Jump to content

yellowdog232

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,533 profile views
  1. That seems to have done the trick. Thank you very much. Check your paypal...
  2. Original problem still exists. I click on a link in chrome and some www.reimageplus.com domain pops up in another tab and the link I was trying to get to won't come up in the original tab. Or I try to click in a field to enter data in chrome and I just keep getting reverted to an popup tab for another ad.
  3. Sophos virus tool found nothing so there was not log available. Here is the rest... Fixlog.txt AdwCleaner[C1].txt 2016.06.29-18.43.40-i0-t92-d1.txt
  4. Personal - I think those URL's are related to my parent filtering application
  5. Strange thing is I cannot copy and paste from notepad into the reply field? So I keep having to attach the logs... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/29/2016 Scan Time: 2:42 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.29.04 Rootkit Database: v2016.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: Administrator Scan Type: Threat Scan Result: Completed Objects Scanned: 429283 Time Elapsed: 6 min, 22 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Rkill.txt FRST.txt Addition.txt
  6. I've run the MBAM with the latest update but found no issues. When using chrome, intermittently, I cannot click in fields without a popup for some ad coming up. Then other times it is fine. I've tried uninstalling and reinstalling chrome and internet explorer does not seem to be affected. FRST logs attached as I could not get them to copy inline...thanks for you help... FRST.txt Addition.txt
  7. Hi - both internet explorer and google chrome consistently crash for no reason on this machine. MBAM scan with updated log today reveals no infections. Here are the FRST logs. Thanks in advance. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-05-2016 Ran by mariaw (administrator) on MW-WORKSTATION (17-05-2016 19:39:46) Running from C:\Users\mariaw\Downloads Loaded Profiles: mariaw & QBDataServiceUser23 (Available Profiles: mariaw & QBDataServiceUser23) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Dropbox, Inc.) C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (Dropbox, Inc.) C:\Users\mariaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe (Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-16] (Realtek Semiconductor) HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [357384 2009-09-12] (Acronis) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre1.8.0_66\bin\jusched.exe" HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SmartWiHelper] => C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [80384 2009-10-05] (Sony Electronics Corporation) HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5048488 2009-09-12] (Acronis) HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PPort12reminder] => "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.) HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-10] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation) HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-16] (Google Inc.) HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\Run: [Dropbox Update] => C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-12-19] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-05-06] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-12-25] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-04-25] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-04-25] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-04-25] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.) Startup: C:\Users\mariaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-05-17] ShortcutTarget: Dropbox.lnk -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Internet Explorer: ================== HKU\S-1-5-21-2718738982-134382734-2047601486-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT HKU\S-1-5-21-2718738982-134382734-2047601486-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT SearchScopes: HKU\S-1-5-21-2718738982-134382734-2047601486-1000 -> DefaultScope {335B9CC0-B5FC-48C0-B52A-12CE438BCB89} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2718738982-134382734-2047601486-1000 -> {335B9CC0-B5FC-48C0-B52A-12CE438BCB89} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-2718738982-134382734-2047601486-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-2718738982-134382734-2047601486-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) DPF: HKLM-x32 {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.photogize.com/bponet/ImageUploader5.cab DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-03-22] (Intuit, Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation) FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT" CHR Profile: C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05] CHR Extension: (Google Drive) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27] CHR Extension: (Rapport) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09] CHR Extension: (YouTube) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29] CHR Extension: (Google Docs Offline) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05] CHR Extension: (Gmail) - C:\Users\mariaw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31] CHR HKU\S-1-5-21-2718738982-134382734-2047601486-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2016-03-22] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-10-17] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-10-17] (Intuit Inc.) [File not signed] R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2016-03-22] (Intuit, Inc.) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2382832 2016-05-10] (IBM Corp.) S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions) S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions) S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-17] (Intel Corporation) [File not signed] S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation) S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation) R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation) [File not signed] R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation) S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1165680 2009-10-30] (Sony Corporation) R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) R1 RapportCerberus_1609040; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609040.sys [1157160 2016-05-17] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-05-10] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-05-10] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-05-10] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-05-10] (IBM Corp.) R0 tdrpman251; C:\Windows\System32\DRIVERS\tdrpm251.sys [1455648 2010-05-12] (Acronis) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] () U2 MSSQL$DDNI; no ImagePath U2 Oasis2Service; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-17 19:39 - 2016-05-17 19:40 - 00023646 _____ C:\Users\mariaw\Downloads\FRST.txt 2016-05-17 19:38 - 2016-05-17 19:39 - 00000000 ____D C:\FRST 2016-05-17 19:37 - 2016-05-17 19:37 - 02382336 _____ (Farbar) C:\Users\mariaw\Downloads\FRST64.exe 2016-05-17 17:06 - 2016-05-17 17:07 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-05-17 17:06 - 2016-05-17 17:06 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-05-17 17:06 - 2016-05-17 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-05-17 17:06 - 2016-05-17 17:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-05-17 17:06 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-05-17 17:06 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-05-17 08:40 - 2016-05-17 08:40 - 00000000 ____D C:\Users\mariaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-05-12 09:07 - 2016-05-12 09:04 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-05-10 14:04 - 2016-05-10 14:04 - 00015025 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks 05_02_2016 sean n.xlsx 2016-05-10 14:03 - 2016-05-10 14:03 - 00015106 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks b vavrova 05_02_2016.xlsx 2016-05-10 14:02 - 2016-05-10 14:03 - 00531600 _____ C:\Users\mariaw\Downloads\CCF_20160509_120329.pdf 2016-05-10 13:59 - 2016-05-10 13:59 - 00014965 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks hermelinda 05_02_2016.xlsx 2016-05-10 13:58 - 2016-05-10 13:58 - 00570221 _____ C:\Users\mariaw\Downloads\CCF_20160509_115419.pdf 2016-05-10 10:09 - 2016-05-10 10:09 - 00025856 _____ C:\Users\mariaw\Downloads\NORTH09-2999.pdf 2016-05-03 13:41 - 2016-05-03 13:41 - 02034901 _____ C:\Users\mariaw\Downloads\Global Policy 15-16.pdf 2016-05-03 11:03 - 2016-05-03 11:03 - 00505647 _____ C:\Users\mariaw\Downloads\CCF_20160502_125947 (1).pdf 2016-05-03 11:01 - 2016-05-03 11:01 - 00014998 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks b vavrova 04_25_2016.xlsx 2016-05-03 11:00 - 2016-05-03 11:00 - 00505647 _____ C:\Users\mariaw\Downloads\CCF_20160502_125947.pdf 2016-05-03 10:58 - 2016-05-03 10:58 - 00015018 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks michael m 04_25_2016.xlsx 2016-05-03 10:55 - 2016-05-03 10:55 - 00014955 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks sean n 04_25_2016.xlsx 2016-05-03 10:54 - 2016-05-03 10:54 - 00552666 _____ C:\Users\mariaw\Downloads\CCF_20160502_123027.pdf 2016-05-03 10:53 - 2016-05-03 10:53 - 00015002 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks hermelinda 04_25_2016.xlsx 2016-05-03 08:47 - 2016-05-03 08:47 - 00060244 _____ C:\Users\mariaw\Downloads\Cruise Itinerary.pdf 2016-04-27 11:58 - 2016-04-27 11:58 - 00007004 _____ C:\Users\mariaw\Downloads\report1 (21).xlsx 2016-04-27 11:57 - 2016-04-27 11:57 - 00006079 _____ C:\Users\mariaw\Downloads\report1 (20).xlsx 2016-04-27 11:11 - 2016-04-27 11:11 - 00015014 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks hermelinda 04_18_2016.xlsx 2016-04-27 11:10 - 2016-04-27 11:10 - 00581230 _____ C:\Users\mariaw\Downloads\CCF_000008.pdf 2016-04-27 11:07 - 2016-04-27 11:07 - 00015003 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks michael m 04_18_2016.xlsx 2016-04-27 11:05 - 2016-04-27 11:05 - 00014921 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks sean 04_18_2016.xlsx 2016-04-27 10:54 - 2016-04-27 10:54 - 00122572 _____ C:\Users\mariaw\Downloads\NicolaSDucilleCriminalReport.pdf 2016-04-27 10:53 - 2016-04-27 10:53 - 00146039 _____ C:\Users\mariaw\Downloads\NicolaSDucilleCreditReport.pdf 2016-04-27 10:08 - 2016-04-27 10:08 - 04648282 _____ C:\Users\mariaw\Downloads\CCF_000007.pdf 2016-04-22 11:29 - 2016-04-22 11:29 - 00133359 _____ C:\Users\mariaw\Downloads\BladesRobinCriminalReport.pdf 2016-04-22 11:28 - 2016-04-22 11:28 - 00108221 _____ C:\Users\mariaw\Downloads\BladesRobinCreditReport.pdf 2016-04-21 11:11 - 2016-04-21 11:11 - 00114643 _____ C:\Users\mariaw\Downloads\Application230574524031.pdf 2016-04-21 11:10 - 2016-04-21 11:10 - 00115082 _____ C:\Users\mariaw\Downloads\OnikaWrightCreditReport.pdf 2016-04-21 10:39 - 2016-04-21 10:39 - 00115490 _____ C:\Users\mariaw\Downloads\Application176332249994.pdf 2016-04-21 10:38 - 2016-04-21 10:38 - 00104170 _____ C:\Users\mariaw\Downloads\GregoryHolmesCreditReport (1).pdf 2016-04-21 10:36 - 2016-04-21 10:36 - 00068614 _____ C:\Users\mariaw\Downloads\GregoryHolmesCreditReport.pdf 2016-04-21 10:26 - 2016-04-21 10:26 - 00122665 _____ C:\Users\mariaw\Downloads\LeRenaGrayCriminalReport.pdf 2016-04-21 10:24 - 2016-04-21 10:24 - 00105539 _____ C:\Users\mariaw\Downloads\LeRenaGrayCreditReport.pdf 2016-04-20 11:09 - 2016-04-20 11:09 - 00014907 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks sean n 04_11_2016.xlsx 2016-04-20 10:22 - 2016-04-20 10:22 - 00563726 _____ C:\Users\mariaw\Downloads\CCF04182016.pdf 2016-04-20 10:21 - 2016-04-20 10:21 - 00014975 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks hermelinda 04_11_2016.xlsx 2016-04-20 10:18 - 2016-04-20 10:18 - 00014980 _____ C:\Users\mariaw\Downloads\Weekly time sheet with breaks michael m 04_11_2016.xlsx 2016-04-19 10:16 - 2016-04-19 10:16 - 00002245 _____ C:\Users\mariaw\Downloads\fldbpr_onlinePaymentSummary_DATE160324102936_4400970332300591077 (1).pdf 2016-04-19 09:30 - 2016-04-19 09:30 - 00151410 _____ C:\Users\mariaw\Downloads\Guest Pay Folio Invoice-04182016--6253388212055142659.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-17 19:39 - 2009-07-14 00:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-17 19:39 - 2009-07-14 00:45 - 00013936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-17 19:32 - 2015-06-20 15:21 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000UA.job 2016-05-17 19:20 - 2012-10-22 10:40 - 00000000 ___RD C:\Users\mariaw\Dropbox 2016-05-17 19:18 - 2012-12-04 14:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-05-17 19:18 - 2010-01-16 04:38 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-17 19:18 - 2010-01-16 04:38 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-17 17:51 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-17 17:06 - 2013-12-06 18:37 - 00000000 ____D C:\Users\mariaw\AppData\Roaming\Malwarebytes 2016-05-17 17:06 - 2013-12-06 18:37 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-05-17 17:06 - 2013-12-06 18:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2016-05-17 17:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF 2016-05-17 14:01 - 2009-07-14 01:13 - 00779266 _____ C:\Windows\system32\PerfStringBackup.INI 2016-05-17 14:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf 2016-05-17 13:52 - 2010-05-18 15:20 - 00000000 ____D C:\Users\mariaw\Documents\Gino Business Documents 2016-05-17 10:32 - 2015-06-20 15:21 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000Core.job 2016-05-17 09:14 - 2011-12-13 17:14 - 00000681 _____ C:\Windows\BRCALIB.INI 2016-05-17 08:41 - 2012-10-22 10:37 - 00000000 ____D C:\Users\mariaw\AppData\Roaming\Dropbox 2016-05-17 08:22 - 2015-09-30 11:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2016-05-13 10:14 - 2015-03-27 13:58 - 00000000 ____D C:\Windows\Minidump 2016-05-13 10:13 - 2010-01-16 04:38 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-12 09:08 - 2014-11-18 14:14 - 00000000 ____D C:\ProgramData\Oracle 2016-05-12 09:08 - 2010-01-16 04:41 - 00000000 ____D C:\Program Files (x86)\Java 2016-05-12 09:07 - 2014-11-18 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-05-12 09:07 - 2014-02-13 11:08 - 00002305 _____ C:\Users\mariaw\Desktop\Dale Labs ROES.lnk 2016-05-12 09:07 - 2010-01-16 04:40 - 00000000 ____D C:\Program Files\Java 2016-05-12 09:05 - 2015-12-16 11:23 - 00000000 ____D C:\Users\mariaw\.oracle_jre_usage 2016-05-12 09:04 - 2015-12-16 11:26 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-05-12 09:00 - 2014-11-18 14:15 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-05-11 09:03 - 2010-01-16 04:38 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 09:03 - 2010-01-16 04:38 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 20:35 - 2015-09-30 11:56 - 00470056 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys 2016-05-10 20:35 - 2015-09-30 11:56 - 00215560 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportHades64.sys 2016-05-03 08:27 - 2010-05-17 14:27 - 00000000 ____D C:\Users\mariaw\Documents\Maria Personal 2016-04-26 08:27 - 2009-07-14 01:08 - 00032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-04-25 11:40 - 2012-12-04 14:17 - 00000089 _____ C:\Windows\QBChanUtil_Trigger.ini 2016-04-25 11:39 - 2012-12-04 15:04 - 00002111 _____ C:\Users\Public\Desktop\QuickBooks Pro 2013.lnk 2016-04-25 11:39 - 2012-12-04 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks 2016-04-22 03:57 - 2010-05-12 22:55 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-19 08:30 - 2015-06-20 15:21 - 00000000 ____D C:\Users\mariaw\AppData\Local\Dropbox ==================== Files in the root of some directories ======= 2010-09-21 11:05 - 2010-09-21 11:05 - 0004096 ____H () C:\Users\mariaw\AppData\Local\keyfile3.drm Files to move or delete: ==================== C:\Users\mariaw\g2ax_customer_downloadhelper_win32_x86.exe Some files in TEMP: ==================== C:\Users\mariaw\AppData\Local\Temp\jre-8u91-windows-au.exe C:\Users\mariaw\AppData\Local\Temp\_is416B.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-10 12:52 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016 Ran by mariaw (2016-05-17 19:41:21) Running from C:\Users\mariaw\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2010-05-13 02:37:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2718738982-134382734-2047601486-500 - Administrator - Disabled) Guest (S-1-5-21-2718738982-134382734-2047601486-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2718738982-134382734-2047601486-1002 - Limited - Enabled) mariaw (S-1-5-21-2718738982-134382734-2047601486-1000 - Administrator - Enabled) => C:\Users\mariaw QBDataServiceUser23 (S-1-5-21-2718738982-134382734-2047601486-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser23 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acronis True Image Home (HKLM-x32\...\{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}) (Version: 13.0.5055 - Acronis) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated) Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated) Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 Plugin (HKLM-x32\...\{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}) (Version: 10.0.32.18 - Adobe Systems, Inc.) Adobe Flash Player 11 ActiveX (HKLM-x32\...\{98616875-CF30-4BE5-AAED-36EF4AC6EE27}) (Version: 11.3.300.268 - Adobe Systems Incorporated) Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated) Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.) ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft) ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft) Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) Dale Labs ROES (HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\Dale Labs ROES) (Version: - Dale Labs) Dropbox (HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) Evernote (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 3.5.0.545 - Evernote Corp.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.4.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Media Gallery (HKLM-x32\...\{DD88F979-FA58-41AC-980C-A6E1A82B61D9}) (Version: 1.1.1.11200 - Sony Corporation) Media Gallery (x32 Version: 1.1.1.11200 - Sony Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.) PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.0.00.10260 - Sony Corporation) PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}) (Version: 1.0.00.09250 - Sony Corporation) PMB VAIO Edition Guide (x32 Version: 1.0.00.09250 - Sony Corporation) Hidden PMB VAIO Edition plug-in (Click to Disc) (HKLM-x32\...\InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}) (Version: 3.0.01.11230 - Sony Corporation) PMB VAIO Edition plug-in (Click to Disc) (x32 Version: 3.0.01.11230 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Image Optimizer) (HKLM-x32\...\InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}) (Version: 1.0.00.10150 - Sony Corporation) PMB VAIO Edition plug-in (VAIO Image Optimizer) (x32 Version: 1.0.00.10150 - Sony Corporation) Hidden PMB VAIO Edition plug-in (VAIO Movie Story) (HKLM-x32\...\InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}) (Version: 2.0.01.12010 - Sony Corporation) PMB VAIO Edition plug-in (VAIO Movie Story) (x32 Version: 2.0.01.12010 - Sony Corporation) Hidden QuickBooks (x32 Version: 23.0.4017.2305 - Intuit Inc.) Hidden QuickBooks Financial Center (HKLM-x32\...\{0F962B79-D0DC-40D9-96BA-ED1355120CBA}) (Version: 1.30.0000 - Intuit Inc.) QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4003.2305 - Intuit Inc.) Rapport (x32 Version: 3.5.1609.56 - Trusteer) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.) Roxio Easy Media Creator 10 LJ (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio) Scansoft PDF Professional (x32 Version: - ) Hidden Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation) Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.2.0.0 - Shutterfly, Inc.) Shutterfly Express Uploader (x32 Version: 1.2.0 - Shutterfly, Inc.) Hidden SmartWi Connection Utility (HKLM-x32\...\{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}) (Version: 4.9.4.20091005.2246 - Sony) Sony Home Network Library (HKLM-x32\...\{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}) (Version: 2.0.1.10160 - Sony Corporation) Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.56 - Trusteer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) VAIO Care (HKLM-x32\...\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}) (Version: 5.0.3.11130 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (HKLM-x32\...\{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}) (Version: 3.6.0.09250 - Sony Corporation) VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden VAIO Content Metadata Intelligent Network Service Manager (HKLM-x32\...\{4427F384-B5BE-4769-B7D0-C784FC321EB1}) (Version: 3.6.0.09080 - Sony Corporation) VAIO Content Metadata Intelligent Network Service Manager (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden VAIO Content Metadata Manager Settings (HKLM-x32\...\{12D0BE8D-538C-4AB1-86DE-C540308F50DA}) (Version: 3.6.0.09240 - Sony Corporation) VAIO Content Metadata Manager Settings (x32 Version: 3.6.0.09240 - Sony Corporation) Hidden VAIO Content Metadata XML Interface Library (HKLM-x32\...\{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}) (Version: 3.6.0.09080 - Sony Corporation) VAIO Content Metadata XML Interface Library (x32 Version: 3.6.0.09080 - Sony Corporation) Hidden VAIO Content Monitoring Settings (HKLM-x32\...\{23825B69-36DF-4DAD-9CFD-118D11D80F16}) (Version: 2.4.1.09180 - Sony Corporation) VAIO Content Monitoring Settings (x32 Version: 2.4.1.09180 - Sony Corporation) Hidden VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.0.10160 - Sony Corporation) VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation) VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 2.0.00.09240 - Sony Corporation) VAIO Entertainment Platform (HKLM-x32\...\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}) (Version: 3.6.0.09150 - Sony Corporation) VAIO Entertainment Platform (x32 Version: 3.6.0.09150 - Sony Corporation) Hidden VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.12010 - Sony Corporation) VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden VAIO Help and Support (HKLM-x32\...\{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}) (Version: 10.00.1029 - Sony Corporation) VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation) VAIO Media plus Opening Movie (HKLM-x32\...\{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}) (Version: 2.0.0.07030 - Sony Corporation) VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 2.0.00.09240 - Sony Corporation) VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden VAIO OOBE and Startup Assistant (HKLM-x32\...\{1B500D37-E7CF-480B-8054-8A563594EC4E}) (Version: 2.00.1110 - Sony Corporation) VAIO Original Function Settings (HKLM-x32\...\{A63E7492-A0BC-4BB9-89A7-352965222380}) (Version: 2.0.0.07010 - Sony Corporation) VAIO Original Function Settings (x32 Version: 2.0.0.07010 - Sony Corporation) Hidden VAIO Personalization Manager (HKLM-x32\...\{A95187EF-BCF4-4468-B501-C0BAB976ADD1}) (Version: 2.0.0.06220 - Sony Corporation) VAIO Personalization Manager (x32 Version: 2.0.0.06220 - Sony Corporation) Hidden VAIO Power Management (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation) VAIO Quick Web Access (HKLM-x32\...\splashtop) (Version: 1.2.2.3 - Sony Corporation) VAIO Quick Web Access (x32 Version: 1.2.2.3 - Sony Corporation) Hidden VAIO Survey (HKLM-x32\...\{34B37A74-125E-4406-87BA-E4BD3D097AE5}) (Version: 6.00.1028 - Sony Corporation) VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.0.10200 - Sony Corporation) VAIO Update 5 (HKLM-x32\...\{5BEE8F1F-BD32-4553-8107-500439E43BD7}) (Version: 5.0.0.10300 - Sony Corporation) VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation) VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation) Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2718738982-134382734-2047601486-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\mariaw\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01F72821-EE7A-4061-9123-2CDB171531A0} - System32\Tasks\{C80CAC95-6956-4D6C-9EE5-C9855BE4BD65} => F:\pmw.pro\SETUP.EXE Task: {02B5400D-0B58-4386-A6BC-740C5B2735A4} - System32\Tasks\{2227FBB9-2D3A-4083-865D-0D4B0F8926F0} => F:\pmw.pro\SETUP.EXE Task: {09991089-F361-47CB-BE22-5E6FAE60F5B0} - System32\Tasks\{AC0BF6BC-EF8D-4E96-9F32-0472999FCD96} => F:\pmw.pro\SETUP.EXE Task: {0CAA7FD9-F8EA-40EF-A13F-EB75E00F3E40} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {0EF290D6-144D-411A-A85B-61D759C44B2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {1FC7ED28-9597-48D0-8BF6-C0241CDA77FF} - System32\Tasks\{4B61302F-7814-41B4-8063-F60B300D8E26} => F:\pmw.pro\SETUP.EXE Task: {2046A153-DFF4-466B-B055-7C275C224D14} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {21880BBD-F068-4BB0-920F-778C93FC4744} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000UA => C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.) Task: {24145874-DBC1-45B7-A603-DA7C4CEE206D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {2B13CA47-9245-4096-B044-1E5463A91959} - System32\Tasks\{894AFA38-F37B-4F7F-A372-7BDDE624D35F} => F:\pmw.pro\SETUP.EXE Task: {2B17CEEB-7806-4A03-9B63-594CF315DD81} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2009-10-19] (Sony Corporation) Task: {2E9983BF-882F-43F5-8948-A638006BC5B8} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000Core => C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.) Task: {38E67EA2-4FEF-4CED-A209-18BC79498545} - System32\Tasks\SONY\VAIO Update\VAIO Update 5 => C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe [2009-10-30] (Sony Corporation) Task: {5060337F-ECC4-4E68-9F1C-9598EF2576FB} - System32\Tasks\{4864794C-115E-4AB2-BD06-84A4E3744660} => F:\pmw.pro\SETUP.EXE Task: {57F7CA73-A682-4564-A5CA-24437D7448B7} - System32\Tasks\Sony\VAIO Survey => C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe [2009-10-26] () Task: {5CB27E9A-85FF-4034-8E2C-EBBEE3B47C97} - System32\Tasks\Sony\OOBEReminder => C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe [2009-11-05] (Sony Electronics, Inc.) Task: {748D7223-326C-4471-AF27-46DDDD89744B} - System32\Tasks\{66F2B79A-0C0E-4448-B54A-8D42BE825C93} => F:\pmw.pro\SETUP.EXE Task: {8F3E3889-001F-4DF4-B98F-D3AE1EE71EDA} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-10-21] (Sony Corporation) Task: {98F62BCC-38B7-4E90-BAB8-5A724F2263BD} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation) Task: {9995F05D-D965-452E-949D-D086B07E6D88} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {A770D131-A40E-4E1E-B0B4-8741BC68180A} - System32\Tasks\{9580622F-410A-4BA0-B106-481655AFC570} => C:\Users\mariaw\Documents\pmw.pro\SETUP.EXE [1993-04-27] () Task: {A92D5392-39F7-4AE8-A880-6AC1E9984972} - System32\Tasks\{1B991736-CC54-43BE-9F63-6B07BC3ACBDB} => F:\pmw.pro\SETUP.EXE Task: {ABA02570-9F8F-4D1D-80D8-F2A34CD6C62C} - System32\Tasks\{799F0951-8557-496D-BB15-EDAE02FC4B8E} => F:\pmw.pro\SETUP.EXE Task: {AE3E2D12-A5BA-42EC-B3EE-B8F7A3000315} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe [2009-11-20] (Sony Corporation) Task: {DB0F3A5B-CAE9-4517-9E04-AE82A543B396} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe Task: {E1F6317D-70F3-4585-BAE0-54A443CABEF4} - System32\Tasks\{021A08B7-9B37-4B7D-897E-F625AECD65D8} => C:\Users\mariaw\Documents\pmw.pro\SETUP.EXE [1993-04-27] () Task: {F0C5E23D-8105-450E-9C94-E51E7E33682A} - System32\Tasks\Sony\OOBESendInfo => C:\Program Files\Sony\First Experience\OOBESendInfo.exe [2009-11-05] () Task: {F2879042-7F59-4026-ADA2-519394A670F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000Core.job => C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2718738982-134382734-2047601486-1000UA.job => C:\Users\mariaw\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2010-01-16 04:57 - 2009-10-05 17:57 - 00016384 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe 2010-01-16 04:57 - 2009-10-05 17:42 - 00161080 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe 2010-01-16 04:57 - 2009-10-05 17:42 - 00017920 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe 2010-01-16 04:57 - 2009-10-05 17:42 - 00033792 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe 2010-01-16 05:24 - 2009-09-30 03:50 - 00238080 _____ () C:\Program Files\Sony\VAIO Care\ManagedVAIORecovery.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00075264 _____ () C:\Program Files\Sony\VAIO Care\VAIORecovery.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00069632 _____ () C:\Program Files\Sony\VAIO Care\Logging.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00028672 _____ () C:\Program Files\Sony\VAIO Care\VAIOCommon.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00206336 _____ () C:\Program Files\Sony\VAIO Care\OsServices.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00043008 _____ () C:\Program Files\Sony\VAIO Care\PluginFactory.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00043520 _____ () C:\Program Files\Sony\VAIO Care\XMLTools.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00059392 _____ () C:\Program Files\Sony\VAIO Care\VAIOInstallAppsDrivers.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00156160 _____ () C:\Program Files\Sony\VAIO Care\InstallDB.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00137216 _____ () C:\Program Files\Sony\VAIO Care\InstallationTools.dll 2010-01-16 05:24 - 2009-09-30 03:50 - 00024576 _____ () C:\Program Files\Sony\VAIO Care\VAIOUtility.dll 2010-01-16 05:32 - 2009-12-02 02:03 - 00010752 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESBasePS.dll 2010-01-16 05:32 - 2009-12-02 02:03 - 00009728 _____ () C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSubPS.dll 2009-12-25 17:59 - 2009-11-20 19:19 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2016-03-22 21:49 - 2016-03-22 21:49 - 00269080 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00021784 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll 2016-03-22 18:49 - 2016-03-22 18:49 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00141592 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll 2016-03-22 21:49 - 2016-03-22 21:49 - 00176920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00415512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll 2016-03-22 21:49 - 2016-03-22 21:49 - 00529176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00128792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00578840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll 2016-03-22 21:50 - 2016-03-22 21:50 - 00042776 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll 2016-05-17 08:40 - 2016-04-19 15:47 - 00034768 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-05-17 08:40 - 2016-04-19 15:48 - 00019408 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-05-17 08:40 - 2016-04-19 15:47 - 00116688 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-05-17 08:40 - 2016-04-19 15:47 - 00093640 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-05-17 08:35 - 2016-04-19 15:47 - 00018376 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\select.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00019760 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00105928 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-05-17 08:40 - 2016-04-19 15:47 - 00392144 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-05-17 08:35 - 2016-05-06 18:35 - 00381752 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-05-17 08:35 - 2016-04-19 15:47 - 00692688 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00020816 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-05-17 08:40 - 2016-04-19 15:48 - 00121296 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 01682760 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00020808 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00021840 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00038696 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-05-17 08:40 - 2016-04-19 15:49 - 00020936 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00024528 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00114640 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00124880 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00021832 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00024016 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00175560 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00030160 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00043472 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00028616 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00048592 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00026456 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00057808 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00024016 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00117056 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00052024 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-05-17 08:40 - 2016-04-19 15:47 - 00134608 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_elementtree.pyd 2016-05-17 08:40 - 2016-04-19 15:47 - 00134088 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-05-17 08:40 - 2016-04-19 15:48 - 00240584 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\jpegtran.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00020800 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00021824 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00019776 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00020800 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00024392 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-05-17 08:40 - 2016-04-19 15:50 - 00036296 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\librsync.dll 2016-05-17 08:40 - 2016-05-06 18:34 - 00020280 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00023376 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-05-17 08:40 - 2016-04-19 15:49 - 00350152 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-05-17 08:35 - 2016-05-06 18:35 - 00022352 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00084280 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-05-17 08:40 - 2016-05-06 18:34 - 01826096 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-05-17 08:35 - 2016-04-19 15:48 - 00083912 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\sip.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 03928880 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 01971504 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00531248 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00132912 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00223544 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-05-17 08:40 - 2016-05-06 18:34 - 00207672 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-05-17 08:35 - 2016-04-19 15:49 - 00060880 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00024904 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00546096 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-05-17 08:40 - 2016-05-06 18:35 - 00357680 _____ () C:\Users\mariaw\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2010-01-16 04:57 - 2009-10-05 17:42 - 00121856 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00007680 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00009728 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00018944 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll 2013-10-21 14:31 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00107008 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00023040 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00027648 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00005120 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00015360 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00011264 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00006656 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll 2010-01-16 04:57 - 2009-10-05 17:42 - 00004608 _____ () C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\bbt.com -> hxxps://cmol.bbt.com IE trusted site: HKU\S-1-5-21-2718738982-134382734-2047601486-1000\...\intuit.com -> hxxps://qbo.intuit.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2718738982-134382734-2047601486-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mariaw\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{900DBF97-B66C-4F50-8DF6-0068DCF8DA3E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{40D8DCE0-3BE5-4DF9-A86E-04BF275212A7}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{6E97C80A-6552-4012-82AE-7D7E61C74C1F}] => (Allow) svchost.exe FirewallRules: [{CADB0273-5D25-4F22-A187-6B9C74EF5BEF}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{25A863FE-B6FA-4AE1-9B3D-AFCD0D6F7F50}] => (Allow) LPort=5353 FirewallRules: [{6F2911BB-8132-465D-A31A-B600BC8CF2A8}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [{8F82295B-CCA7-405B-81FB-42C3247673A4}] => (Allow) C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe FirewallRules: [{F231175E-CC22-4326-94B6-CC2D723D157D}] => (Allow) LPort=54925 FirewallRules: [{445FEED3-8EFE-4ADD-9828-B199F6D93FDC}] => (Allow) C:\Users\mariaw\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{F66A5354-22BC-45FD-85A4-64AF36AACAFC}] => (Allow) C:\Users\mariaw\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{3AC84984-C904-450D-8D5D-D2C77015A67C}C:\users\mariaw\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mariaw\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{488D2C54-310A-4B90-8EDB-EB8079677D7F}C:\users\mariaw\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mariaw\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{993435F0-E085-45F1-9F09-77FB2592128A}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [UDP Query User{1CBADB4F-9702-4180-89DF-4020D8E23551}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe FirewallRules: [{E489F374-DDF4-44C0-9AD7-3A34EC46C513}] => (Allow) LPort=54925 FirewallRules: [{D52F04C2-609C-48A7-BFB6-7D5EE7A49F31}] => (Allow) LPort=54926 FirewallRules: [{FB99E007-818E-4F09-B8BE-F9710FAC2391}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe FirewallRules: [{1FDFF609-EA1D-493D-9AF9-8C75B1125021}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe FirewallRules: [{7EC1791B-52DC-44A2-9B1F-D3E1766FFC11}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 11-04-2016 11:34:19 Windows Update 21-04-2016 11:51:06 Scheduled Checkpoint 25-04-2016 13:25:43 Windows Update 03-05-2016 12:23:35 Scheduled Checkpoint 04-05-2016 10:02:26 Windows Update 17-05-2016 08:19:15 Installed Rapport ==================== Faulty Device Manager Devices ============= Name: Atheros AR9285 Wireless Network Adapter Description: Atheros AR9285 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (05/17/2016 05:52:07 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error: (05/17/2016 05:52:07 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error: (05/17/2016 04:32:17 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error: (05/17/2016 04:32:17 PM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error: (05/17/2016 12:37:25 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (05/17/2016 08:55:43 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 167c Start Time: 01d1b03b2f0b2335 Termination Time: 70 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (05/17/2016 08:22:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmpnetwk.exe, version: 12.0.7601.17514, time stamp: 0x4ce7ae7f Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295 Exception code: 0xc0000005 Fault offset: 0x0000000000050ef7 Faulting process id: 0x107c Faulting application start time: 0xwmpnetwk.exe0 Faulting application path: wmpnetwk.exe1 Faulting module path: wmpnetwk.exe2 Report Id: wmpnetwk.exe3 Error: (05/17/2016 08:18:46 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error: (05/17/2016 08:18:45 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error: (05/17/2016 08:10:57 AM) (Source: VzCdbSvc) (EventID: 7) (User: ) Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) System errors: ============= Error: (05/17/2016 06:01:29 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (05/17/2016 06:01:25 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (05/17/2016 05:52:12 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (05/17/2016 05:52:13 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: ) Description: %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%886 Error Code: 0x80070005 Error description: Access is denied. Reason: %%892 Error: (05/17/2016 05:52:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. Error: (05/17/2016 05:51:13 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:47:38 PM on ‎5/‎17/‎2016 was unexpected. Error: (05/17/2016 04:32:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. Error: (05/17/2016 01:40:56 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (05/17/2016 01:40:51 PM) (Source: ACPI) (EventID: 13) (User: ) Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error: (05/17/2016 11:29:43 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz Percentage of memory in use: 43% Total physical RAM: 3758.1 MB Available physical RAM: 2124.45 MB Total Virtual: 7514.4 MB Available Virtual: 5157.18 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:289.21 GB) (Free:185.23 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: FD64E292) Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  8. No problem. I ran MBAM with no detected items but cannot locate the logs in Windows 8?? From googling I thought they should be under --- user\appdata\roaming\ --- but there isn't a directory there?? I've shown hidden files and directories so I don't think that's it. Anyway, here is the other log... aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software Run date: 2015-09-07 09:06:57 ----------------------------- 09:06:57.451 OS Version: Windows x64 6.2.9200 09:06:57.451 Number of processors: 4 586 0x4501 09:06:57.451 ComputerName: SEG-JIMW4 UserName: 09:06:57.857 Initialize success 09:06:57.873 VM: initialized successfully 09:06:57.873 VM: Intel CPU supported virtualizedSuspended 09:06:59.831 VM: supported disk I/O storport.sys 09:10:02.308 AVAST engine defs: 15090700 09:10:06.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000034 09:10:06.870 Disk 0 Vendor: HFS256G3AMNB-2200A 10108L00 Size: 244198MB BusType: 11 09:10:06.870 Disk 0 MBR read successfully 09:10:06.870 Disk 0 MBR scan 09:10:06.870 Disk 0 unknown MBR code 09:10:06.870 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1 09:10:06.886 Disk 0 scanning C:\windows\system32\drivers 09:10:06.886 Service scanning 09:10:22.136 Modules scanning 09:10:22.136 Disk 0 trace - called modules: 09:10:22.136 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll storahci.sys 09:10:22.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00061523060] 09:10:22.152 3 CLASSPNP.SYS[fffff800ef349170] -> nt!IofCallDriver -> [0xffffe00060b59bd0] 09:10:22.152 5 ACPI.sys[fffff800eef2ac21] -> nt!IofCallDriver -> [0xffffe00060b57790] 09:10:22.152 7 ACPI.sys[fffff800eef2ac21] -> nt!IofCallDriver -> \Device\00000034[0xffffe00060b56060] 09:10:22.574 AVAST engine scan C:\windows 09:10:22.590 AVAST engine scan C:\windows\system32 09:10:22.590 AVAST engine scan C:\windows\system32\drivers 09:10:22.590 AVAST engine scan C:\Users\Administrator 09:10:22.605 AVAST engine scan C:\ProgramData 09:10:22.605 Disk 0 statistics 210/0/0 @ 6.41 MB/s 09:10:22.605 Scan finished successfully 09:10:38.307 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat" 09:10:38.307 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
  9. I also get a aswmbr message stating " this computer supports virtualization technology. Would you like to use it for rootkit detection? ". Yes/no
  10. Aswmbr wants to download the avast virus definitions. Should I click yes ?
  11. My browsing in both chrome and internet explorer is extremely slow. Other machines on same connection are fine and the speed on the actual connection tests well. I'm also seeing a lot of "malware detected and quarantined" alerts from windows message center.
  12. Hi Borislav, I would like to continue with your help. Thanks in advance. I rebooted and ran FRST as administrator. Here are the logs... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 Ran by Administrator (administrator) on SEG-JIMW4 (02-09-2015 09:05:15) Running from C:\Users\Administrator\Desktop Loaded Profiles: JimW & Administrator (Available Profiles: JimW & Super_RIM & Super_RF & admin & Administrator) Platform: Windows 8.1 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (DameWare Development LLC) C:\Windows\SysWOW64\DWRCS.EXE (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Websense, Inc.) C:\Program Files\Websense\Websense Endpoint\wepsvc.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Websense, Inc.) C:\Program Files\Websense\Websense Endpoint\ProxyUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Websense, Inc.) C:\Program Files\Websense\Websense Endpoint\ProxyUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [boxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5827136 2015-08-11] (Box, Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1340720 2009-09-08] (Trend Micro Inc.) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [DameWare MRC Agent] => C:\windows\SysWOW64\DWRCST.exe [85528 2010-08-06] (DameWare Development) HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\Run: [FlickrUploadr] => "C:\Users\jimw\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\Run: [GoogleChromeAutoLaunch_3DFB2D6035BBC91D23ED01E4F4F145C5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation) AppInit_DLLs: PGPmapih.dll => C:\windows\system32\PGPmapih.dll [81248 2014-10-06] (Symantec Corporation) AppInit_DLLs-x32: PGPmapih.dll => C:\windows\SysWOW64\PGPmapih.dll [53432 2014-10-06] (Symantec Corporation) Lsa: [Notification Packages] scecli PGPpwflt ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\windows\system32\PGPfsshl.dll [2014-10-06] (Symantec Corporation) ShellIconOverlayIdentifiers: [QIPOverlay] -> {245D03BE-03F7-4b52-B8B9-7FC41F60C49F} => C:\Windows\system32\QIPOverlay.dll [2014-08-05] (Websense, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\windows\SysWow64\PGPfsshl.dll [2014-10-06] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk [2015-01-13] ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{884992EC-F486-4BC6-B48D-5707B755D59B}\Icon9426BF75.exe () Startup: C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-03] ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Administrator\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-2232656509-361406962-1938170613-2940] => http://webdefence.global.blackspider.com:8082/proxy.pac?p=88vb7276 AutoConfigURL: [s-1-5-21-4053884242-254580842-3275359498-500] => http://webdefence.global.blackspider.com:8082/proxy.pac?p=88vb7276 Winsock: Catalog9 01 C:\windows\SysWOW64\PGPlsp.dll [65768 2014-10-06] (Symantec Corporation) Winsock: Catalog9 13 C:\windows\SysWOW64\PGPlsp.dll [65768 2014-10-06] (Symantec Corporation) Winsock: Catalog9-x64 01 C:\windows\system32\PGPlsp.dll [76128 2014-10-06] (Symantec Corporation) Winsock: Catalog9-x64 13 C:\windows\system32\PGPlsp.dll [76128 2014-10-06] (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 172.16.160.115 172.16.160.116 Tcpip\..\Interfaces\{8250DB6B-3240-46DC-B521-883FC3CACE4E}: [DhcpNameServer] 172.16.160.115 172.16.160.116 Tcpip\..\Interfaces\{9D57E6F7-5AAF-42F4-A907-7399A5BC973B}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2232656509-361406962-1938170613-2940\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-28] CHR Extension: (Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28] CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28] CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28] CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28] CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-28] CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-10-13] (Box, Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation) R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [242200 2010-08-06] (DameWare Development LLC) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-24] (Intel Corporation) R3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [1915696 2010-02-02] (Trend Micro Inc.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation) R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [1986448 2010-02-02] (Trend Micro Inc.) S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2009-07-15] (Trend Micro Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-08] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-08] (Microsoft Corporation) S4 WSDLP; C:\Program Files\Websense\Websense Endpoint\DSEMain.dll [328192 2014-08-05] (Websense, Inc.) [File not signed] R2 WSPXY; C:\Program Files\Websense\Websense Endpoint\ProxyMain.dll [202240 2014-08-05] () [File not signed] S4 WSRF; C:\Program Files\Websense\Websense Endpoint\RFMain.dll [236032 2014-08-05] (Websense, Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [73216 2014-08-07] (ASIX Electronics Corp.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider) R1 dwvkbd; C:\Windows\system32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation) S0 MpBoot; C:\Windows\System32\DRIVERS\MpBoot.sys [34744 2013-09-27] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [990720 2014-09-18] (Marvell Semiconductors Inc.) R3 msu30x64w8; C:\Windows\system32\DRIVERS\msu30x64w8.sys [100864 2014-07-11] (Microsoft) S3 Nep; C:\Windows\System32\DRIVERS\cwNep.sys [143560 2014-08-05] (Websense, Inc.) R2 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [275496 2014-10-06] (Symantec Corporation) R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [184856 2014-10-06] (Symantec Corporation) R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52968 2014-10-06] (Symantec Corporation) R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [399072 2014-10-06] (Symantec Corporation) R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [20536 2014-10-06] (Symantec Corporation) S3 prepdrvr; C:\Windows\system32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation) R1 QIP; C:\Windows\system32\DRIVERS\Qip.sys [76488 2014-08-05] (Websense, Inc.) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation) R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43152 2014-03-14] (Microsoft Corporation) R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation) R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation) R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation) R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [63592 2014-09-26] (Microsoft Corporation) S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation) S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.) R1 tmtdi; C:\Windows\system32\DRIVERS\tmtdi.sys [107536 2009-07-15] (Trend Micro Inc.) R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] () R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.) R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-09-18] (Microsoft Corporation) R3 WsNetFlt; C:\Windows\system32\DRIVERS\WsNetFlt.sys [61640 2014-08-05] (Websense, Inc.) S3 WsWfpRF; C:\Windows\system32\DRIVERS\WsWfpRF.sys [48328 2014-08-05] (Websense, Inc.) S1 knvjklmu; \??\C:\windows\system32\drivers\knvjklmu.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 09:05 - 2015-09-02 09:09 - 00024755 _____ C:\Users\Administrator\Desktop\FRST.txt 2015-09-02 09:04 - 2015-09-01 14:49 - 02188800 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe 2015-09-01 15:09 - 2015-09-01 15:09 - 00028416 _____ C:\Users\jimw\Desktop\Addition.txt 2015-09-01 15:04 - 2015-09-02 09:09 - 00000000 ____D C:\FRST 2015-09-01 15:04 - 2015-09-01 15:09 - 00034591 _____ C:\Users\jimw\Desktop\FRST.txt 2015-09-01 14:49 - 2015-09-01 14:49 - 02188800 _____ (Farbar) C:\Users\jimw\Desktop\FRST64.exe 2015-08-31 11:10 - 2015-08-31 11:10 - 00000743 _____ C:\Users\Administrator\Desktop\Draft Dominator.lnk 2015-08-31 11:10 - 2015-08-31 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator 2015-08-31 11:10 - 2015-08-31 11:10 - 00000000 ____D C:\FBG 2015-08-31 11:10 - 2006-03-08 09:27 - 01353360 _____ (FarPoint Technologies, Inc.) C:\windows\SysWOW64\fpSpr60.ocx 2015-08-31 11:10 - 2004-12-07 13:03 - 00451760 _____ (FarPoint Technologies, Inc.) C:\windows\SysWOW64\Tab32x30.ocx 2015-08-31 11:10 - 2002-12-20 15:02 - 01077336 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX 2015-08-31 11:10 - 2001-03-13 15:49 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.ocx 2015-08-31 11:10 - 2000-05-22 01:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSINET.OCX 2015-08-31 11:10 - 1999-01-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\windows\SysWOW64\xl5en32.olb 2015-08-31 11:05 - 2015-08-31 11:06 - 05523273 _____ ( ) C:\Users\jimw\Downloads\DD160k_Setup.exe 2015-08-28 09:17 - 2015-08-28 09:17 - 00000000 __SHD C:\Users\Administrator\AppData\Local\EmieBrowserModeList 2015-08-28 09:15 - 2015-08-28 09:15 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-28 09:15 - 2015-08-28 09:15 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-28 09:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-08-28 09:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-08-28 09:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-08-28 09:14 - 2015-08-28 09:14 - 00000000 ____D C:\Users\Administrator\Documents\PGP 2015-08-28 09:14 - 2015-08-28 09:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\PGP Corporation 2015-08-28 09:14 - 2015-08-28 09:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\PGP Corporation 2015-08-28 09:07 - 2015-08-28 09:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\jimw\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-12 13:41 - 2015-08-13 22:14 - 00004966 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {94cf404f-7f48-4a47-8958-9b9be70bce99} SEG-JimW4.steiner.sll.com 2015-08-11 14:54 - 2015-08-13 10:26 - 00000000 ____D C:\Users\jimw\AppData\Local\FlickrUploadrWindows 2015-08-11 14:54 - 2015-08-11 14:54 - 00002379 _____ C:\Users\jimw\Desktop\Flickr Uploadr.lnk 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\SquirrelTemp 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\IsolatedStorage 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\Flickr 2015-08-11 14:52 - 2015-08-11 14:53 - 21879792 _____ (Flickr) C:\Users\jimw\Downloads\FlickrUploadrInstallr.exe 2015-08-11 09:21 - 2015-08-11 09:23 - 36284404 _____ C:\Users\jimw\Downloads\VID_20150810_083347.mp4 2015-08-05 15:18 - 2015-08-05 15:18 - 00930872 _____ C:\Users\jimw\Downloads\35733dir.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-02 09:09 - 2014-10-31 14:47 - 01915131 _____ C:\windows\WindowsUpdate.log 2015-09-02 09:08 - 2014-11-03 15:00 - 00003594 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4053884242-254580842-3275359498-500 2015-09-02 09:07 - 2014-10-31 15:27 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2232656509-361406962-1938170613-2940 2015-09-02 09:07 - 2014-05-08 23:06 - 00868872 _____ C:\windows\system32\PerfStringBackup.INI 2015-09-02 09:05 - 2014-10-31 15:03 - 00000589 _____ C:\windows\SMSCFG.ini 2015-09-02 09:03 - 2015-07-08 14:17 - 00003736 _____ C:\windows\System32\Tasks\WinRM 2015-09-02 09:03 - 2014-11-03 16:59 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-09-02 09:03 - 2014-10-31 15:22 - 00006252 __RSH C:\Users\jimw\ntuser.pol 2015-09-02 09:03 - 2014-10-31 15:20 - 00000000 ____D C:\Users\jimw 2015-09-02 09:03 - 2014-10-31 15:01 - 00027139 __RSH C:\ProgramData\ntuser.pol 2015-09-02 09:02 - 2014-11-03 23:10 - 00000000 ____D C:\Users\jimw\AppData\Local\Box Sync 2015-09-02 09:02 - 2014-10-31 15:23 - 00000000 ____D C:\Users\jimw\AppData\Roaming\ClassicShell 2015-09-02 09:01 - 2014-10-31 14:58 - 00000224 _____ C:\windows\system32\config\netlogon.ftl 2015-09-02 09:01 - 2013-08-22 10:46 - 00100448 _____ C:\windows\setupact.log 2015-09-02 09:01 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-09-02 09:00 - 2014-11-03 14:57 - 00002620 _____ C:\windows\TMFilter.log 2015-09-02 08:54 - 2014-11-03 14:54 - 00016382 _____ C:\windows\cfgall.ini 2015-09-02 08:36 - 2014-11-03 16:59 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-02 08:09 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru 2015-09-02 04:15 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness 2015-09-02 04:11 - 2014-11-03 12:57 - 00003918 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{2328317E-DA4E-43B0-BC5E-DDB4E100C05A} 2015-09-01 20:37 - 2014-11-03 17:05 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-09-01 13:36 - 2014-10-31 15:03 - 00000000 ____D C:\windows\ccmcache 2015-08-30 08:31 - 2014-11-03 16:59 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-08-30 08:31 - 2014-11-03 16:59 - 00003658 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-08-28 13:56 - 2014-10-31 15:22 - 00000000 ____D C:\Users\jimw\AppData\Local\Packages 2015-08-28 12:45 - 2014-05-08 22:57 - 00025872 _____ C:\windows\PFRO.log 2015-08-28 09:23 - 2014-11-03 15:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ClassicShell 2015-08-28 09:21 - 2014-11-03 16:32 - 00003962 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{7E9519FD-C60C-4DFD-958E-BEFC05813697} 2015-08-26 15:37 - 2013-08-22 09:25 - 00524288 ___SH C:\windows\system32\config\BBI 2015-08-25 06:02 - 2015-01-06 13:51 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-08-24 17:03 - 2006-06-10 16:02 - 00000000 ____D C:\Users\jimw\Documents\transfer to backup 2015-08-20 22:08 - 2013-08-22 11:36 - 00000000 ____D C:\windows\LiveKernelReports 2015-08-20 21:01 - 2014-11-03 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2015-08-13 10:26 - 2014-10-31 15:22 - 00000000 ____D C:\Users\jimw\AppData\Local\VirtualStore 2015-08-05 12:59 - 2013-08-22 11:36 - 00000000 ___HD C:\windows\system32\GroupPolicy ==================== Files in the root of some directories ======= 2014-05-08 22:58 - 2014-05-08 22:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-02 04:10 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015 Ran by Administrator (2015-09-02 09:09:53) Running from C:\Users\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-4053884242-254580842-3275359498-1001 - Limited - Enabled) => C:\Users\admin Administrator (S-1-5-21-4053884242-254580842-3275359498-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4053884242-254580842-3275359498-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: System Center Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: System Center Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Box Sync (HKLM\...\{64995E36-82A9-4AD6-BACD-38DE87A04ED2}) (Version: 4.0.6567.0 - Box, Inc.) Box Sync (x32 Version: 4.0.5500.0 - Box Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) ConfigMgr Client Setup Bootstrap (x32 Version: 5.00.7958.1000 - Microsoft Corporation) Hidden Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden DraftDominator Version 16.0k (HKLM-x32\...\DraftDominator_is1) (Version: - ) Evernote v. 5.7 (HKLM-x32\...\{94049072-5FE7-11E4-8AF1-00163E98E7D6}) (Version: 5.7.0.5492 - Evernote Corp.) Flickr Uploadr for Windows (HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\FlickrUploadrWindows) (Version: 0.9.90.246 - Flickr) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - ) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden Password Reset Server Login Client (HKLM-x32\...\{05F20509-E65E-42D6-8197-8950CFDDFB21}) (Version: 1.3.0 - Thycotic Software Ltd) Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Encryption Desktop (HKLM\...\{884992EC-F486-4BC6-B48D-5707B755D59B}) (Version: 10.3.2.15661 - Symantec Corporation) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Trend Micro OfficeScan Client (HKLM-x32\...\{ECEA7878-2100-4525-915D-B09174E36971}) (Version: 10.0.1736 - Trend Micro) Websense Endpoint (HKLM\...\{77702A35-F85E-4072-B449-C632C0D37C2A}) (Version: 7.8.1921 - Websense, Inc.) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2232656509-361406962-1938170613-2940_Classes\CLSID\{53B2AC1B-7B81-47FC-8D3B-595CDE21D0BA}\InprocServer32 -> C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteCCx64.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) CustomCLSID: HKU\S-1-5-21-2232656509-361406962-1938170613-2940_Classes\CLSID\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}\InprocServer32 -> C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteIEx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) CustomCLSID: HKU\S-1-5-21-2232656509-361406962-1938170613-2940_Classes\CLSID\{BD6BEEE8-64CE-4814-B319-990645883E89}\InprocServer32 -> C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteOLx64.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Restore Points ========================= 09-08-2015 12:48:49 Scheduled Checkpoint 21-08-2015 12:19:45 Scheduled Checkpoint 31-08-2015 13:50:08 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {083898B2-8139-4A6D-97A6-1326294EAA4F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation) Task: {0F60521F-E757-4245-8F44-FF6240D2CA0C} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation) Task: {1AF2B001-A621-47D9-B983-B5FFCC985516} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2014-10-06] () Task: {37C31A10-3B8E-4C39-8D04-DF6D29AC1553} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation) Task: {435CB807-2AEC-45B7-984A-3D575CE725F0} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance Task: {51B22717-748D-4DE5-B88B-CC047B37AC1B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation) Task: {6CCF7D4E-9DC4-46E2-91C3-946BE7523FEA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\windows\CCM\ccmeval.exe [2013-09-11] (Microsoft Corporation) Task: {6D0E4ACD-1362-4F2D-9C58-98EEC3DA2D96} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation) Task: {91949F76-B1B4-48E7-B633-47CBF595D17C} - System32\Tasks\Turn Off Firewall => netsh Task: {99E7EAB3-348C-4BB9-9D14-2DB7E7E0DA3F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated) Task: {A754D405-AFE3-4DCA-BD49-4A14E37B8211} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {94cf404f-7f48-4a47-8958-9b9be70bce99} SEG-JimW4.steiner.sll.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation) Task: {AD4FF3BA-2912-4FD0-B1CC-80BDAC38C1DF} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} Task: {B5FA60ED-1105-487B-9788-8D159391D9C9} - System32\Tasks\WinRM => winrm Task: {C14B746E-4899-44B1-A4A6-CD25E8137481} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} Task: {C1D17295-D168-4DA9-A9AA-CDE80A1247DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {C3903B20-C981-4574-9E1B-B378DFFDA92A} - System32\Tasks\Start Websense => net Task: {E4B76490-95D4-4C6F-8209-1D40E54F81D7} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {EC1C95C5-A3B6-46F5-A3D1-5804583BBEFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-01-06 13:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2014-08-05 16:43 - 2014-08-05 16:43 - 01633280 _____ () C:\Program Files\Websense\Websense Endpoint\libxml2.dll 2014-08-05 17:30 - 2014-08-05 17:30 - 00202240 _____ () C:\Program Files\Websense\Websense Endpoint\ProxyMain.dll 2007-05-16 12:42 - 2007-05-16 12:42 - 00089088 _____ () C:\Program Files (x86)\Trend Micro\OfficeScan Client\zlibwapi.dll 2015-03-20 12:26 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 01152000 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll 2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 00112128 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd 2013-10-09 18:05 - 2013-10-09 18:05 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd 2013-10-09 18:05 - 2013-10-09 18:05 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 00047616 _____ () C:\Program Files\Box\Box Sync\_socket.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 01745920 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd 2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd 2015-06-11 14:48 - 2015-06-11 14:48 - 00059392 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd 2014-10-13 11:59 - 2014-10-13 11:59 - 00068096 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll 2015-08-11 22:39 - 2015-08-11 22:39 - 00030384 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe 2014-10-29 23:17 - 2014-10-29 23:17 - 00436576 _____ () C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\libxml2.dll 2014-10-29 23:17 - 2014-10-29 23:17 - 00318304 _____ () C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\libtidy.dll 2015-09-01 20:37 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll 2015-09-01 20:37 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\sharepoint.com -> hxxps://steinerleisure.sharepoint.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2232656509-361406962-1938170613-2940\Control Panel\Desktop\\Wallpaper -> C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper HKU\S-1-5-21-4053884242-254580842-3275359498-500\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Surface\Surface.jpg DNS Servers: 172.16.160.115 - 172.16.160.116 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{78A46111-05C1-49FC-9D1A-66C7F0226F3F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{6790201A-48CB-46D6-A8B7-F4E8E0CC3086}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{592AFB87-CE62-4FE3-820D-DA134B3AD63E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{5148D84E-3BE8-444A-AF21-62D7D3F4B9AC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{EE316439-D10A-43D5-9226-150D7E584F9E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{69953D67-844F-4CF8-AA68-37E9094F578E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{5DEFD7B4-BAA8-42B3-89AC-B5BB0CD215B6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{860A272A-A0D1-40BB-8F87-42193580C532}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{396A03F9-4DD9-488F-BCB0-53423E1AE44D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D6EA0C8A-95F8-40B9-B0CD-9F4FB34E8685}] => (Allow) LPort=44668 FirewallRules: [{E4ED828D-3F6F-4934-81FB-1953665C53A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{7656D52D-25B0-4466-8F11-8403B4E1E494}] => (Allow) C:\windows\SysWOW64\DWRCS.EXE ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/02/2015 09:03:44 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Please use sxstrace.exe for detailed diagnosis. Error: (09/02/2015 09:02:39 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Please use sxstrace.exe for detailed diagnosis. Error: (09/02/2015 04:10:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: The volume Windows RE tools was not optimized because an error was encountered: The parameter is incorrect. (0x80070057) Error: (09/02/2015 04:10:22 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (09/02/2015 01:18:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485946 Error: (09/02/2015 01:18:30 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {DB07C64A-C755-4D59-964F-3169CE90D65A} Error: (09/01/2015 10:03:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/01/2015 03:31:00 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Please use sxstrace.exe for detailed diagnosis. Error: (09/01/2015 03:19:07 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".Error in manifest or policy file "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" on line Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition is Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762". Please use sxstrace.exe for detailed diagnosis. Error: (09/01/2015 03:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 31.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1d08 Start Time: 01d0e4e8f8e4d5a7 Termination Time: 58685 Application Path: C:\Users\jimw\Desktop\FRST64.exe Report Id: ab1143e1-50dc-11e5-8296-600292f0274e Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (09/02/2015 09:05:49 AM) (Source: Kerberos) (EventID: 4) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server edcsc01$. The target name used was HTTP/edcsc01.steiner.sll.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (STEINER.SLL.COM) is different from the client domain (STEINER.SLL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (09/02/2015 09:01:12 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (EventID: 16953) (User: NT AUTHORITY) Description: The password notification DLL PGPpwflt failed to load with error 126. Please verify that the notification DLL path defined in the registry, HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages, refers to a correct and absolute path (<drive>:\<path>\<filename>.<ext>) and not a relative or invalid path. If the DLL path is correct, please validate that any supporting files are located in the same directory, and that the system account has read access to both the DLL path and any supporting files. Contact the provider of the notification DLL for additional support. Further details can be found on the web at http://go.microsoft.com/fwlink/?LinkId=245898. Error: (09/02/2015 09:00:39 AM) (Source: DCOM) (EventID: 10029) (User: NT AUTHORITY) Description: {8BC3F05E-D86B-11D0-A075-00C04FB68820}winmgmt Error: (09/02/2015 08:54:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (09/02/2015 08:54:13 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: STEINER) Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Error: (09/02/2015 08:54:13 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain STEINER due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (09/02/2015 07:43:16 AM) (Source: DCOM) (EventID: 10010) (User: STEINER) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/02/2015 07:41:45 AM) (Source: DCOM) (EventID: 10010) (User: STEINER) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/02/2015 07:40:14 AM) (Source: DCOM) (EventID: 10010) (User: STEINER) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (09/02/2015 07:38:43 AM) (Source: DCOM) (EventID: 10010) (User: STEINER) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Microsoft Office: ========================= Error: (09/02/2015 09:03:44 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (09/02/2015 09:02:39 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (09/02/2015 04:10:48 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: Windows RE toolsThe parameter is incorrect. (0x80070057) Error: (09/02/2015 04:10:22 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (09/02/2015 01:18:30 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485946 Error: (09/02/2015 01:18:30 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {DB07C64A-C755-4D59-964F-3169CE90D65A} Error: (09/01/2015 10:03:45 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (09/01/2015 03:31:00 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (09/01/2015 03:19:07 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Citrix\ICA Client\MFC80.DLLC:\Program Files (x86)\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5 Error: (09/01/2015 03:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe31.8.2015.01d0801d0e4e8f8e4d5a758685C:\Users\jimw\Desktop\FRST64.exeab1143e1-50dc-11e5-8296-600292f0274e CodeIntegrity: =================================== Date: 2015-02-13 22:31:47.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 22:25:04.172 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 21:24:38.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 21:19:24.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4650U CPU @ 1.70GHz Percentage of memory in use: 30% Total physical RAM: 8097.07 MB Available physical RAM: 5616.9 MB Total Virtual: 9377.07 MB Available Virtual: 6445.51 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:232.73 GB) (Free:110.38 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: 4B58FC52) Partition: GPT. ==================== End of Addition.txt ============================
  13. Here are my logs... Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015 Ran by JimW (ATTENTION: The user is not administrator) on SEG-JIMW4 (01-09-2015 15:09:12) Running from C:\Users\jimw\Desktop Loaded Profiles: JimW & Administrator (Available Profiles: JimW & Super_RIM & Super_RF & admin & Administrator) Platform: Windows 8.1 Pro (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> winlogon.exe Failed to access process -> MsMpEng.exe Failed to access process -> dwm.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> igfxCUIService.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> armsvc.exe Failed to access process -> officeclicktorun.exe Failed to access process -> DWRCS.EXE Failed to access process -> dasHost.exe Failed to access process -> NTRTScan.exe Failed to access process -> svchost.exe Failed to access process -> TeamViewer_Service.exe Failed to access process -> wepsvc.exe Failed to access process -> TmListen.exe Failed to access process -> NisSrv.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> CNTAoSMgr.exe Failed to access process -> conhost.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe Failed to access process -> SearchIndexer.exe (Websense, Inc.) C:\Program Files\Websense\Websense Endpoint\ProxyUI.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe Failed to access process -> WmiPrvSE.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Symantec Corporation) C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe Failed to access process -> CcmExec.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> CmRcService.exe Failed to access process -> wmpnetwk.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> WmiPrvSE.exe (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe (DameWare Development) C:\Windows\SysWOW64\DWRCST.EXE (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\Evernote.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteTray.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe (Microsoft Corporation) C:\Windows\splwow64.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> WUDFHost.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> SearchProtocolHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [boxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [5827136 2015-08-11] (Box, Inc.) HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1340720 2009-09-08] (Trend Micro Inc.) HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-04-10] (Oracle Corporation) HKLM-x32\...\Run: [DameWare MRC Agent] => C:\windows\SysWOW64\DWRCST.exe [85528 2010-08-06] (DameWare Development) HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\Run: [FlickrUploadr] => "C:\Users\jimw\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\Run: [GoogleChromeAutoLaunch_3DFB2D6035BBC91D23ED01E4F4F145C5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.) HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [372408 2014-11-08] (Microsoft Corporation) AppInit_DLLs: PGPmapih.dll => C:\windows\system32\PGPmapih.dll [81248 2014-10-06] (Symantec Corporation) AppInit_DLLs-x32: PGPmapih.dll => C:\windows\SysWOW64\PGPmapih.dll [53432 2014-10-06] (Symantec Corporation) Lsa: [Notification Packages] scecli PGPpwflt ShellIconOverlayIdentifiers: [ BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\windows\system32\mscoree.dll [2013-08-22] (Microsoft Corporation) ShellIconOverlayIdentifiers: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\windows\system32\PGPfsshl.dll [2014-10-06] (Symantec Corporation) ShellIconOverlayIdentifiers: [QIPOverlay] -> {245D03BE-03F7-4b52-B8B9-7FC41F60C49F} => C:\Windows\system32\QIPOverlay.dll [2014-08-05] (Websense, Inc.) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [1IconOverlayHandlerAccessible] -> {3DBF5F01-3287-46EB-82CF-45AA5C241162} => C:\windows\SysWow64\PGPfsshl.dll [2014-10-06] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PGPtray.exe.lnk [2015-01-13] ShortcutTarget: PGPtray.exe.lnk -> C:\Windows\Installer\{884992EC-F486-4BC6-B48D-5707B755D59B}\Icon9426BF75.exe () Startup: C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-11-03] ShortcutTarget: EvernoteClipper.lnk -> C:\Users\jimw\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) AutoConfigURL: [s-1-5-21-2232656509-361406962-1938170613-2940] => http://webdefence.global.blackspider.com:8082/proxy.pac?p=88vb7276 Winsock: Catalog9 01 C:\windows\SysWOW64\PGPlsp.dll [65768 2014-10-06] (Symantec Corporation) Winsock: Catalog9 13 C:\windows\SysWOW64\PGPlsp.dll [65768 2014-10-06] (Symantec Corporation) Winsock: Catalog9-x64 01 C:\windows\system32\PGPlsp.dll [76128 2014-10-06] (Symantec Corporation) Winsock: Catalog9-x64 13 C:\windows\system32\PGPlsp.dll [76128 2014-10-06] (Symantec Corporation) Tcpip\Parameters: [DhcpNameServer] 172.16.160.115 172.16.160.116 Tcpip\..\Interfaces\{8250DB6B-3240-46DC-B521-883FC3CACE4E}: [DhcpNameServer] 172.16.160.115 172.16.160.116 Tcpip\..\Interfaces\{9D57E6F7-5AAF-42F4-A907-7399A5BC973B}: [DhcpNameServer] 192.168.43.1 Internet Explorer: ================== HKU\S-1-5-21-2232656509-361406962-1938170613-2940\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION URLSearchHook: [s-1-5-21-4053884242-254580842-3275359498-500] ATTENTION => Default URLSearchHook is missing BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.) FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.) FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-08] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\jimw\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-02-05] (Cisco WebEx LLC) Chrome: ======= CHR Profile: C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-03] CHR Extension: (Yahoo Web) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\acjpdakpjonkfmggcmanlhdakfkhloii [2015-03-23] CHR Extension: (Google Docs) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-03] CHR Extension: (Google Drive) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-03] CHR Extension: (YouTube) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-03] CHR Extension: (Google Search) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-03] CHR Extension: (Button for Pinterest™) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbfjhllmkehmdajjlkolhdjjlfcmmlpl [2015-07-14] CHR Extension: (Google Sheets) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-03] CHR Extension: (Cisco WebEx Extension) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-02-05] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20] CHR Extension: (Save to Pocket) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-11-03] CHR Extension: (Google Wallet) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-03] CHR Extension: (Gmail) - C:\Users\jimw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-03] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28696 2014-10-13] (Box, Inc.) R2 CcmExec; C:\windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation) R2 CmRcService; C:\windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation) R2 DWMRCS; C:\Windows\SysWOW64\DWRCS.EXE [242200 2010-08-06] (DameWare Development LLC) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-24] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [38792 2014-10-29] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [33088 2014-10-28] (Microsoft Corporation) R2 ntrtscan; C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe [1915696 2010-02-02] (Trend Micro Inc.) S3 smstsmgr; C:\windows\CCM\TSManager.exe [276152 2013-09-11] () [File not signed] R2 tmlisten; C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe [1986448 2010-02-02] (Trend Micro Inc.) S3 TmProxy; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [917768 2009-07-15] (Trend Micro Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2014-05-08] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-08] (Microsoft Corporation) S4 WSDLP; C:\Program Files\Websense\Websense Endpoint\DSEMain.dll [328192 2014-08-05] (Websense, Inc.) [File not signed] R2 WSPXY; C:\Program Files\Websense\Websense Endpoint\ProxyMain.dll [202240 2014-08-05] () [File not signed] S4 WSRF; C:\Program Files\Websense\Websense Endpoint\RFMain.dll [236032 2014-08-05] (Websense, Inc.) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [73216 2014-08-07] (ASIX Electronics Corp.) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131328 2014-10-08] (Microsoft Corporation) R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-05-08] (Microsoft Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider) R1 dwvkbd; C:\Windows\system32\DRIVERS\dwvkbd64.sys [30720 2007-02-15] (DameWare) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-10-07] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-07] (Intel Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-28] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2014-01-31] (Intel Corporation) S0 MpBoot; C:\Windows\System32\DRIVERS\MpBoot.sys [34744 2013-09-27] (Microsoft Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 mrvlpcie8897; C:\Windows\system32\DRIVERS\mrvlpcie8897.sys [990720 2014-09-18] (Marvell Semiconductors Inc.) R3 msu30x64w8; C:\Windows\system32\DRIVERS\msu30x64w8.sys [100864 2014-07-11] (Microsoft) S3 Nep; C:\Windows\System32\DRIVERS\cwNep.sys [143560 2014-08-05] (Websense, Inc.) R2 NisDrv; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 PGPdisk; C:\Windows\System32\Drivers\PGPdisk.sys [275496 2014-10-06] (Symantec Corporation) R0 pgpfs; C:\Windows\System32\Drivers\PGPfsfd.sys [184856 2014-10-06] (Symantec Corporation) R1 PGPsdkDriver; C:\Windows\System32\Drivers\PGPsdk.sys [52968 2014-10-06] (Symantec Corporation) R0 PGPwded; C:\Windows\System32\Drivers\PGPwded.sys [399072 2014-10-06] (Symantec Corporation) R0 Pgpwdefs; C:\Windows\System32\DRIVERS\Pgpwdefs.sys [20536 2014-10-06] (Symantec Corporation) S3 prepdrvr; C:\Windows\system32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation) R1 QIP; C:\Windows\system32\DRIVERS\Qip.sys [76488 2014-08-05] (Websense, Inc.) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-05-30] (Microsoft Corporation) R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [43152 2014-03-14] (Microsoft Corporation) R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-05-02] (Microsoft Corporation) R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [49768 2014-10-13] (Microsoft Corporation) R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-10-08] (Microsoft Corporation) R3 SurfacePenDriver; C:\Windows\system32\DRIVERS\SurfacePenDriver.sys [63592 2014-09-26] (Microsoft Corporation) S3 SurfaceTouchCover; C:\Windows\System32\drivers\SurfaceTouchCover.sys [35976 2014-04-14] (Microsoft Corporation) S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [35984 2014-03-19] (Microsoft Corporation) R2 TmFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.) R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.) R1 tmtdi; C:\Windows\system32\DRIVERS\tmtdi.sys [107536 2009-07-15] (Trend Micro Inc.) R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-07-07] () R2 VSApiNt; C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.) R3 WiFiClass; C:\Windows\system32\DRIVERS\wificlass.sys [411136 2014-09-18] (Microsoft Corporation) R3 WsNetFlt; C:\Windows\system32\DRIVERS\WsNetFlt.sys [61640 2014-08-05] (Websense, Inc.) S3 WsWfpRF; C:\Windows\system32\DRIVERS\WsWfpRF.sys [48328 2014-08-05] (Websense, Inc.) S1 knvjklmu; \??\C:\windows\system32\drivers\knvjklmu.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-01 15:04 - 2015-09-01 15:09 - 00027329 _____ C:\Users\jimw\Desktop\FRST.txt 2015-09-01 15:04 - 2015-09-01 15:09 - 00000000 ____D C:\FRST 2015-09-01 14:49 - 2015-09-01 14:49 - 02188800 _____ (Farbar) C:\Users\jimw\Desktop\FRST64.exe 2015-08-31 11:10 - 2015-08-31 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DraftDominator 2015-08-31 11:10 - 2015-08-31 11:10 - 00000000 ____D C:\FBG 2015-08-31 11:10 - 2006-03-08 09:27 - 01353360 _____ (FarPoint Technologies, Inc.) C:\windows\SysWOW64\fpSpr60.ocx 2015-08-31 11:10 - 2004-12-07 13:03 - 00451760 _____ (FarPoint Technologies, Inc.) C:\windows\SysWOW64\Tab32x30.ocx 2015-08-31 11:10 - 2002-12-20 15:02 - 01077336 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX 2015-08-31 11:10 - 2001-03-13 15:49 - 00140288 _____ (Microsoft Corporation) C:\windows\SysWOW64\comdlg32.ocx 2015-08-31 11:10 - 2000-05-22 01:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSINET.OCX 2015-08-31 11:10 - 1999-01-06 18:50 - 00228864 _____ (Microsoft Corporation) C:\windows\SysWOW64\xl5en32.olb 2015-08-31 11:05 - 2015-08-31 11:06 - 05523273 _____ ( ) C:\Users\jimw\Downloads\DD160k_Setup.exe 2015-08-28 09:24 - 2015-08-28 09:24 - 00000180 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2015-08-28 09:15 - 2015-08-28 09:15 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2015-08-28 09:15 - 2015-08-28 09:15 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\ProgramData\Malwarebytes 2015-08-28 09:15 - 2015-08-28 09:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-08-28 09:15 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2015-08-28 09:15 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2015-08-28 09:15 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2015-08-28 09:07 - 2015-08-28 09:09 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\jimw\Downloads\mbam-setup-2.1.8.1057.exe 2015-08-14 09:57 - 2015-08-14 09:57 - 01965568 _____ C:\Users\jimw\Desktop\july monthly pl prelim.xls 2015-08-11 14:54 - 2015-08-13 10:26 - 00000000 ____D C:\Users\jimw\AppData\Local\FlickrUploadrWindows 2015-08-11 14:54 - 2015-08-11 14:54 - 00002379 _____ C:\Users\jimw\Desktop\Flickr Uploadr.lnk 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\SquirrelTemp 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\IsolatedStorage 2015-08-11 14:54 - 2015-08-11 14:54 - 00000000 ____D C:\Users\jimw\AppData\Local\Flickr 2015-08-11 14:52 - 2015-08-11 14:53 - 21879792 _____ (Flickr) C:\Users\jimw\Downloads\FlickrUploadrInstallr.exe 2015-08-11 09:21 - 2015-08-11 09:23 - 36284404 _____ C:\Users\jimw\Downloads\VID_20150810_083347.mp4 2015-08-05 15:18 - 2015-08-05 15:18 - 00930872 _____ C:\Users\jimw\Downloads\35733dir.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-01 15:02 - 2013-08-22 11:36 - 00000000 ____D C:\windows\AppReadiness 2015-09-01 15:00 - 2013-08-22 11:36 - 00000000 ____D C:\windows\system32\sru 2015-09-01 14:50 - 2014-10-31 14:47 - 01320240 _____ C:\windows\WindowsUpdate.log 2015-09-01 14:40 - 2014-10-31 15:23 - 00000000 ____D C:\Users\jimw\AppData\Roaming\ClassicShell 2015-09-01 14:37 - 2014-11-03 16:59 - 00000922 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-09-01 14:35 - 2013-08-22 10:46 - 00099056 _____ C:\windows\setupact.log 2015-09-01 13:36 - 2014-10-31 15:03 - 00000000 ____D C:\windows\ccmcache 2015-09-01 09:35 - 2014-11-03 14:54 - 00016382 _____ C:\windows\cfgall.ini 2015-08-31 14:32 - 2014-10-31 15:01 - 00027139 __RSH C:\ProgramData\ntuser.pol 2015-08-30 08:36 - 2014-11-03 16:59 - 00000918 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-08-28 13:56 - 2014-10-31 15:22 - 00000000 ____D C:\Users\jimw\AppData\Local\Packages 2015-08-28 12:51 - 2014-05-08 23:06 - 00868872 _____ C:\windows\system32\PerfStringBackup.INI 2015-08-28 12:49 - 2014-10-31 15:03 - 00000589 _____ C:\windows\SMSCFG.ini 2015-08-28 12:46 - 2014-11-03 23:10 - 00000000 ____D C:\Users\jimw\AppData\Local\Box Sync 2015-08-28 12:45 - 2014-05-08 22:57 - 00025872 _____ C:\windows\PFRO.log 2015-08-28 12:45 - 2013-08-22 10:45 - 00000006 ____H C:\windows\Tasks\SA.DAT 2015-08-28 12:00 - 2014-11-03 14:57 - 00002554 _____ C:\windows\TMFilter.log 2015-08-28 09:24 - 2014-10-31 15:22 - 00006252 __RSH C:\Users\jimw\ntuser.pol 2015-08-28 09:24 - 2014-10-31 15:20 - 00000000 ____D C:\Users\jimw 2015-08-25 06:02 - 2015-01-06 13:51 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-08-24 17:03 - 2006-06-10 16:02 - 00000000 ____D C:\Users\jimw\Documents\transfer to backup 2015-08-22 04:09 - 2014-11-03 17:05 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-08-20 22:08 - 2013-08-22 11:36 - 00000000 ____D C:\windows\LiveKernelReports 2015-08-20 21:01 - 2014-11-03 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync 2015-08-13 10:26 - 2014-10-31 15:22 - 00000000 ____D C:\Users\jimw\AppData\Local\VirtualStore 2015-08-05 12:59 - 2013-08-22 11:36 - 00000000 ___HD C:\windows\system32\GroupPolicy ==================== Files in the root of some directories ======= 2014-05-08 22:58 - 2014-05-08 22:58 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed ATTENTION: ==> Could not access BCD. The user is not administrator ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015 Ran by JimW (2015-09-01 15:09:33) Running from C:\Users\jimw\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= admin (S-1-5-21-4053884242-254580842-3275359498-1001 - Limited - Enabled) => C:\Users\admin Administrator (S-1-5-21-4053884242-254580842-3275359498-500 - Administrator - Enabled) => C:\Users\Administrator Guest (S-1-5-21-4053884242-254580842-3275359498-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: System Center Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Trend Micro OfficeScan Antivirus (Enabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50} AS: Trend Micro OfficeScan Anti-spyware (Enabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: System Center Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated) Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) Box Sync (HKLM\...\{64995E36-82A9-4AD6-BACD-38DE87A04ED2}) (Version: 4.0.6567.0 - Box, Inc.) Box Sync (x32 Version: 4.0.5500.0 - Box Inc.) Hidden Cisco WebEx Meetings (HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.) Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft) ConfigMgr Client Setup Bootstrap (x32 Version: 5.00.7958.1000 - Microsoft Corporation) Hidden Configuration Manager Client (Version: 5.00.7958.1000 - Microsoft Corporation) Hidden DraftDominator Version 16.0k (HKLM-x32\...\DraftDominator_is1) (Version: - ) Evernote v. 5.7 (HKLM-x32\...\{94049072-5FE7-11E4-8AF1-00163E98E7D6}) (Version: 5.7.0.5492 - Evernote Corp.) Flickr Uploadr for Windows (HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\FlickrUploadrWindows) (Version: 0.9.90.246 - Flickr) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - ) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Mozilla Firefox 33.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.2 (x86 en-US)) (Version: 33.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden Password Reset Server Login Client (HKLM-x32\...\{05F20509-E65E-42D6-8197-8950CFDDFB21}) (Version: 1.3.0 - Thycotic Software Ltd) Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Symantec Encryption Desktop (HKLM\...\{884992EC-F486-4BC6-B48D-5707B755D59B}) (Version: 10.3.2.15661 - Symantec Corporation) System Center Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Trend Micro OfficeScan Client (HKLM-x32\...\{ECEA7878-2100-4525-915D-B09174E36971}) (Version: 10.0.1736 - Trend Micro) Websense Endpoint (HKLM\...\{77702A35-F85E-4072-B449-C632C0D37C2A}) (Version: 7.8.1921 - Websense, Inc.) Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Loaded Modules (Whitelisted) ============== 2015-03-20 12:26 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 01152000 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll 2012-10-27 08:29 - 2012-10-27 08:29 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 00112128 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd 2013-10-09 18:05 - 2013-10-09 18:05 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd 2013-10-09 18:05 - 2013-10-09 18:05 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll 2014-12-10 12:28 - 2014-12-10 12:28 - 00047616 _____ () C:\Program Files\Box\Box Sync\_socket.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 01745920 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd 2012-10-27 08:31 - 2012-10-27 08:31 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd 2015-06-11 14:48 - 2015-06-11 14:48 - 00059392 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd 2015-05-28 16:42 - 2015-05-28 16:42 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd 2014-12-10 12:28 - 2014-12-10 12:28 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd 2012-10-27 08:27 - 2012-10-27 08:27 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd 2012-10-27 08:28 - 2012-10-27 08:28 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd 2014-10-13 11:59 - 2014-10-13 11:59 - 00068096 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll 2015-08-11 22:39 - 2015-08-11 22:39 - 00030384 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2232656509-361406962-1938170613-2940\...\sharepoint.com -> hxxps://steinerleisure.sharepoint.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2232656509-361406962-1938170613-2940\Control Panel\Desktop\\Wallpaper -> C:\Users\jimw\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 172.16.160.115 - 172.16.160.116 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe FirewallRules: [{78A46111-05C1-49FC-9D1A-66C7F0226F3F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{6790201A-48CB-46D6-A8B7-F4E8E0CC3086}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{592AFB87-CE62-4FE3-820D-DA134B3AD63E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{5148D84E-3BE8-444A-AF21-62D7D3F4B9AC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{EE316439-D10A-43D5-9226-150D7E584F9E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{69953D67-844F-4CF8-AA68-37E9094F578E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{5DEFD7B4-BAA8-42B3-89AC-B5BB0CD215B6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{860A272A-A0D1-40BB-8F87-42193580C532}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{396A03F9-4DD9-488F-BCB0-53423E1AE44D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{D6EA0C8A-95F8-40B9-B0CD-9F4FB34E8685}] => (Allow) LPort=44668 FirewallRules: [{1CBB47E1-FD2B-4012-A201-A5625F60F172}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{60EFCF11-3F26-4452-8C01-0C6E18359A6A}] => (Allow) C:\windows\SysWOW64\DWRCS.EXE ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/01/2015 03:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program FRST64.exe version 31.8.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1d08 Start Time: 01d0e4e8f8e4d5a7 Termination Time: 58685 Application Path: C:\Users\jimw\Desktop\FRST64.exe Report Id: ab1143e1-50dc-11e5-8296-600292f0274e Faulting package full name: Faulting package-relative application ID: Error: (09/01/2015 10:06:42 AM) (Source: Outlook) (EventID: 62) (User: ) Description: Unable to instantiate policy nudges text extraction module - error code 0x80040154. Error: (08/31/2015 01:55:58 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/31/2015 01:51:14 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/31/2015 01:50:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/30/2015 01:20:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485936 Error: (08/30/2015 01:20:19 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2A772980-6240-49D1-8445-349E11D42A13} Error: (08/30/2015 01:18:18 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2A772980-6240-49D1-8445-349E11D42A13} Error: (08/29/2015 01:19:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485946 Error: (08/29/2015 01:19:25 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {823CC2DA-8391-4EC7-B38E-EBEE1DF23B15} System errors: ============= Error: (09/01/2015 02:39:43 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1006) (User: NT AUTHORITY) Description: The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description. Error: (09/01/2015 02:38:05 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer SEG-LISAL1 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8250DB6B-3240-46DC-B521-883FC3CACE4E}. The master browser is stopping or an election is being forced. Error: (09/01/2015 02:35:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (09/01/2015 02:34:57 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: STEINER) Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Error: (09/01/2015 02:00:52 PM) (Source: DCOM) (EventID: 10010) (User: STEINER) Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/01/2015 01:35:04 PM) (Source: Kerberos) (EventID: 4) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server edcsc01$. The target name used was HTTP/edcsc01.steiner.sll.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (STEINER.SLL.COM) is different from the client domain (STEINER.SLL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (09/01/2015 12:35:03 PM) (Source: Kerberos) (EventID: 4) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server edcsc01$. The target name used was HTTP/edcsc01.steiner.sll.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (STEINER.SLL.COM) is different from the client domain (STEINER.SLL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (09/01/2015 11:35:03 AM) (Source: Kerberos) (EventID: 4) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server edcsc01$. The target name used was HTTP/edcsc01.steiner.sll.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (STEINER.SLL.COM) is different from the client domain (STEINER.SLL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (09/01/2015 10:05:06 AM) (Source: Kerberos) (EventID: 4) (User: ) Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server edcsc01$. The target name used was HTTP/edcsc01.steiner.sll.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (STEINER.SLL.COM) is different from the client domain (STEINER.SLL.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server. Error: (09/01/2015 09:34:35 AM) (Source: BTHUSB) (EventID: 17) (User: ) Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. Microsoft Office: ========================= Error: (09/01/2015 03:08:23 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: FRST64.exe31.8.2015.01d0801d0e4e8f8e4d5a758685C:\Users\jimw\Desktop\FRST64.exeab1143e1-50dc-11e5-8296-600292f0274e Error: (09/01/2015 10:06:42 AM) (Source: Outlook) (EventID: 62) (User: ) Description: Unable to instantiate policy nudges text extraction module - error code 0x80040154. Error: (08/31/2015 01:55:58 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (08/31/2015 01:51:14 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1 Error: (08/31/2015 01:50:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. Error: (08/30/2015 01:20:19 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485936 Error: (08/30/2015 01:20:19 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2A772980-6240-49D1-8445-349E11D42A13} Error: (08/30/2015 01:18:18 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {2A772980-6240-49D1-8445-349E11D42A13} Error: (08/29/2015 01:19:25 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: ) Description: Subscription licensing service failed: -2143485946 Error: (08/29/2015 01:19:25 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: ) Description: Office Subscription licensing exception: Error Code: 0x803D0006; CorrelationId: {823CC2DA-8391-4EC7-B38E-EBEE1DF23B15} CodeIntegrity: =================================== Date: 2015-02-13 22:31:47.933 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 22:25:04.172 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 21:24:38.516 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. Date: 2015-02-13 21:19:24.472 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4650U CPU @ 1.70GHz Percentage of memory in use: 39% Total physical RAM: 8097.07 MB Available physical RAM: 4875.53 MB Total Virtual: 9953.07 MB Available Virtual: 6546.64 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:232.73 GB) (Free:110.25 GB) NTFS Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:373.9 GB) NTFS Drive h: () (Network) (Total:67.82 GB) (Free:7.54 GB) Drive k: (Functional) (Network) (Total:1512 GB) (Free:347.76 GB) NTFS Drive r: (Functional) (Network) (Total:1512 GB) (Free:347.76 GB) NTFS ==================== MBR & Partition Table ================== ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.