschreiner\AppData\Local\{781D3D05-8D4B-4765-8CDD-D2FF8BC5D41F} 2015-10-27 19:36 - 2016-06-27 09:20 - 0000272 _____ () C:\ProgramData\2013.par 2015-02-19 19:25 - 2016-05-26 14:17 - 0032432 __RSH () C:\ProgramData\3002.abs 2015-02-19 19:25 - 2016-06-27 09:20 - 0000152 __RSH () C:\ProgramData\3002.xml 2015-05-02 14:59 - 2015-05-02 14:59 - 0015568 __RSH () C:\ProgramData\3029.abs 2015-09-18 17:01 - 2015-10-24 17:36 - 0001856 __RSH () C:\ProgramData\3031.abs 2016-06-25 09:12 - 2016-06-25 09:12 - 0000004 ____H () C:\ProgramData\cm-lock 2015-02-20 09:06 - 2015-02-20 09:06 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2015-04-21 17:00 - 2015-04-21 17:00 - 0010304 _____ () C:\ProgramData\regid.1998-09.com.columbiasoft_CB7DABE8-4CB1-4D01-90EB-F46578B0EC22.swidtag 2016-06-27 09:13 - 2016-06-27 09:20 - 0002043 _____ () C:\ProgramData\SCCMHealthCheck.xml 2015-11-02 00:29 - 2016-06-27 09:20 - 0002043 _____ () C:\ProgramData\SCCMHealthCheck.xml.before.repair 2015-11-02 00:29 - 2016-06-27 09:20 - 0002043 _____ () C:\ProgramData\SCCMHealthCheck.xml.lst ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-17 00:53 ==================== End of FRST.txt ============================
And my addition log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02 Ran by aschreiner (2016-06-27 09:38:47) Running from C:\Users\aschreiner\Desktop Windows 7 Enterprise Service Pack 1 (X64) (2015-02-20 14:14:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1277301177-2924182014-3333776039-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-1277301177-2924182014-3333776039-501 - Limited - Disabled) UpdatusUser (S-1-5-21-1277301177-2924182014-3333776039-1005 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: System Center Endpoint Protection (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95} AS: System Center Endpoint Protection (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.) 1734 IO-Link Module Profiles (x32 Version: 1.41.80.0 - Rockwell Automation, Inc.) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.9 - Hewlett-Packard) Hidden 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) A360 Desktop (HKLM\...\{B209E611-5511-4AD6-B4B3-9D36F93DBCD4}) (Version: 6.0.3.1100 - Autodesk) ACA & MEP 2016 Object Enabler (Version: 7.8.41.0 - Autodesk) Hidden ACAD Private (Version: 20.1.49.0 - Autodesk) Hidden Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.16 - Adobe Systems) Adobe Flash Player 22 ActiveX (HKLM-x32\...\{42E870AA-8C2E-4764-9340-31A693D2E033}) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Flash Player 22 PPAPI (HKLM-x32\...\{385454BE-576E-4FC8-A828-4C81F0485A7C}) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Reader XI (11.0.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.16 - Adobe Systems Incorporated) Advanced Micro Controls 1734 Specialty Module Profiles (x32 Version: 1.04.1.0 - Advanced Micro Controls, Inc.) Hidden Advanced Micro Controls 1756 Specialty Module Profiles (x32 Version: 1.03.1.0 - Advanced Micro Controls, Inc.) Hidden Advanced Micro Controls 1769 Specialty Module Profiles (x32 Version: 1.10.1.0 - Advanced Micro Controls, Inc.) Hidden Altiris Deployment Agent (HKLM\...\{6C8D5E56-CA12-42B2-9075-044B4C7067A9}) (Version: 1.0.0 - Altiris) ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Arellia Local Security Agent (HKLM\...\{207895FB-47DE-48BB-960E-72D316895EC7}) (Version: 7.1.1437.0 - Arellia Corporation) Argos Agent (HKLM-x32\...\{F76995E8-77C5-4294-869C-1B50ECA52573}) (Version: 7.6.4 - Sepialine, Inc.) ARX CoSign Client (HKLM\...\{6002A187-B49D-4364-ADE3-FF42C8F17A9F}) (Version: 5.64 - Algorithmic Research Ltd.) ARX CryptoKit (HKLM\...\{F75D2B1D-5309-41DF-BC96-DFC3C3568C1D}) (Version: 4.5.5 - Algorithmic Research Ltd.) ARX Signature API (HKLM\...\{E92CC64E-046E-47D3-A701-1F593D1FBDC3}) (Version: 5.64 - Algorithmic Research Ltd.) Auto Close Idle Client (HKLM-x32\...\{501C2F0A-AC90-4b28-8474-BA7F104152AC}_is1) (Version: - Ultimate Net Tools) AutoCAD 2016 - English (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 (Version: 20.1.107.0 - Autodesk) Hidden AutoCAD 2016 Language Pack - English (Version: 20.1.49.0 - Autodesk) Hidden AutoCAD 2016 VBA Enabler (Version: 20.1.49.0 - Autodesk) Hidden Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.15 - Autodesk) Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk) Autodesk AutoCAD 2016 - English (HKLM\...\AutoCAD 2016 - English) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD 2016 SP 1 (HKLM\...\AutoCAD 2016 SP1) (Version: 20.1.107.0 - Autodesk) Autodesk AutoCAD 2016 VBA Enabler (HKLM\...\AutoCAD 2016 VBA Enabler) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD Civil 3D 2016 64 Bit Object Enabler on A360 Desktop - Language Neutral (HKLM\...\{41B3A965-BA83-4FB7-9045-6368832F0B78}) (Version: 604.0 - Autodesk, Inc.) Autodesk AutoCAD Civil 3D 2016 64 Bit Object Enabler on AutoCAD 2016 - English - English (United States) (HKLM\...\{F3C77302-A12F-4DDE-8E51-C93B287B8CA0}) (Version: 604.0 - Autodesk, Inc.) Autodesk AutoCAD Performance Feedback Tool 1.2.4 (HKLM-x32\...\{4E20873D-BC20-495C-AFD9-B18877B7F9BB}) (Version: 1.2.4.0 - Autodesk) Autodesk AutoCAD Plant 3D 2016 Object Enabler (HKLM\...\Autodesk AutoCAD Plant 3D 2016 Object Enabler) (Version: 20.1.49.0 - Autodesk) Autodesk AutoCAD Plant 3D 2016 Object Enabler (Version: 20.1.49.0 - Autodesk) Hidden Autodesk BIM 360 Glue AutoCAD 2016 Add-in 64 bit (HKLM\...\{4BEE127E-95C4-434D-ABAC-65155192BB24}) (Version: 4.35.1742 - Autodesk) Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.15 - Autodesk) Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.15 - Autodesk) Avaya Microsoft Lync 2013 Integration (HKLM-x32\...\{5EC62C97-5B0B-40E7-B691-B02BFEF35A2F}) (Version: 6.3.3 - Avaya) BbeXtreme (x32 Version: 15.6.0 - Bluebeam Software) Hidden Bentley DGN IFilter (HKLM\...\{2E873893-A883-4C06-8308-7B491D58F3D6}) (Version: 1.0.1.11 - Bentley Systems, Incorporated) Bentley DGN Navigator Control 2.0 x64 (HKLM\...\{1E8A88EA-DB9A-4F36-A918-9C4AE266C1B8}) (Version: 02.00.01250.0 - Bentley Systems, Incorporated) Bentley DGN Thumbnail Provider (HKLM\...\{74A8C1AF-75E5-4653-95AF-222725B7D877}) (Version: 8.11.7.411 - Bentley Systems, Incorporated) Bentley Software Prerequisites (x32 Version: - Bentley) Hidden Bluebeam Revu eXtreme x64 2015.6 (HKLM\...\{AF002E58-F25F-4AC2-A360-651F10858F45}) (Version: 15.6.0 - Bluebeam Software, Inc.) BMcD 2016 Templates (April) (HKLM-x32\...\{463496AD-64C3-401C-A5B1-0F9B91A02BF9}) (Version: 1.1 - Burns & McDonnell) BMcD_Microsoft_Office_Templates_2_0 (HKLM-x32\...\BMcD_Microsoft_Office_Templates_2_0) (Version: 2.0 - ) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software) CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform) Chrome Remote Desktop Host (HKLM-x32\...\{95EB2FCC-AE0B-40E9-B804-347C6358923B}) (Version: 51.0.2704.7 - Google Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.01065 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.01065 - Cisco Systems, Inc.) Hidden Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.100.14 - Citrix Systems, Inc.) Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.) CodeMeter Runtime Kit v5.21 (HKLM\...\{05CA69B3-6699-425F-8223-39E4E00B6581}) (Version: 5.21.1478.500 - WIBU-SYSTEMS AG) ColumbiaSoft PDF Render (novaPDF 7.7 printer) (HKLM\...\ColumbiaSoft PDF Render_is1) (Version: 7.7.3987 - Softland) Computrace (HKLM-x32\...\{8DA5754C-34B4-47B6-BDD9-4F13D183C155}) (Version: 8.0.932 - Absolute Software Inc.) Configuration Manager Client (Version: 5.00.8325.1000 - Microsoft Corporation) Hidden ControlFLASH (HKLM-x32\...\{795AF8A6-FA19-4F66-9B9E-3847A286F73D}) (Version: 13.00.00 - Rockwell Automation, Inc.) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0002 - Microsoft Corporation) Document Locator Client 7.1 x64 (HKLM\...\{293B5719-A484-46EB-9166-05F6392EBB9C}) (Version: 7.1.0018 - ColumbiaSoft Corporation) Document Locator Print Import (novaPDF OEM 7.7 printer) (HKLM\...\Document Locator Print Import_is1) (Version: 7.7.3987 - Softland) Elevated Installer (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden Endress+Hauser EtherNet/IP Analysis Module Profiles (x32 Version: 1.20.1.0 - Endress+Hauser, Inc.) Hidden Endress+Hauser EtherNet/IP Comm Module Profiles (x32 Version: 1.61.1.0 - Endress+Hauser, Inc.) Hidden EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON WF-7620 Series Printer Uninstall (HKLM\...\EPSON WF-7620 Series) (Version: - SEIKO EPSON Corporation) ETAP 14.0.0 (HKLM\...\{1DCFC9AC-12CD-4148-9DE4-C171A395C2D2}) (Version: 14.0.0 - ETAP) ETAP License Manager 12.5.0 for 64-bit Machine (HKLM\...\{3B9DCBCC-E42F-40F1-AD10-0B297FF2F75A}) (Version: 12.5.0 - Operation Technology, Inc.) ETAP_12_5_0 (HKLM-x32\...\ETAP_12_5_0) (Version: 12.5.0 - ) FactoryTalk Activation Manager 4.00.00 (HKLM-x32\...\{70715E78-DF4E-42F2-AF99-010C6F3E4D6D}) (Version: 4.00.00 - Rockwell Automation, Inc.) FactoryTalk Alarms and Events 2.80.00 (CPR 9 SR 8) (HKLM-x32\...\{FE3F6465-84E3-45AF-9955-276ECB70EF21}) (Version: 2.80.00 - Rockwell Automation, Inc.) FactoryTalk Diagnostics 2.80.00 (CPR 9 SR 8) (HKLM-x32\...\{B444F81B-2493-463B-901A-32940BBA24B6}) (Version: 2.80.00 - Rockwell Automation, Inc.) FactoryTalk Services Platform 2.80.00 (CPR 9 SR 8) (HKLM-x32\...\{9B60089F-1A20-4088-9F8E-AE6040269C72}) (Version: 2.80.00 - Rockwell Automation, Inc.) FactoryTalk View Studio for Machine Edition 8.10.00 (HKLM-x32\...\RSView Studio) (Version: - ) FactoryTalk® View Studio for Machine Edition 8.10.00 (CPR 9 SR 7.4) (HKLM-x32\...\{3BA3172A-ADC0-4BE4-A805-E11020A7659A}) (Version: 8.10.00 - Rockwell Automation, Inc.) FANUC CNC EtherNet/IP Specialty Module Profiles (x32 Version: 1.09.1.0 - Rockwell Automation, Inc.) Hidden FANUC Robotics EtherNet/IP Specialty Module Profiles (x32 Version: 1.34.1.0 - Rockwell Automation, Inc.) Hidden FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) Garmin Express (HKLM-x32\...\{54b8854c-ad14-42fe-9dfb-bffd1a23fcf6}) (Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 4.1.22.0 - Garmin Ltd or its subsidiaries) Hidden Google Chrome (HKLM-x32\...\{878B9925-1C43-3AED-87F6-2C2A79678CD8}) (Version: 51.0.2704.103 - Google, Inc.) Google Drive (HKLM-x32\...\{709316AD-161C-4D5C-9AE7-0B3A822DA271}) (Version: 1.30.2170.0459 - Google, Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - ) Hardy Instruments 1756 Specialty Module Profiles (x32 Version: 1.42.1.0 - Hardy Instruments, Inc.) Hidden Hardy Instruments 1769 Specialty Module Profiles (x32 Version: 2.09.1.0 - Hardy Instruments, Inc.) Hidden HDR Preview (HKLM\...\{9F7815C9-A323-4215-905C-73137D21BCC0}) (Version: 1.0.0.2 - Bentley Systems, Incorporated) Hoffman 1756 Comm Module Profiles (x32 Version: 1.03.1.0 - Hoffman Enclosures) Hidden Hyperview Kit (HKLM-x32\...\{43DF7D54-F174-4F07-9865-976105E7E0A1}) (Version: 5.31.1001 - G. Michaels Consulting Ltd.) i-model ODBC Driver for Windows 7 (x64) (HKLM\...\{454AD0FD-21D2-4E73-99E9-A40CAC75A636}) (Version: 01.00.00020 - Bentley Systems, Incorporated) Inst5676 (Version: 8.01.18 - Softex Inc.) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{eddf4201-b72e-4e94-9e7b-ac1ba97c029f}) (Version: 16.11.0 - Intel Corporation) Intergraph SmartPlant License Manager (HKLM-x32\...\{94676089-B640-4038-90DC-03EFAE980CEB}) (Version: 11.00.17.00 - Intergraph) Intergraph SmartPlant Review (HKLM-x32\...\{7C76E944-C44F-48A0-9339-91FC80B1012A}) (Version: 10.0.0.340 - Intergraph) Internet Explorer 11 (x32 Version: 11.0 - Microsoft Corporation) Hidden iTunes (HKLM\...\{9F4BF859-C3A4-4AB6-BDD1-9C5D58188598}) (Version: 12.4.1.6 - Apple Inc.) Java 8 Update 92 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418092F0}) (Version: 8.0.920.14 - Oracle Corporation) Java_8_Update_77 (HKLM-x32\...\Java_8_Update_77) (Version: 1.8.0.77 - ) Java_BMcD_Certs_1_0 (HKLM-x32\...\Java_BMcD_Certs_1_0) (Version: 1.0 - ) Java_Exception_Sites_1_0 (HKLM-x32\...\Java_Exception_Sites_1_0) (Version: 1.0 - ) kitedrive (HKLM\...\{854ED2A4-376D-4A4B-A686-90154EA3D1DD}) (Version: 1.5.9 - Accellion) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Lenovo Fingerprint Manager Pro (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.18(x64) - Lenovo) Lenovo Fingerprint Manager Pro (Version: 8.01.18(x64) - Lenovo) Hidden Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - ) Local Administrator Password Solution (HKLM\...\{F53D26E0-94E5-456F-AC72-C7676C9CE813}) (Version: 6.0.1.0 - Microsoft Corporation) Logix Designer Motion Database (x32 Version: 30.2.3875.0 - Rockwell Automation, Inc.) Hidden Logix Designer System Updates (x32 Version: 22.13.1007 - Rockwell Automation, Inc.) Hidden Logix Designer Uninstaller (x32 Version: 7.0.3875.0 - Rockwell Automation, Inc.) Hidden LogMeIn (HKLM-x32\...\{D8FDCAEB-351D-4FFF-B1FD-B8C3564C1CAD}) (Version: 4.1.5208 - LogMeIn, Inc.) LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ME Device Status and Diagnostic Faceplates (HKLM-x32\...\{A5EDA81D-0703-44D6-BD7B-6D2E9D6078EE}) (Version: 8.10.00 - Rockwell Automation, Inc.) Mettler-Toledo 1756 Comm Module Profiles (x32 Version: 1.17.1.0 - Mettler-Toledo Corporation) Hidden MGate Manager 1.11 (HKLM\...\MGate Manager_is1) (Version: - Moxa Inc.) Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation) Microsoft Lync 2010 SDK Runtime (HKLM-x32\...\{8AF10E19-4330-4077-A1B5-491ACDC24B08}) (Version: 4.0.7577.124 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Office Lync Software Development Kit Runtime (HKLM-x32\...\{90150000-008E-0409-0000-0000000FF1CE}) (Version: 15.0.4603.1000 - Microsoft Corporation) Microsoft OneDrive for Business 2013 - en-us (HKLM\...\GrooveRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTD) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 Policies (HKLM-x32\...\{01C5A10F-AD9B-405B-853A-6659841A1242}) (Version: 10.0.1600.22 - Microsoft Corporation) Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation) Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{056E5A6F-BEF6-4094-8724-D45F0F564312}) (Version: 10.0.1794.0 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation) Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP1 Query Tools English (HKLM-x32\...\{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}) (Version: 3.5.5692.0 - Microsoft Corporation) Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation) Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2012 Shell (Isolated) (HKLM-x32\...\{d2e0df0f-bf0a-4a89-9530-ebf93842c393}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation) MicroStation V8i (SELECTseries 3) 08.11.09.459 (HKLM-x32\...\{B234DC00-1003-47E7-8111-230AA9E6BF10}) (Version: 08.11.09.459 - Bentley Systems, Incorporated) Modbus Poll 6.4.2 (HKLM\...\Modbus Poll) (Version: 6.4.2 - Witte Software) Modbus Slave 6.1.2 (HKLM\...\Modbus Slave) (Version: 6.1.2 - Witte Software) Molex Corporation 1756 Comm Module Profiles (x32 Version: 1.26.1.0 - Molex Corporation) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Music Manager (HKU\S-1-5-21-433564024-1784799946-3432143216-187969\...\MusicManager) (Version: - Google, Inc.) Notepad++ (HKLM\...\{07BAE073-B1C9-48A9-BD60-C7F61A0C9F02}) (Version: 6.8.3 - Notepad++) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team) NVIDIA 3D Vision Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.69 - NVIDIA Corporation) NVIDIA Graphics Driver 312.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.69 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation) NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation) NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden Office_2013_updates_Disable (HKLM-x32\...\Office_2013_updates_Disable) (Version: 1.0 - ) OLDI PCIx ETAP Comm Module Profiles (x32 Version: 1.07.0.0 - Online Development, Inc.) Hidden On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.33.00 - ) Online Development 1756 Comm Module Profiles (x32 Version: 1.03.1.0 - Online Development, Inc.) Hidden Online Plug-in (x32 Version: 14.2.100.14 - Citrix Systems, Inc.) Hidden OPC Core Components Redistributable (x64) 105.0 (HKLM\...\{725FFCF9-5D38-4249-8697-9BDB415E6B00}) (Version: 3.00.10501 - OPC Foundation) Parker Isysnet Analog Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden Parker Isysnet ASCII Module Profile (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden Parker Isysnet ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden Parker Isysnet Discrete Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden Parker Isysnet Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden Parker Isysnet Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden Parker Isysnet Ethernet Adapter Module Profile (x32 Version: 3.03.1.0 - Parker Hannifin Corporation) Hidden PDF Writer (HKLM\...\PDF Writer) (Version: 3.0 - ) Pepperl+Fuchs EtherNet/IP WirelessHART Gateway Module Profiles (x32 Version: 1.09.1.0 - Pepperl+Fuchs GmbH) Hidden Phoenix Digital 1756 Communication Module Profiles (x32 Version: 1.06.1.0 - Phoenix Digital, Inc.) Hidden Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PicPick (HKLM-x32\...\PicPick) (Version: 4.1.2 - NGWIN) Plex Home Theater (HKLM-x32\...\Plex Home Theater) (Version: 1.4.1 - Plex inc) PPS (HKLM-x32\...\{AA1A1D5D-FFAD-48FF-8977-97B2B1D5EC47}) (Version: 5.07.110 - Project Partners, LLC) PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software) Printer Installer Client (HKLM-x32\...\{A9DE0858-9DDD-4E1B-B041-C2AA90DCBF74}) (Version: 16.1.3.13 - PrinterLogic) Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access) ProjectWise Explorer V8i (SELECTseries 4) (HKLM\...\{26B92846-6804-531E-938C-88630F43A7AD}) (Version: 08.11.11574 - Bentley Systems, Incorporated) ProjectWise Export/Import (HKLM-x32\...\{103EA99C-0293-45AC-84C0-6DA4D8FEB235}) (Version: 08.11.11.11 - Bentley Systems) ProjectWise i-model Packager (HKLM-x32\...\{D5686C0F-55EF-11E0-8D64-002655409553}) (Version: 08.11.11.574 - Bentley Systems, Incorporated) ProSoft Configuration Builder (HKLM-x32\...\InstallShield_{2E265714-812E-492E-9CC9-E0E341FF02AC}) (Version: 4.4.3.4 - ProSoft Technology Inc.) ProSoft Configuration Builder (x32 Version: 4.4.3.4 - ProSoft Technology Inc.) Hidden ProSoft Technology 1734 Ethernet Adapter Module Profile (x32 Version: 1.14.1.0 - ProSoft Technology, Inc.) Hidden ProSoft Technology 1756 MVI Comm Module Profiles (x32 Version: 1.11.1.0 - ProSoft Technology, Inc.) Hidden Prosoft Technology 1769 Comm Module Profiles (x32 Version: 1.13.1.0 - Prosoft Technology, Inc.) Hidden Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7005 - Realtek Semiconductor Corp.) Rockwell Automation 1440 XM Dynamic Measurement Module Profile (x32 Version: 2.02.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1715 Ethernet Adapter Module Profile (x32 Version: 1.04.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1715 Redundant I/O Module Profiles (x32 Version: 2.04.3.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1732 Discrete Module Profiles (x32 Version: 2.02.1.0 - Rockwell Software, Inc.) Hidden Rockwell Automation 1732 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1732 EtherNet Safety Module Profiles (x32 Version: 6.01.19.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Analog Module Profiles (x32 Version: 7.01.14.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Analog Module Profiles 2 (x32 Version: 7.01.14.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 ASCII Module Profiles (x32 Version: 3.01.6.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 ControlNet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Discrete Module Profile, DeviceLogix (x32 Version: 4.01.6.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Discrete Module Profiles (x32 Version: 8.02.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Discrete Module Profiles 2 (x32 Version: 4.01.9.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Discrete Module Profiles 4 (x32 Version: 4.01.8.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Ethernet Adapter Module Profile (x32 Version: 6.01.9.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile (x32 Version: 6.01.9.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Point Guard Safety Module Profile (x32 Version: 1.01.21.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1734 Specialty Module Profiles (x32 Version: 3.01.5.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Analog Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Analog Module Profiles 2 (x32 Version: 6.03.7.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 ASCII Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 ControlNet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Discrete Module Profile, DeviceLogix (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Discrete Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Discrete Module Profiles 2 (x32 Version: 3.00.2579.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Discrete Module Profiles 4 (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Ethernet Adapter Module Profile (x32 Version: 5.03.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile (x32 Version: 5.02.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1738 Specialty Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1747 Module Profiles (x32 Version: 14.00.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 Apex2 Isolated Analog Module Profiles (x32 Version: 1.01.24.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 CNet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 Ethernet Bridge Module Profile (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 HART Module Profiles (x32 Version: 4.01.12.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 Historian Module Profiles (x32 Version: 1.07.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 Next Gen Apex2 Digital Module Profiles (x32 Version: 3.02.7.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1756 Remote I/O Interface Module Profile (x32 Version: 2.03.3.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Analog Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Analog Module Profiles (x32 Version: 7.02.8.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 ASCII Module Profiles (x32 Version: 2.04.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Boolean Module Profiles (x32 Version: 2.02.5.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Controller Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 2.02.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Embedded Module Profiles (x32 Version: 2.02.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1769 Specialty Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1783 Ethernet Managed Switch Module Profile (x32 Version: 3.02.3442.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1788 Ethernet to DeviceNet Module Profile (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1791DS Discrete Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 1799 Embedded Discrete Module Profile (x32 Version: 1.01.6.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 2094 Kinetix IPIM Module Profile (x32 Version: 2.03.3.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 2097 Kinetix Module Profiles (x32 Version: 2.01.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 280 ArmorStart Ethernet Module Profiles (x32 Version: 1.04.3.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 2-Port CIP Sync ENetIP Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 2-Port ENetIP Analog Module Profiles (x32 Version: 1.02.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 2-Port Quick Connect ENetIP Module Profiles (x32 Version: 2.01.3.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 440C-CR30 configured safety relay (x32 Version: 1.01.12.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 48MS Vision Sensor Module Profiles (x32 Version: 1.01.19.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5069 Adapter Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5069 Analog Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5069 ARM Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5069 Discrete Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5069 Specialty Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 56RF-IN-IPD22 Module Profiles (x32 Version: 1.03.0.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 56RF-IN-IPD22A Module Profiles (x32 Version: 1.03.0.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 56RF-IN-IPS12 Module Profiles (x32 Version: 1.03.0.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 5XRF RFID Reader Module Profiles (x32 Version: 1.02.24.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation 842E EtherNet/IP Encoder Module Profiles (x32 Version: 2.01.26.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation ArmorStart LT Module Profiles (x32 Version: 2.01.20.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Catalog Services (x32 Version: 2.3.3875.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CIP Motion Feedback Device Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CM Runtime (HKLM-x32\...\{7B5F3FE7-1276-41A7-BAAA-0CECA3730CA9}) (Version: 5.21.3875.0 - Rockwell Automation, Inc.) Rockwell Automation Compact Adapter Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Compact GuardLogix 5370 L3S Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CompactLogix 5370 L1 Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CompactLogix 5370 L2 Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CompactLogix 5370 L3 Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation CompactLogix 5380 Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation ControlLogix 5580 Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 5.04.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.01.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.04.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.04.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation DIO EtherNet Safety Module Profiles (x32 Version: 5.03.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Driver Package x64 (HKLM-x32\...\{C90BD8D9-A4B6-473C-A1B2-37D289F0B0C9}) (Version: 1.1.18 - Rockwell Automation.) Rockwell Automation Drives Peripheral Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 4 Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 5 Module Profiles (x32 Version: 1.04.33.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 7 2 Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 7 3 Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 7 4 Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives PowerFlex 7 Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Drives SCANport Module Profiles (x32 Version: 4.07.10.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation E1 Plus Module Profiles (x32 Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation E3 Plus Comms Auxiliary Module Profiles (x32 Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation E3 Plus via 2100-ENET Module Profiles (x32 Version: 1.01.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation E300 Ethernet Module Profiles (x32 Version: 5.01.1.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation EtherNet/IP Tap Family Module Profiles (x32 Version: 2.06.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Flex Adapter Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Generic Safety Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Kinetix CIP Motion Drive Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Kinetix350 CIP Motion Drive Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Kinetix5500 CIP Motion Drive Modules (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Kinetix5700 CIP Motion Modules (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation PanelView Module Profile (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Point Safety Discrete Module Profiles (x32 Version: 3.01.2.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation PowerFlex CIP Motion Drive Module Profiles (x32 Version: 16.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation PowerFlex5 CIP Motion Drive Module Profiles (x32 Version: 1.01.12.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation SLC Adapter Module Profiles (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Stratix 5100 Module Profiles (x32 Version: 2.01.6.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Stratix 5400 Module Profiles (x32 Version: 9.01.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Stratix 5410 Module Profiles (x32 Version: 9.01.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Stratix 5700 Module Profiles (x32 Version: 9.01.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Automation Stratix 8000/8300 Module Profiles (x32 Version: 9.01.4.0 - Rockwell Automation, Inc.) Hidden Rockwell Windows Firewall Configuration Utility 1.00.07 (HKLM-x32\...\{0B326F7E-CDA7-4164-95F0-7FBA92DCD2D3}) (Version: 1.00.07.0001 - Rockwell Automation, Inc.) RSLinx Classic 3.80.00 CPR 9 SR 8 (HKLM-x32\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 3.80.00 CPR 9 SR 8 - Rockwell Automation, Inc.) RSLinx Enterprise 5.80.00 (CPR 9 SR 8) (HKLM-x32\...\{339EA7CF-CAD9-44FE-A3D4-43C7FF0A4D0D}) (Version: 5.80.00 - Rockwell Automation, Inc.) RSLogix 5000 Module Profile Core (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Core EDS Support (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Core System Updates (x32 Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Core System Updates 1 (x32 Version: 11.00.3704.0 - Rockwell Automation, Inc.) Hidden RSLogix 5000 Module Profile Setup Utility (x32 Version: 14.00.4058.0 - Rockwell Automation, Inc.) Hidden RSLogix Architect Compatible Tool (x32 Version: 1.00.0000 - Your Company Name) Hidden RSLogix Emulate 5000 24.01.00 (CPR 9 SR 7.1) (HKLM-x32\...\{07E955C7-F9E2-4056-A1A7-B60EC367A4AC}) (Version: 24.01.00 - Rockwell Automation, Inc.) Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.3.0.92 - Samsung Electronics Co., Ltd.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{4A10D640-13F1-4A13-BAD1-3E3790511B17}) (Version: 13.0.10.1385 - SAP) SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{9EFF1F10-990C-4DE8-A4C7-7EEE1952F159}) (Version: 13.0.10.1385 - SAP) ScriptPro 2.0 (HKLM-x32\...\{60A033B4-7FB9-4028-9942-0A6117348E43}) (Version: 3.0.2 - Autodesk) Self-service Plug-in (x32 Version: 4.2.100.5943 - Citrix Systems, Inc.) Hidden Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation) SketchUp Import 2016 (HKLM-x32\...\{C769FB7C-1F55-4B31-9A2A-21CEC50F4F92}) (Version: 2.0.0 - Autodesk) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) SMC 1756 Comm Module Profiles (x32 Version: 1.17.1.0 - SMC Corporation) Hidden Spectrum Controls 1734 Analog Module Profiles (x32 Version: 1.21.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1756 Analog Module Profiles (x32 Version: 1.10.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1756 Discrete Module Profiles (x32 Version: 1.04.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1756 Specialty Module Profiles (x32 Version: 1.04.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1769 Analog HART Module Profiles (x32 Version: 1.07.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1769 Analog Module Profiles (x32 Version: 1.08.1.0 - Spectrum Controls, Inc.) Hidden Spectrum Controls 1769 Analog2 Module Profiles (x32 Version: 2.07.1.0 - Spectrum Controls, Inc.) Hidden SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden Studio 5000 Architect v1.01.00 (CPR 9 SR 8) (HKLM-x32\...\{0A98A2EA-DD41-4A54-9E2C-DE390AD223B1}) (Version: 1.01.00 - Rockwell Automation, Inc.) Studio 5000 Launcher (HKLM-x32\...\{EE06EC93-0505-4AA5-BFBF-76E578AB2244}) (Version: 3.6.3804.37271 - Rockwell Automation, Inc.) Studio 5000 Logix Designer Online Books v28.0.0 (HKLM-x32\...\{11010028-B129-11DF-A296-000C296D58C5}) (Version: 28.0.0 - Rockwell Automation, Inc.) Studio 5000 Logix Designer Start Page Media v28.00.00 (HKLM-x32\...\{10000028-D5FD-11DA-A128-000C29473C90}) (Version: 28.00.00 - Rockwell Automation, Inc.) Studio 5000 Logix Designer v24.01.00 (CPR 9 SR 7.4) (HKLM-x32\...\{31000124-EC33-11D6-A408-F6139379CBFB}) (Version: 24.01.00 - Rockwell Automation, Inc.) Studio 5000 Logix Designer v28.00.00 (CPR 9 SR 8) (HKLM-x32\...\{31000028-EC33-11D6-A408-F6139379CBFB}) (Version: 28.00.00 - Rockwell Automation, Inc.) Studio 5000 View Designer (HKLM-x32\...\{09FF21B7-5E63-49C2-8DB4-53FB19F873A5}) (Version: 2.02.00000.00006 - Rockwell Automation, Inc.) Symantec Enterprise Vault Outlook Add-In 10.0.4.1354 (HKLM-x32\...\{FF7E9EA9-25E6-423C-BD5F-03378E43837C}) (Version: 10.0.17738 - Symantec Corporation) Synaptics WBF DDK 5011 (HKLM\...\{491728AE-BFF0-44F2-A9F1-9AE218E36E2D}) (Version: 4.5.263.0 - Synaptics) Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.263.0 - ) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.9.219.0 - Microsoft Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer) Text Finding (HKLM-x32\...\Text Finding_is1) (Version: - ) ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.37 - Synaptics Incorporated) ThinkPad WiFi Radio Control (HKLM-x32\...\{DF3A1970-C5E2-45E7-B032-228F20389D8B}) (Version: 1.11 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.78.0.11 - Lenovo) Traps 3.3.0.6169 (HKLM\...\{0E5B27C6-E477-4BD1-A85A-345F54BA9A42}) (Version: 3.3.0.6169 - Palo Alto Networks, Inc.) Traps_3_3_0_6169 (x32 Version: 3.3.0.6169 - ) Hidden TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.2 - TrueCrypt Foundation) U232 P9/P25 10.2.98 (HKLM-x32\...\{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}) (Version: 10.2.98 - MCT) Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.3.5 - Unified Intents AB) Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes) Visualization Content (HKLM-x32\...\{0D41BCFC-B16D-479F-8347-4F68F6CD34CE}) (Version: 8.11.9.454 - Bentley Systems, Incorporated) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) V-locity Endpoint (HKLM\...\{A984D90B-192D-4D73-B5A0-18768EDC83E6}) (Version: 1.0.50.64 - Condusiv Technologies) VMware Horizon Client (HKLM\...\{783A7221-AF59-4F7D-8D88-FBE4266BC8F6}) (Version: 3.5.0.29526 - VMware, Inc.) WebEx Productivity Tools (HKLM-x32\...\{5A8D2895-7A57-41FF-9A39-035BA024B80F}) (Version: 2.36.13032.10011 - Cisco WebEx LLC) Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation) X-Rite Device Services Manager (HKLM-x32\...\{CE795482-FBF6-41B4-BE6D-3C5EE90444E2}) (Version: 2.1.14 - X-Rite) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{5370C727-1451-4700-A960-77630950AF6D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2016\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\aschreiner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2016\en-US\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-433564024-1784799946-3432143216-187969_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aschreiner\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01AFF8E5-32CA-4C58-8C66-19134B839EEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd) Task: {03E2C8C7-EE5F-4C8B-B927-D4E08189D70D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-18] (Microsoft Corporation) Task: {101F59A3-1464-4175-B8CC-599738D5CA5E} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-05-25] () Task: {19762B39-2A25-456C-A541-1F5060A87F70} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {27416E75-4BB5-4170-86F5-26C3EA0DE93A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.) Task: {2C763483-A605-427D-B88B-EFFDA225E1F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-23] (Adobe Systems Incorporated) Task: {2CEAD152-8934-4F3D-8F60-71D6A2CF8639} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969UA => C:\Users\aschreiner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.) Task: {428E69D2-1478-4BB1-9B2F-3D2802FD0C28} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {660FFF1D-AE86-4623-BA63-00B364D0D38A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969Core => C:\Users\aschreiner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-03-05] (Google Inc.) Task: {666A81EA-0041-488F-ABC6-D0FF3C69988D} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-04-12] () Task: {6696A643-0FBF-46CB-8B90-537D0E461A1D} - System32\Tasks\{6BBD36D3-AE96-4F12-88EF-E510BDFB5548} => pcalua.exe -a C:\Windows\Logs\ETAP_12_5_0\UNWISE.EXE -c /u C:\Windows\Logs\ETAP_12_5_0\ETAP_12_5_0.LOG Task: {6C12B8EC-043C-4AF7-8DBB-CBBFE077486E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {79AC2DF8-61B7-4BB4-B382-9195C0B50408} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {843426CF-7B16-4724-8095-49C38607CC72} - System32\Tasks\EPSON WF-7620 Series Invitation {98294E8F-C703-42B2-B61A-42C92F168558} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {8C5E9C28-9F7B-41B4-B337-650416BC0A9A} - System32\Tasks\EPSON WF-7620 Series Update {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {92F4204E-D4E5-4DF3-8789-9F515FA401C6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation) Task: {A5C67A7B-4474-4D61-96C8-F74692473997} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-07-26] (Realtek Semiconductor) Task: {BD9C851C-89FA-4684-B813-7A174C00A967} - System32\Tasks\{841E92C8-98C5-477C-8B87-8431E55A9E86} => pcalua.exe -a C:\Users\aschreiner\AppData\Local\Temp\7zS5708.tmp\MicroInstallerNative.exe -d C:\Users\ASCHRE~1\AppData\Local\Temp\7zS5708.tmp Task: {BF5A55DA-193E-41F2-9F98-D55ABE72C0BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-18] (Microsoft Corporation) Task: {C088A2B3-10B4-4A76-B704-24092F787E94} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\Windows\CCM\ccmeval.exe [2015-10-27] (Microsoft Corporation) Task: {CE788783-47C1-4E8F-A55C-8543247FAF5B} - System32\Tasks\EPSON WF-7620 Series Invitation {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {D0D6DE9A-53AA-45EC-AD18-1ED79AD69ACC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe [2016-06-23] (Adobe Systems Incorporated) Task: {D2443CE9-10C2-4829-B5E1-3696F7A8B59B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.) Task: {D2CA7877-FEA4-4503-A020-90A45D6599A2} - System32\Tasks\EPSON WF-7620 Series Update {98294E8F-C703-42B2-B61A-42C92F168558} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {EAC0D5B4-9692-46BB-9B3F-C35A3DA65B52} - System32\Tasks\{490ACA4F-EE20-4D2D-A895-599223565897} => pcalua.exe -a "C:\Program Files (x86)\BlueStacks\HD-RuntimeUninstaller.exe" Task: {F2289EAD-00C5-4CFB-A0CD-5853E9070616} - System32\Tasks\Rumination => C:\Users\aschreiner\Google Drive\Rumination.xls Task: {FCA79523-F6EE-4B55-A64A-A3563016A593} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-07-31] (Realtek Semiconductor) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_192_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\EPSON WF-7620 Series Invitation {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE Task: C:\Windows\Tasks\EPSON WF-7620 Series Invitation {98294E8F-C703-42B2-B61A-42C92F168558}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE Task: C:\Windows\Tasks\EPSON WF-7620 Series Update {8DE4FDFA-1352-4B99-8066-DDCE2F8A488E}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{8DE4FDFA-1352-4B99-8066-DDCE2F8A488E} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON WF-7620 Series Update {98294E8F-C703-42B2-B61A-42C92F168558}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKAE.EXE:/EXE:{98294E8F-C703-42B2-B61A-42C92F168558} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969Core.job => C:\Users\aschreiner\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-433564024-1784799946-3432143216-187969UA.job => C:\Users\aschreiner\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-04-04 11:25 - 2012-04-04 11:25 - 02171264 _____ () C:\Program Files\ARX\ARX CoSign Client\CoSign64.dll 2014-06-25 14:35 - 2014-06-25 14:35 - 00035328 _____ () C:\Program Files\Lenovo\Fingerprint Manager Pro\ssplogon.dll 2014-06-25 14:35 - 2014-06-25 14:35 - 00055296 _____ () C:\Program Files\Lenovo\Fingerprint Manager Pro\RandomPass.dll 2014-06-25 14:35 - 2014-06-25 14:35 - 00021504 _____ () C:\Program Files\Lenovo\Fingerprint Manager Pro\cryptodll.dll 2014-06-25 14:49 - 2014-06-25 14:49 - 00288656 _____ () C:\Program Files\Lenovo\Fingerprint Manager Pro\mstrpwd.dll 2015-02-06 16:17 - 2013-10-28 19:53 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-02-19 19:01 - 2013-04-11 11:01 - 00089600 _____ () C:\Windows\System32\custmon64i.dll 2015-08-02 10:26 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll 2016-05-19 09:33 - 2016-05-19 09:33 - 02254040 _____ () C:\Windows\pl64_tcpmon_k.dll 2015-02-19 19:04 - 2014-03-08 12:15 - 04004352 _____ () C:\Windows\system32\spool\PRTPROCS\x64\spPrProc6.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-08-05 08:39 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-11-10 08:58 - 2015-11-10 08:58 - 00019456 _____ () C:\Program Files\Palo Alto Networks\Traps\CyveraService.XmlSerializers.dll 2015-06-16 12:10 - 2015-06-16 12:10 - 00226240 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe 2015-07-31 16:42 - 2015-07-31 16:42 - 06363792 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgr.exe 2014-06-25 14:41 - 2014-06-25 14:41 - 00065024 _____ () C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe 2013-10-28 19:17 - 2013-10-28 19:17 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-10-28 10:07 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-03-28 13:07 - 2016-03-28 13:07 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll 2012-04-04 11:25 - 2012-04-04 11:25 - 01903488 _____ () C:\Program Files\ARX\ARX CoSign Client\CoSign.dll 2012-10-17 12:30 - 2012-10-17 12:30 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2015-06-16 12:04 - 2015-06-16 12:04 - 00239552 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll 2015-07-06 11:53 - 2015-07-06 11:53 - 00021208 _____ () C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagServerPS.dll 2015-10-02 14:02 - 2015-10-02 14:02 - 01798144 _____ () C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\botan.dll 2015-10-19 19:59 - 2015-10-19 19:59 - 00063192 _____ () C:\Program Files (x86)\Common Files\Rockwell\FTDiagnosticsODBCENU.dll 2011-10-11 15:46 - 2011-10-11 15:46 - 01588560 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll 2011-10-11 15:45 - 2011-10-11 15:45 - 00902992 _____ () C:\Program Files (x86)\X-Rite\Devices\i1pro\i1Fun.dll 2011-10-11 15:46 - 2011-10-11 15:46 - 02639696 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll 2015-10-02 14:02 - 2015-10-02 14:02 - 00048640 _____ () C:\Program Files (x86)\Rockwell Software\Studio 5000\Common\V2\bin\boost_thread.dll 2015-08-05 08:39 - 2015-08-23 22:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2015-10-28 10:07 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll 2016-06-25 09:15 - 2016-06-25 09:15 - 00098816 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32api.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00110080 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\pywintypes27.dll 2016-06-25 09:15 - 2016-06-25 09:15 - 00364544 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\pythoncom27.dll 2016-06-25 09:15 - 2016-06-25 09:15 - 00320512 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32com.shell.shell.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00776704 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_hashlib.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 01176576 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._core_.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00806400 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._gdi_.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00816128 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._windows_.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 01067008 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._controls_.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00733184 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._misc_.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00682496 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\pysqlite2._sqlite.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00088064 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_ctypes.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00119808 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32file.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00108544 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32security.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00007168 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\hashobjs_ext.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00017920 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\thumbnails_ext.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00088064 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\usb_ext.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00012288 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\common.time34.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00018432 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32event.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00167936 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32gui.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00046080 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_socket.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 01208320 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_ssl.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00128512 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_elementtree.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00127488 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\pyexpat.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00038912 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32inet.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00036864 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_psutil_windows.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00525208 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\windows._lib_cacheinvalidation.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00011264 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32crypt.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00077312 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._html2.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00027136 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_multiprocessing.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00020480 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\_yappi.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00035840 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32process.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00686080 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\unicodedata.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00078848 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._animate.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00123392 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\wx._wizard.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00024064 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32pipe.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00010240 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\select.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00025600 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32pdh.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00017408 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32profile.pyd 2016-06-25 09:15 - 2016-06-25 09:15 - 00022528 ____N () C:\Users\aschreiner\AppData\Local\Temp\_MEI106162\win32ts.pyd 2015-12-18 17:23 - 2015-12-18 17:25 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll 2015-10-28 10:07 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll 2015-12-18 17:21 - 2015-12-18 17:24 - 01754296 _____ () C:\Program Files\Microsoft Office 15\root\office15\tmpod.dll 2015-12-18 17:21 - 2015-12-18 17:23 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll 2015-08-05 08:39 - 2015-08-23 22:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll 2015-10-28 10:07 - 2015-09-01 07:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll 2016-06-18 13:00 - 2016-06-15 04:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-18 13:00 - 2016-06-15 04:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-18 13:00 - 2016-06-15 04:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:CM_89c07002dadf5991f79468c90f37e2533d020b70e8e1912a4856e84326c08211 [74] AlternateDataStreams: C:\Windows:CM_9857127c368ba16c1f274bd4bf1d16fff75f690c8aae941604d58b4b7d00c937 [74] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\.DEFAULT\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1277301177-2924182014-3333776039-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-433564024-1784799946-3432143216-187969\Control Panel\Desktop\\Wallpaper -> C:\Users\aschreiner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.3.35.120 - 10.8.35.120 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodeMeter Control Center.lnk => C:\Windows\pss\CodeMeter Control Center.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Document Locator Common Dialog.lnk => C:\Windows\pss\Document Locator Common Dialog.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Document Locator Service Manager.lnk => C:\Windows\pss\Document Locator Service Manager.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Install LastPass IE RunOnce.lnk => C:\Windows\pss\Install LastPass IE RunOnce.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^aschreiner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneDrive for Business.lnk => C:\Windows\pss\OneDrive for Business.lnk.Startup MSCONFIG\startupfolder: C:^Users^aschreiner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup MSCONFIG\startupreg: ACIClient => C:\Program Files (x86)\Auto Close Idle Client\ACIClient.exe MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: ActivationNotifier => "C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\ActivationNotifier.exe" MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: BbInstallUser => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe MSCONFIG\startupreg: BbPrintMonitor => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe MSCONFIG\startupreg: BLEServicesCtrl => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized MSCONFIG\startupreg: Cyvera => C:\Program Files\Palo Alto Networks\Traps\cytray.exe MSCONFIG\startupreg: DagentUI => C:\Program Files\Altiris\Dagent\dagentui.exe MSCONFIG\startupreg: EPLTarget => MSCONFIG\startupreg: FactoryTalk Directory Information => "C:\PROGRA~2\COMMON~1\Rockwell\FTLOGI~1.EXE" -s MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: Google Update => "C:\Users\aschreiner\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GoogleChromeAutoLaunch_87A70C93CE94F8995F990262CEA6D1BC => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe" MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Lync => "C:\Program Files\Microsoft Office 15\root\office15\lync.exe" /fromrunkey MSCONFIG\startupreg: Lync2013Addin => C:\Program Files (x86)\Avaya\Avaya Microsoft Lync 2013 Integration\Lync2013Addin.exe MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey MSCONFIG\startupreg: MusicManager => "C:\Users\aschreiner\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe" MSCONFIG\startupreg: PicPick Start => "C:\Program Files (x86)\PicPick\picpick.exe" /startup MSCONFIG\startupreg: SideSync => C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: TpShocks => TpShocks.exe MSCONFIG\startupreg: UsbCipHelper => C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s MSCONFIG\startupreg: VMware Netlink 3 HV Install Utility => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe MSCONFIG\startupreg: Workflow => "C:\Program Files (x86)\Common Files\Technesis\Tracking\spwkflow.exe" /monitor ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) %systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe FirewallRules: [{0E6526D8-E7AC-4DDA-840E-D8566E986C57}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{60DF61D8-19FF-435A-B445-04A357B25432}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe FirewallRules: [{022B13C8-DD59-4712-9231-EBE1D5A5AE0A}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{99BDCFA6-1B6E-4F6A-B38E-8184BCE7C6FF}] => (Allow) LPort=5454 FirewallRules: [{BE5A31FF-0D5F-4C7F-BC0C-36CF7671D3B2}] => (Allow) C:\Program Files\Condusiv Technologies\V-locity Endpoint\VService.exe FirewallRules: [{04840CF2-8102-4BD7-B6E1-EEF62EC951A4}] => (Allow) C:\Program Files\Condusiv Technologies\V-locity Endpoint\VService.exe FirewallRules: [TCP Query User{E2D7A1FE-B55D-441B-A682-28818B213907}C:\dbdoc\hyperview\programs\hyperview_winsock.exe] => (Block) C:\dbdoc\hyperview\programs\hyperview_winsock.exe FirewallRules: [UDP Query User{E2F1428D-1D64-4180-A086-0786BD66E0B5}C:\dbdoc\hyperview\programs\hyperview_winsock.exe] => (Block) C:\dbdoc\hyperview\programs\hyperview_winsock.exe FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe FirewallRules: [{F3BB520B-A38B-44AC-A945-17FD866FDC44}] => (Allow) LPort=135 FirewallRules: [{F71D2D04-7595-4859-97FA-9C434178A8B3}] => (Allow) LPort=135 FirewallRules: [TCP Query User{B98CE0E5-2673-4A3E-829C-D4E752461ED5}C:\program files (x86)\plex home theater\plex home theater.exe] => (Block) C:\program files (x86)\plex home theater\plex home theater.exe FirewallRules: [UDP Query User{5BA53E90-7F9D-46DD-8006-A28B03DCB961}C:\program files (x86)\plex home theater\plex home theater.exe] => (Block) C:\program files (x86)\plex home theater\plex home theater.exe FirewallRules: [{4F110FD0-5547-404C-8046-932E00EBD9DB}] => (Allow) LPort=135 FirewallRules: [{C6315988-5C08-40BF-AB94-234C3893E024}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D4A6F19C-E4E9-43CC-AAAC-BDDA9FB91CFA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A3D222C0-AEAD-4F5B-96B2-7ACFD6CA587E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{77C0CC91-22F0-4EDD-8CFC-36CE4090CEFE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{72666342-E4E0-4133-95DB-160823679458}C:\program files (x86)\auto close idle client\aciclient.exe] => (Allow) C:\program files (x86)\auto close idle client\aciclient.exe FirewallRules: [UDP Query User{38C31B53-6538-4F08-8E54-C0DC2F1E0B88}C:\program files (x86)\auto close idle client\aciclient.exe] => (Allow) C:\program files (x86)\auto close idle client\aciclient.exe FirewallRules: [{7623CD75-BB00-4933-86E1-89DF89E4E443}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{B49C85E3-DA86-41B5-B68A-E052D4161FA6}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{7C82F2D4-5881-464F-B3DE-E93676F3DC03}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{D1205A4F-0D99-4832-860B-73AE637CFFD3}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe FirewallRules: [{678EC7C6-2893-4DA9-8627-BA80AF49FE49}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe FirewallRules: [{5A8483B5-1DB6-40E3-ADA1-A34B951C534C}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe FirewallRules: [{B3CF0F5F-02B4-431A-AD09-0E1D497CB654}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe FirewallRules: [{495BB905-D89E-4B84-9369-655469918335}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe FirewallRules: [{62B55856-8D2B-4715-941F-39F3CBC4C3C4}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe FirewallRules: [{7F92B6DC-647E-45D1-BF2F-AA32EA4CCB80}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe FirewallRules: [{E4CB0AA5-6276-491A-8228-B844A3FEF264}] => (Allow) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe FirewallRules: [{5A4B5C35-0242-498A-9345-4965C37B628B}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe FirewallRules: [{DC94D38B-33E2-4855-8E8E-D9FB72449684}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe FirewallRules: [{9CDCFA3F-F27C-4F6D-81F6-C64001E39543}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe FirewallRules: [{A4D83C9B-4EE1-4197-BF1A-61DF5E5A98E2}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe FirewallRules: [{E30AC51D-10E9-4931-9FC7-B43F324B83F8}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe FirewallRules: [{3FAFA5B1-B17A-4891-AA9F-C1FBA2B27502}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe FirewallRules: [{6092345D-1E85-45E3-936C-A43AE0ADED7E}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe FirewallRules: [{387CC272-5D0D-4EDC-A153-16181C771576}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe FirewallRules: [{E50B7497-D4ED-45E8-9F4D-0177AFDBE76C}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe FirewallRules: [{4C1F4D47-4223-4713-AF56-D4161D519AB7}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe FirewallRules: [{90D12DB4-0D8D-4CDC-8125-D7608016C6EB}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe FirewallRules: [{40F7A205-731F-4336-8084-420155154E2F}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe FirewallRules: [{37939E5B-4110-4CB9-9034-60D86A945D3E}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\DaClient.exe FirewallRules: [{94913FF2-0C23-4578-A219-7146544436B8}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\DaClient.exe FirewallRules: [{A66BB72A-5A0E-462B-BC8C-A4AF0790F2E7}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe FirewallRules: [{13AC2977-BE4E-4B3E-8778-14C9A865108A}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe FirewallRules: [{5B2A7D50-1F56-457D-ADA3-AC80C4A6F01C}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe FirewallRules: [{874E1D61-B534-4297-BFE4-23571E100BA5}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe FirewallRules: [{77286534-BF96-45C9-BD51-D8C456DEA0D2}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\VStudio.exe FirewallRules: [{CA6823E1-8E1F-4BAD-820C-C2E5028744A2}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\VStudio.exe FirewallRules: [{5B36D997-2937-41A4-B574-EB7AF73BE5E5}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSPVStudio.exe FirewallRules: [{B8360476-EFC3-4C6C-B78B-1275920A5FB8}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSPVStudio.exe FirewallRules: [{AC7DA500-ECFF-4CA5-B4A3-668F476CFBFD}] => (Allow) C:\Windows\SysWOW64\OpcEnum.exe FirewallRules: [{49604F7E-7A79-489E-8D96-22374A64AC44}] => (Allow) C:\Windows\SysWOW64\OpcEnum.exe FirewallRules: [{E5905FFA-0833-4CB5-A5BD-C24F6D6BD972}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe FirewallRules: [{2B4314AA-D0DC-46E0-8DD2-47CB01C40507}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe FirewallRules: [{888A2574-1B30-43DA-8AEA-DECA892D6A84}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe FirewallRules: [{C3A242A9-1BD2-4A77-A36B-69825EF5C74E}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe FirewallRules: [{4D4296E3-A7A2-4AD1-B956-0EBB11848F6B}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe FirewallRules: [{1D56AF7B-119E-4FC6-BEE8-FE18F01F648E}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe FirewallRules: [{A8AB45C2-8181-4B5F-A6FF-F5771FEFC6A4}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe FirewallRules: [{B4A6FE4B-37D7-4C4C-95FF-4BC3AE5272F6}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe FirewallRules: [{E922DEE4-1540-4482-BBFB-32796FBFD55C}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe FirewallRules: [{507F6C39-029B-4781-9BF8-082C8C884DE9}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe FirewallRules: [{AB8245FD-F9B6-4459-B319-7BD3CBD7A150}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe FirewallRules: [{5120995B-8364-4C4E-8FA7-9DF82D9D454E}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe FirewallRules: [{8F158115-3458-4936-A4F0-EB8375E2D7CC}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\DaClient.exe FirewallRules: [{64977FDC-948E-4AEC-9D03-163EFDDE26A6}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\DaClient.exe FirewallRules: [{76B5D9ED-44D2-4F38-BD14-63106F8B97B3}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe FirewallRules: [{EDE70079-BCD4-4F6D-ADDD-B55040B8C454}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagReceiver.exe FirewallRules: [{6630FA62-C279-4ED3-939A-22ADF9BAD90B}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe FirewallRules: [{D4109940-5C38-4ED4-8E38-451568A176DA}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe FirewallRules: [{354C33C9-0F9B-4E0C-9251-8B98F298049A}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\VStudio.exe FirewallRules: [{764553B6-7054-4D6A-8D4D-310C95F715A4}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\VStudio.exe FirewallRules: [{9AADD665-82A5-482C-BAA1-B8E509FA9896}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSPVStudio.exe FirewallRules: [{19A60829-7514-48A9-A52C-C3C6212099F2}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSPVStudio.exe FirewallRules: [{539D7867-A5CF-49D2-AEC5-46453847810A}] => (Allow) C:\Windows\SysWOW64\OpcEnum.exe FirewallRules: [{F7671B9D-0C9F-4A34-AF20-EC736794A2B2}] => (Allow) C:\Windows\SysWOW64\OpcEnum.exe FirewallRules: [{8BB7C72C-0C8D-41A2-90C1-76B6693414CA}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe FirewallRules: [{F4786DF5-579B-4BC4-9EEA-4E56B694C170}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe FirewallRules: [{C035F681-D21E-4696-B8E6-4F6F70C37E93}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTCounterMonitor.exe FirewallRules: [{6AF87291-C896-436B-967D-1941A55C6A05}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTCounterMonitor.exe FirewallRules: [{B82418B0-67AC-4788-8CA3-7CB7B5788E53}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe FirewallRules: [{0C818460-6AE6-4726-AEE2-7FBB5A4086E5}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTSysDiagSvcHost.exe FirewallRules: [{45402668-206D-4DE2-8397-AE53E5B8FE4C}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTCounterMonitor.exe FirewallRules: [{9F3D7DF5-A0FF-4AE9-BB3A-4F231553B30D}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\FTCounterMonitor.exe FirewallRules: [{3329FA5D-C5BD-4128-B8CE-789AA1B3B8A6}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Architect\Architect.exe FirewallRules: [{90DA30C8-00E6-4FCF-8332-17934485766B}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Architect\Architect.exe FirewallRules: [{DC7E4AD6-91E5-4659-AB0B-9EFBFEA341BC}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Architect\Architect.exe FirewallRules: [{D1040E5A-7B6F-470E-A92B-3B93B462734C}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Architect\Architect.exe FirewallRules: [{1F8CA59D-2DCE-4290-BD30-629FA453B888}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe FirewallRules: [{CE42A169-AB20-4EC3-8F89-49DEB7C2E2E6}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe FirewallRules: [{E900EA75-FB62-493E-A2D2-1C5199E6C104}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe FirewallRules: [{7B66C6A2-62CE-4DB7-8200-5E8B3DF854A1}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe FirewallRules: [{0F0C74A3-0FDD-4510-A296-58C33DA8BC58}] => (Allow) LPort=44818 FirewallRules: [{971D9076-73AE-4254-8106-A28B61AD4519}] => (Allow) LPort=44818 FirewallRules: [{6AA6E814-75B6-421C-9EE6-B173621E1C62}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe FirewallRules: [{9B4F5C3A-8FD8-4B35-BB4E-A104BFA4344C}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe FirewallRules: [{F416C1CF-A7A3-4833-9C6D-7381107CAF37}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe FirewallRules: [{F69854A8-22F1-4C5F-9D5C-E95378385964}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe FirewallRules: [{F1E5C757-5FB4-4285-A295-07BE11E9ACAB}] => (Allow) LPort=44818 FirewallRules: [{A1B049C1-3ABC-45E7-8DFF-88A3EE4C0FB4}] => (Allow) LPort=44818 FirewallRules: [{1FB35843-9566-40BC-B1CB-0DBFCE954347}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe FirewallRules: [{A9FD35EB-87C2-405D-8353-1D1392FE7042}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe FirewallRules: [{7E45767A-92B0-477E-987E-7473C7E88A5A}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe FirewallRules: [{A51CBD60-147D-4BB2-B4E6-713F74255C1F}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe FirewallRules: [{58292B67-9426-4424-9FAD-E8831CBBF351}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmDetector.exe FirewallRules: [{22B38ADD-B829-411B-8D23-8ECAEF8508DF}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmDetector.exe FirewallRules: [{C5365114-AAED-4F8B-9316-C46CD3823B88}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe FirewallRules: [{E9560FA0-8EA7-405F-8EE5-01D2F5F3E6C2}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAeServer.exe FirewallRules: [{6996275B-9F23-4C28-89A0-2CD1C30CBF01}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe FirewallRules: [{3B3E19BA-CB56-422B-9382-79DEDAD1AA65}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmMux.exe FirewallRules: [{7C4A78F9-1399-4CCA-88D4-9F72D0B35419}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmDetector.exe FirewallRules: [{B39D2947-A2FB-4407-90E8-2AA454ECC2D7}] => (Allow) C:\Program Files (x86)\Common Files\Rockwell\RnaAlarmDetector.exe FirewallRules: [{0F1C71BC-D043-4658-B65B-5944F9A0C815}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Logix Designer\ENU\v28\Bin\LogixDesigner.Exe FirewallRules: [{EE6ABCEA-D3CE-4780-88BD-0A0B6C11DA74}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Logix Designer\ENU\v28\Bin\LogixDesigner.Exe FirewallRules: [{DFB2220D-28AA-4D44-8E10-3D59D2A98656}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE FirewallRules: [{03C4411C-8A09-4027-88B3-A648537DB38A}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE FirewallRules: [{8E28D785-F225-4B2E-8DAB-DFE497460C3F}] => (Allow) C:\Program Files (x86)\Rockwell Software\OPCTools\OPCTest\opctest.exe FirewallRules: [{1394C091-B753-45E3-96A7-4E369A3D0DD2}] => (Allow) C:\Program Files (x86)\Rockwell Software\OPCTools\OPCTest\opctest.exe FirewallRules: [{B7C95E97-B21D-42D6-8419-B2030D3E4013}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE FirewallRules: [{58459D96-4536-412F-A3B7-BE5A930168C1}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE FirewallRules: [{51367D3B-58EB-4EC5-A2CA-F76A14C8505F}] => (Allow) C:\Program Files (x86)\Rockwell Software\OPCTools\OPCTest\opctest.exe FirewallRules: [{62CCA433-9B82-42BF-A724-722D51387716}] => (Allow) C:\Program Files (x86)\Rockwell Software\OPCTools\OPCTest\opctest.exe FirewallRules: [{FA6F0C4A-B672-4535-9E37-09EBC05EC489}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{3925ED5E-AF85-4CC1-A1BB-DE27F55A352B}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe FirewallRules: [{BC1BE13C-606A-4B78-A4E0-2F991B1041A8}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\MERuntime.exe FirewallRules: [{907FDD8D-DC4A-4965-B76A-2CA7466C1FB0}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\MERuntime.exe FirewallRules: [{47F1F8A3-A16A-4F69-873D-45240083E535}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe FirewallRules: [{E2F8FD77-6CF0-40B4-BC2C-4C518DB8D9BC}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe FirewallRules: [{7A67E058-4354-4463-923E-DC8E41580082}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\VStudio.exe FirewallRules: [{1BB521B0-350E-470B-8987-509945C55DB6}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\VStudio.exe FirewallRules: [{E89A034C-4620-4C71-B54E-BB87EC645BF8}] => (Allow) LPort=80 FirewallRules: [{1C0937B3-D249-4013-AFB7-B02D545CBC9D}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\MERuntime.exe FirewallRules: [{27EC6CB0-4532-4189-B9B3-6FDCA42DE3D0}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\MERuntime.exe FirewallRules: [{A906A8AA-7694-488A-9317-39B110946F3A}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe FirewallRules: [{35AEA674-CB9B-46D6-AF55-711F467B545B}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe FirewallRules: [{1B1D133B-4270-4742-8CBD-49F91017FD57}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\VStudio.exe FirewallRules: [{0B9A89B2-931A-4DA5-83DC-0003B873E063}] => (Allow) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\VStudio.exe FirewallRules: [{1C15193B-7BCE-4097-AB6E-1E99E64D302E}] => (Allow) LPort=80 FirewallRules: [{06286918-D857-4A42-BBC1-DB14F4071BD7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{3BA23419-F3D6-46A1-8347-B391EE25142B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{361BE2C2-8CC5-4482-AA44-BFA21F5A7EF1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{659703E6-015E-4050-BC8A-9102D35D2B31}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe FirewallRules: [{22E47433-2531-4024-B490-DDEEC5563201}] => (Allow) C:\Program Files\Microsoft Office 15\root\office15\lync.exe FirewallRules: [{1EFB5ECB-BFE2-4728-91EB-FD6E8CEFF705}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Logix Designer\ENU\v24\Bin\LogixDesigner.Exe FirewallRules: [{6FF70DE0-D8C1-41C6-AEAD-D5E134D95EEE}] => (Allow) C:\Program Files (x86)\Rockwell Software\Studio 5000\Logix Designer\ENU\v24\Bin\LogixDesigner.Exe FirewallRules: [{4ACAF3E1-4465-4E74-90C5-0AC0AEBB96D8}] => (Allow) C:\Program Files (x86)\Avaya\Avaya Microsoft Lync 2013 Integration\Lync2013Addin.exe FirewallRules: [TCP Query User{4E4CF10C-8A34-40A6-AF38-CC2C93934EDB}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe FirewallRules: [UDP Query User{6B338591-2636-4F2F-8A36-875EEE693535}C:\program files (x86)\logmein ignition\lmiignition.exe] => (Allow) C:\program files (x86)\logmein ignition\lmiignition.exe FirewallRules: [TCP Query User{73DB45DC-23A3-4E20-8E10-9C6D1FB6DE5A}C:\program files\microsoft office 15\root\office15\lync.exe] => (Allow) C:\program files\microsoft office 15\root\office15\lync.exe FirewallRules: [UDP Query User{5A64DDDF-9A89-4A61-9EFD-D6B0960BACD8}C:\program files\microsoft office 15\root\office15\lync.exe] => (Allow) C:\program files\microsoft office 15\root\office15\lync.exe FirewallRules: [TCP Query User{E6B0B86F-E14C-468E-8E98-9711B1088272}C:\program files\moxa\mgate manager\mgatemanager64.exe] => (Allow) C:\program files\moxa\mgate manager\mgatemanager64.exe FirewallRules: [UDP Query User{E8C6E688-3D7B-42FA-BA43-482805A5EFF8}C:\program files\moxa\mgate manager\mgatemanager64.exe] => (Allow) C:\program files\moxa\mgate manager\mgatemanager64.exe FirewallRules: [TCP Query User{1B4A1D8B-CE90-4ABA-8E0C-048AC13F641F}C:\program files\modbus tools\modbus slave\mbslave.exe] => (Allow) C:\program files\modbus tools\modbus slave\mbslave.exe FirewallRules: [UDP Query User{0542B22F-5257-4C26-A202-454F9C52D481}C:\program files\modbus tools\modbus slave\mbslave.exe] => (Allow) C:\program files\modbus tools\modbus slave\mbslave.exe FirewallRules: [TCP Query User{328416B1-24E7-4A87-B374-F0AF3F7319AC}C:\program files (x86)\rockwell software\studio 5000\logix designer\enu\v24\bin\logixdesigner.exe] => (Allow) C:\program files (x86)\rockwell software\studio 5000\logix designer\enu\v24\bin\logixdesigner.exe FirewallRules: [UDP Query User{F593C67C-3B9B-40CF-B69F-54FDF824B21F}C:\program files (x86)\rockwell software\studio 5000\logix designer\enu\v24\bin\logixdesigner.exe] => (Allow) C:\program files (x86)\rockwell software\studio 5000\logix designer\enu\v24\bin\logixdesigner.exe FirewallRules: [TCP Query User{D625E1AF-A0D6-41B2-BA87-CE31D074974E}C:\program files (x86)\rockwell software\rslinx\rslinx.exe] => (Allow) C:\program files (x86)\rockwell software\rslinx\rslinx.exe FirewallRules: [UDP Query User{1878DF5D-0E85-44E2-99D5-13F2DC72AA90}C:\program files (x86)\rockwell software\rslinx\rslinx.exe] => (Allow) C:\program files (x86)\rockwell software\rslinx\rslinx.exe FirewallRules: [TCP Query User{1E82AB25-4160-4DD0-AF90-DAAB58C5B97F}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe FirewallRules: [UDP Query User{6023D066-843E-45F7-875C-B9F33FAD6D23}C:\program files (x86)\samsung\sidesync4\sidesync.exe] => (Allow) C:\program files (x86)\samsung\sidesync4\sidesync.exe FirewallRules: [{24C13F62-34B0-4D23-93A2-86AE37A61E40}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe FirewallRules: [{F2A28EB8-D2A1-461D-BF16-DCAFBBBBEC5D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe FirewallRules: [{CF112790-D4B0-4062-9BB4-A86477AFE9B6}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [{3564D473-93A8-4978-9853-92EB739054E0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe FirewallRules: [{B06DC8A3-930F-433D-945E-FCCD08E24213}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe FirewallRules: [{2858053D-A053-4B62-A794-B2D9EF759F5A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe FirewallRules: [{DDD90D99-EBE7-46EB-81EA-8F980F55C79A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe FirewallRules: [{2D86AAB9-21BA-4F31-8B5C-22205346F8A0}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe FirewallRules: [{8F84831A-146A-4A21-9B88-10135B8519B3}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe FirewallRules: [{811B4FE3-FAA9-4355-B4F6-8E46B8B398AC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe FirewallRules: [{B99C28BB-5C80-433A-9B36-317424847CD6}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe FirewallRules: [{FE7A0288-0CC5-4D32-8880-7763AFA77D03}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe FirewallRules: [{0EDFEF94-64B6-4531-AD7C-36EE9AEEE5CD}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe FirewallRules: [{1AB7EE23-83E5-47C1-9BF2-052497C351C2}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe FirewallRules: [{2571C652-8F68-499B-83FE-78D89DA1DA4D}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe FirewallRules: [{622AD691-F309-40D9-B2B7-1A1984D4A0E8}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{7AF978C7-ED08-42B6-B0DE-C096719DB97B}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{5CF41C19-1953-468C-BF2F-A6989CED8A03}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{040CC798-6493-455E-A082-64A529A7CEFB}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{581BBB63-0D40-427A-B7C5-BEAAB8837B01}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D1ED9AF8-B5D1-4D1E-8523-39F45B3C645C}] => (Allow) C:\Users\aschreiner\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{8A196ABC-B2EC-44E2-B19F-1562385E7E77}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe FirewallRules: [UDP Query User{F6A8183D-695A-43B3-A34D-C62C7A41D4F3}C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe] => (Allow) C:\program files (x86)\vmware\vmware horizon view client\vmware-remotemks.exe FirewallRules: [{AE25275F-6114-4869-98C4-D211D81212A6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{E029C856-72D5-48FB-B463-5B010017021C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{5DE2BA5D-D9B1-4E94-9F32-807E6FACCD75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{51C2BAD1-9C46-45D6-A392-2F0F0ECD14BB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{62891688-A246-49F9-92EF-AF4CFCC054D2}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\51.0.2704.7\remoting_host.exe FirewallRules: [{BA67448A-DA95-48D2-AC1C-2B2DB9734A0B}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{3D9F016D-9A96-4BFD-BB11-3716CF237BDB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Sentinel64 Description: Sentinel64 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Sentinel64 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/27/2016 09:35:36 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 09:27:19 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (06/27/2016 09:27:02 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (06/25/2016 04:27:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 159745 Error: (06/25/2016 04:27:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 159745 Error: (06/25/2016 04:27:21 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/25/2016 04:27:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 144425 Error: (06/25/2016 04:27:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 144425 Error: (06/25/2016 04:27:06 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/25/2016 04:26:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 129418 System errors: ============= Error: (06/27/2016 09:11:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (85000 milliseconds) was reached while waiting for a transaction response from the FTActivationBoost service. Error: (06/25/2016 04:26:59 PM) (Source: TermService) (EventID: 1067) (User: ) Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . Error: (06/25/2016 04:24:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (85000 milliseconds) was reached while waiting for a transaction response from the FTActivationBoost service. Error: (06/25/2016 02:55:23 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain BMCD due to the following: %%1311 = There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (06/25/2016 02:51:16 PM) (Source: TermService) (EventID: 1067) (User: ) Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . Error: (06/25/2016 02:49:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (06/25/2016 02:47:42 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (85000 milliseconds) was reached while waiting for a transaction response from the FTActivationBoost service. Error: (06/25/2016 11:29:34 AM) (Source: TermService) (EventID: 1067) (User: ) Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . Error: (06/25/2016 11:26:43 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/25/2016 11:26:35 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (85000 milliseconds) was reached while waiting for a transaction response from the FTActivationBoost service. CodeIntegrity: =================================== Date: 2016-06-27 09:28:52.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-24 10:42:04.336 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-23 08:40:21.545 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 17:21:39.959 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 13:51:09.411 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-16 16:03:48.376 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-13 08:43:11.803 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-08 13:28:15.571 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-06 14:20:28.096 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-06 11:42:19.906 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz Percentage of memory in use: 45% Total physical RAM: 15999.36 MB Available physical RAM: 8719.3 MB Total Virtual: 31996.89 MB Available Virtual: 22868.59 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.76 GB) (Free:27.44 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (1st Birthday ) (CDROM) (Total:0.06 GB) (Free:0 GB) UDF Drive e: () (Removable) (Total:29.7 GB) (Free:18.22 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 63BBAAF1) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
Please let me know if there is any other information needed.
Thanks in advance for the help.