Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Chrome browser virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 naterased

naterased

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 25 August 2014 - 10:02 AM

I have a computer that got a fake Chrome browser virus that keeps popping up a Chrome windows with random sites, even though i dont have Chrome installed.

 

I ran multiple scans and couldnt find anything. Must be a new virus.

 

Please help, thanks.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03

Ran by Strawberry (administrator) on SUNOPSTL-LT01 on 25-08-2014 09:55:43

Running from C:\Users\Marie.Kozlowski\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corp.) C:\Program Files\System Center Operations Manager\Agent\HealthService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(LogMeIn, Inc.) C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(http://www.ocsinventory-ng.org) C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corp.) C:\Program Files\System Center Operations Manager\Agent\MonitoringHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(LogMeIn, Inc.) C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe

(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe

(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Autonomy Corporation plc) C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(LogMeIn, Inc.) C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe

(Cisco WebEx LLC) C:\Program Files (x86)\WebEx\Productivity Tools\ptSrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Program Files\Microsoft\OnlineManagement\Client\UI\clientui.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

() C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

(Google Inc.) C:\Users\Marie.Kozlowski\AppData\LocalLow\NavigatorHiggs\VolunteerSync\browser.exe

(Google Inc.) C:\Users\Marie.Kozlowski\AppData\LocalLow\NavigatorHiggs\VolunteerSync\browser.exe

(Google Inc.) C:\Users\Marie.Kozlowski\AppData\LocalLow\NavigatorHiggs\VolunteerSync\browser.exe

(Google Inc.) C:\Users\Marie.Kozlowski\AppData\LocalLow\NavigatorHiggs\VolunteerSync\browser.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Users\Marie.Kozlowski\AppData\LocalLow\NavigatorHiggs\VolunteerSync\browser.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [1652280 2012-06-26] (GlavSoft LLC.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-19] (IDT, Inc.)

HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [103056 2012-10-09] (Realtek Semiconductor Corp.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011824 2013-01-10] (Synaptics Incorporated)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-06-22] (Intel Corporation)

HKLM-x32\...\Run: [FLxHCIm64] => C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe [48128 2012-04-12] (Windows ® Win 7 DDK provider)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133440 2012-07-18] (Intel Corporation)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-24] (Intel Corporation)

HKLM-x32\...\Run: [AgentUiRunKey] => C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-12-21] (Adobe Systems Inc.)

HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}

HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}

HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}

HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).

HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).

HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).

HKLM\...\RunOnce: [BrowserChoice] => C:\Windows\system32\browserchoice.exe [294912 2010-02-23] (Microsoft Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-140116415-3017645032-1259276925-11414\...\Run: [PTIM.exe] => C:\Program Files (x86)\WebEx\Productivity Tools\PTIM.exe [419344 2013-07-11] (Cisco WebEx LLC)

HKU\S-1-5-21-140116415-3017645032-1259276925-11414\...\Run: [PTOneClick] => C:\Program Files (x86)\WebEx\Productivity Tools\ptoneclk.exe [371728 2013-07-11] (Cisco WebEx LLC)

HKU\S-1-5-21-140116415-3017645032-1259276925-11414\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated)

HKU\S-1-5-21-140116415-3017645032-1259276925-11414\...\Run: [SysutilVoice] => C:\Windows\system32\rundll32.exe "C:\Users\Marie.Kozlowski\AppData\Local\SysutilVoice\SysutilVoice.dll",DllRegisterServer <===== ATTENTION

HKU\S-1-5-21-3007030589-1973198116-404547778-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S0].txt [873 2014-08-25] ()

Startup: C:\Users\Marie.Kozlowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x08FCF119090ACE01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} -  No File

Handler-x32: qvp - {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_41 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-09-04]

 

Chrome:

=======

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-12-21]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [408272 2014-07-10] (Microsoft Corporation)

R2 AgentService; C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)

R2 CrmSqlStartupSvc; C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [24240 2014-04-21] (Microsoft Corporation)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8941016 2012-10-23] (DisplayLink Corp.)

R2 HealthService; C:\Program Files\System Center Operations Manager\Agent\HealthService.exe [25200 2012-10-30] (Microsoft Corp.)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-08-25] (SurfRight B.V.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-07-18] (Intel Corporation)

R2 LMIRescue_c03ade6f-f426-4215-8df3-04ddcb1a7acd; C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe [3079488 2014-08-25] (LogMeIn, Inc.)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [53936 2013-06-18] (Microsoft Corporation)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [53936 2013-06-18] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 OCS INVENTORY; C:\Program Files (x86)\OCS Inventory Agent\ocsservice.exe [69632 2009-04-16] (http://www.ocsinventory-ng.org) [File not signed]

R2 OmcSvc; C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe [57568 2014-05-22] (Microsoft Corporation)

S2 omupdsrv; C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost.exe [57568 2014-05-22] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]

R2 SignalingAgent; C:\Program Files\Microsoft\OnlineManagement\Common\omsvchost2.exe [57568 2014-05-22] (Microsoft Corporation)

R3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed]

R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [1652280 2012-06-26] (GlavSoft LLC.)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [17408 2012-11-19] (http://libusb-win32.sourceforge.net)

S3 dlcdcecm; C:\Windows\System32\DRIVERS\dlcdcecm.sys [41984 2012-10-23] (DisplayLink Corp.)

S3 dlusbaudio; C:\Windows\System32\DRIVERS\dlusbaudio_x64.sys [198304 2012-10-23] (DisplayLink Corp.)

S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [73472 2012-04-12] (Fresco Logic)

S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2010-04-22] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8229520 2012-10-09] (Realtek Semiconductor Corp.)

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-01-10] (Synaptics Incorporated)

S3 KAPFA; \??\C:\Windows\system32\drivers\KAPFA.SYS [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-25 09:55 - 2014-08-25 09:55 - 00024385 _____ () C:\Users\Marie.Kozlowski\Desktop\FRST.txt

2014-08-25 09:54 - 2014-08-25 09:54 - 02103296 _____ (Farbar) C:\Users\Marie.Kozlowski\Desktop\FRST64.exe

2014-08-25 09:34 - 2014-08-25 09:34 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-08-25 09:20 - 2014-08-25 09:55 - 00000000 ____D () C:\FRST

2014-08-25 09:04 - 2014-08-25 09:04 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-08-25 09:04 - 2014-08-25 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-08-25 09:04 - 2014-08-25 09:04 - 00000000 ____D () C:\Program Files\HitmanPro

2014-08-25 09:03 - 2014-08-25 09:18 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-08-25 08:46 - 2014-08-25 08:48 - 00000000 ____D () C:\AdwCleaner

2014-08-25 08:46 - 2014-08-25 08:46 - 01364531 _____ () C:\Users\Marie.Kozlowski\Downloads\AdwCleaner.exe

2014-08-25 08:24 - 2014-08-25 08:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-25 08:24 - 2014-08-25 08:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-25 08:24 - 2014-08-25 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-25 08:24 - 2014-08-25 08:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-25 08:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-25 08:24 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-25 08:21 - 2014-08-25 08:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marie.Kozlowski\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-25 08:20 - 2014-08-25 08:20 - 00000000 ____D () C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet

2014-08-21 17:59 - 2014-08-21 17:59 - 00000000 ____D () C:\Users\Marie.Kozlowski\AppData\Local\SysutilVoice

2014-08-20 16:40 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-20 16:40 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-20 16:40 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-20 16:40 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-20 16:40 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-20 16:40 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-20 16:39 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-20 16:39 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-18 16:20 - 2014-08-18 16:21 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Nature's One

2014-08-17 08:02 - 2014-07-24 07:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-17 08:02 - 2014-07-24 07:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-17 08:02 - 2014-07-24 07:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-17 08:02 - 2014-07-24 07:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-17 08:02 - 2014-07-24 07:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-17 08:02 - 2014-07-24 05:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-17 08:02 - 2014-07-24 05:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-17 08:02 - 2014-07-24 05:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-17 08:02 - 2014-07-24 05:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-17 08:02 - 2014-07-24 05:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-17 08:02 - 2014-07-24 05:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-17 08:02 - 2014-07-24 04:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-08-17 08:02 - 2014-07-24 04:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-08-17 08:01 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-17 08:01 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-17 08:01 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-17 08:01 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-17 08:01 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-17 08:01 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-17 08:01 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-17 08:01 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-17 08:01 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-17 08:01 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-17 08:01 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-17 08:01 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-17 08:01 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-17 08:01 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-06 14:00 - 2013-12-21 04:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-06 14:00 - 2013-12-21 02:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-03 20:19 - 2013-02-17 01:40 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE

2014-08-03 20:18 - 2014-08-03 20:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-08-03 20:18 - 2014-08-03 20:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-08-03 20:18 - 2014-08-03 20:18 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-08-03 20:18 - 2014-08-03 20:18 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-08-03 20:18 - 2014-08-03 20:18 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-08-03 20:18 - 2014-08-03 20:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-08-03 20:18 - 2014-08-03 20:18 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-08-25 09:55 - 2014-08-25 09:55 - 00024385 _____ () C:\Users\Marie.Kozlowski\Desktop\FRST.txt

2014-08-25 09:55 - 2014-08-25 09:20 - 00000000 ____D () C:\FRST

2014-08-25 09:54 - 2014-08-25 09:54 - 02103296 _____ (Farbar) C:\Users\Marie.Kozlowski\Desktop\FRST64.exe

2014-08-25 09:45 - 2013-03-29 21:38 - 01137002 _____ () C:\Windows\WindowsUpdate.log

2014-08-25 09:34 - 2014-08-25 09:34 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-08-25 09:18 - 2014-08-25 09:03 - 00000000 ____D () C:\ProgramData\HitmanPro

2014-08-25 09:14 - 2012-09-05 12:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-25 09:04 - 2014-08-25 09:04 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk

2014-08-25 09:04 - 2014-08-25 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

2014-08-25 09:04 - 2014-08-25 09:04 - 00000000 ____D () C:\Program Files\HitmanPro

2014-08-25 08:57 - 2009-07-13 23:45 - 00006928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-25 08:57 - 2009-07-13 23:45 - 00006928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-25 08:54 - 2009-07-14 00:13 - 00808484 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-25 08:49 - 2010-11-20 22:47 - 00304896 _____ () C:\Windows\PFRO.log

2014-08-25 08:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-25 08:49 - 2009-07-13 23:51 - 00095478 _____ () C:\Windows\setupact.log

2014-08-25 08:48 - 2014-08-25 08:46 - 00000000 ____D () C:\AdwCleaner

2014-08-25 08:46 - 2014-08-25 08:46 - 01364531 _____ () C:\Users\Marie.Kozlowski\Downloads\AdwCleaner.exe

2014-08-25 08:24 - 2014-08-25 08:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-25 08:24 - 2014-08-25 08:24 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-25 08:24 - 2014-08-25 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-25 08:24 - 2014-08-25 08:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-25 08:24 - 2014-01-02 20:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-25 08:21 - 2014-08-25 08:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Marie.Kozlowski\Downloads\mbam-setup-2.0.2.1012.exe

2014-08-25 08:20 - 2014-08-25 08:20 - 00000000 ____D () C:\Users\Marie.Kozlowski\AppData\Local\LogMeIn Rescue Applet

2014-08-24 11:24 - 2013-10-01 20:49 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Personal

2014-08-22 20:24 - 2013-08-28 13:08 - 00000120 _____ () C:\Windows\system32\config\netlogon.ftl

2014-08-22 20:16 - 2012-09-05 12:28 - 00000000 ____D () C:\Program Files (x86)\OCS Inventory Agent

2014-08-22 15:45 - 2013-09-20 11:29 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Abbott Nutrition

2014-08-22 14:59 - 2013-08-28 13:08 - 00016626 __RSH () C:\ProgramData\ntuser.pol

2014-08-22 11:13 - 2013-10-07 15:06 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Barrel o Fun

2014-08-21 17:59 - 2014-08-21 17:59 - 00000000 ____D () C:\Users\Marie.Kozlowski\AppData\Local\SysutilVoice

2014-08-21 17:26 - 2013-09-09 16:31 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Customer

2014-08-20 22:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-08-20 17:14 - 2013-09-04 11:18 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\SunOpta

2014-08-20 16:46 - 2012-09-06 10:36 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-20 16:42 - 2013-08-28 13:34 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-20 16:41 - 2012-09-05 13:44 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-20 10:19 - 2014-02-19 09:52 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Post

2014-08-18 16:52 - 2013-09-10 17:31 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\GMI

2014-08-18 16:22 - 2014-01-10 14:09 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Nestle

2014-08-18 16:21 - 2014-08-18 16:20 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Nature's One

2014-08-17 19:35 - 2013-10-21 11:24 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Schwans

2014-08-17 18:38 - 2014-02-17 23:29 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Shearer's

2014-08-07 14:58 - 2013-10-28 10:16 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Kroger

2014-08-06 14:20 - 2013-09-04 11:15 - 00000000 ____D () C:\Users\Marie.Kozlowski\AppData\Local\Adobe

2014-08-05 16:56 - 2014-03-25 16:57 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\SANA

2014-08-04 10:52 - 2013-10-03 18:25 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\CAG

2014-08-03 20:25 - 2013-08-28 16:43 - 00001417 _____ () C:\Users\Marie.Kozlowski\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-03 20:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-03 20:19 - 2013-08-28 13:36 - 00013508 _____ () C:\Windows\IE10_main.log

2014-08-03 20:18 - 2014-08-03 20:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat

2014-08-03 20:18 - 2014-08-03 20:18 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat

2014-08-03 20:18 - 2014-08-03 20:18 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-08-03 20:18 - 2014-08-03 20:18 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-08-03 20:18 - 2014-08-03 20:18 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-08-03 20:18 - 2014-08-03 20:18 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-08-03 20:18 - 2014-08-03 20:18 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-08-03 20:18 - 2014-08-03 20:18 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-08-03 20:18 - 2014-08-03 20:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-07-31 16:15 - 2013-09-05 10:35 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\Nestle Purina

2014-07-28 17:14 - 2013-10-19 10:17 - 00000000 ____D () C:\Users\Marie.Kozlowski\Documents\IFT

 

Some content of TEMP:

====================

C:\Users\Marie.Kozlowski\AppData\Local\Temp\cwbloir.dll

C:\Users\Marie.Kozlowski\AppData\Local\Temp\i4jdel0.exe

C:\Users\Strawberry\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-08-17 08:39

 

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03

Ran by Strawberry at 2014-08-25 10:03:55

Running from C:\Users\Marie.Kozlowski\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Intune Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Intune Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.06 - Adobe Systems)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.02) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.02 - Adobe Systems Incorporated)

Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.00495 - Cisco Systems, Inc.)

Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.00495 - Cisco Systems, Inc.) Hidden

Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)

Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.6.2.4 - Autonomy Corporation plc)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)

DisplayLink Core Software (HKLM\...\{D0FDDF3A-CA9F-4BF4-AD46-0E4CB0394848}) (Version: 7.0.42593.0 - DisplayLink Corp.)

DisplayLink Graphics (HKLM\...\{DF91EDDE-AC1C-4E29-8344-44B49476AF55}) (Version: 7.0.42631.0 - DisplayLink Corp.)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Fresco Logic USB3.0 Host Controller (HKLM\...\{36D8E05D-1287-4F40-BEEF-A64F88E5EE47}) (Version: 3.5.46.0 - Fresco Logic Inc.)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.221 - SurfRight B.V.)

HP 3D DriveGuard (HKLM\...\{C35A147C-5037-443A-9BF8-A5E7C2154CE4}) (Version: 5.1.7.1 - Hewlett-Packard Company)

HP HD Webcam Driver (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10190 - Realtek Semiconductor Corp.)

HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)

Hyland Client Components (HKLM-x32\...\{AA72DD6E-125B-45B3-ADC5-DF35700F78E4}) (Version: 10.0.071 - Hyland Software)

Hyland Web ActiveX Controls (HKLM-x32\...\{FF6510AB-DB9E-4A57-8D1A-C24B33E0B74D}) (Version: 10.0.071 - Hyland Software)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 17.3 - Intel)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2778 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)

Java Auto Updater (x32 Version: 2.0.7.2 - Sun Microsystems, Inc.) Hidden

Java™ 6 Update 41 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416041FF}) (Version: 6.0.410 - Oracle)

Java™ 6 Update 41 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216041FF}) (Version: 6.0.410 - Oracle)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Dynamics CRM 2011 English (United States) Language Pack (x32 Version: 5.0.9690.4150 - Microsoft Corporation) Hidden

Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (HKLM-x32\...\Microsoft CRM Client) (Version: 5.0.9690.4150 - Microsoft Corporation)

Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (x32 Version: 5.0.9690.1992 - Microsoft Corporation) Hidden

Microsoft Easy Assist v2 (x32 Version: 8.1.6416.0 - Microsoft Corporation) Hidden

Microsoft Endpoint Protection Management Components (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Online Management Agent Installer (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Microsoft Online Management Client (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Microsoft Online Management Client Service (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Microsoft Online Management Policy Agent (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Microsoft Online Management Update Manager (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Microsoft Policy Platform (Version: 1.3.3765.0 - Microsoft Corporation) Hidden

Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{421B88F8-D7C9-44CB-8B73-166D65B18DCC}) (Version: 11.1.3366.16 - Microsoft Corporation)

Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{28DA3304-9EC2-4097-BC64-B59A1958841F}) (Version: 3.5.8082.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}) (Version: 3.5.8082.0 - Microsoft Corporation)

Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)

Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

OCS Inventory Agent 4.0.5.4 (HKLM-x32\...\OCS Inventory Agent) (Version: 4.0.5.4 - OCS Inventory NG Team)

QlikView Plugin (HKLM-x32\...\{CADF5EE8-75F7-489A-A564-CB51CF8DED9B}) (Version: 9.0.7440.8 - QlikTech International AB)

QvPluginSetup (HKLM-x32\...\{9E76F605-758C-46D2-84B9-E645A9E1D165}) (Version: 11.0.11440.0 - QlikTech International AB)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.86 - Realtek Semiconductor Corp.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Skype™ 5.10 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 5.10.114 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.9.0 - Synaptics Incorporated)

System Center 2012 - Operations Manager Agent (Version: 7.0.9538.0 - Microsoft Corporation) Hidden

TightVNC (HKLM\...\{BC994A59-6E98-4203-8A35-819938DD5ED1}) (Version: 2.5.2.0 - GlavSoft LLC.)

Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.STANDARD_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.STANDARD_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.STANDARD_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARD_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)

Update Rollup 16 for Microsoft Dynamics CRM for Outlook (KB2872369) (HKLM-x32\...\KB2872369_Client_1033) (Version: 5.0.9690.3911 - Microsoft Corporation)

Update Rollup 17 for Microsoft Dynamics CRM for Outlook (KB2915687) (HKLM-x32\...\KB2915687_Client_1033) (Version: 5.0.9690.4150 - Microsoft Corporation)

Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (HKLM-x32\...\KB2600640_Client_1033) (Version: 5.0.9690.1992 - Microsoft Corporation)

Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)

WebEx Productivity Tools (HKLM-x32\...\{AAF23BB1-2DCB-411A-A0A7-0A118C827ABF}) (Version: 2.32.1201.16851 - Cisco WebEx LLC)

Windows Firewall Configuration Provider (Version: 1.3.3765.0 - Microsoft Corporation) Hidden

Windows Intune (Version: 4.0.14351.0 - Microsoft Corporation) Hidden

Windows Intune Center (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Windows Intune Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Windows Intune Endpoint Protection Agent (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Windows Intune Monitoring Agent (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Windows Intune Notification Service (Version: 5.0.2010.0 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-140116415-3017645032-1259276925-11414_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Marie.Kozlowski\AppData\Local\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

 

==================== Restore Points  =========================

 

30-07-2014 12:03:19 Windows Update

04-08-2014 01:17:34 Microsoft Online Management Updates

04-08-2014 01:37:34 Windows Update

06-08-2014 19:00:24 Microsoft Online Management Updates

17-08-2014 13:11:59 Microsoft Online Management Updates

20-08-2014 21:39:27 Microsoft Online Management Updates

24-08-2014 16:34:33 Windows Update

25-08-2014 14:17:30 Checkpoint by HitmanPro

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {132A79CF-DE3B-4AEF-80D4-FDC0B3E94A88} - System32\Tasks\Microsoft\OnlineManagement\Microsoft.OnlineManagement.UpdateTask => C:\Program Files\Microsoft\OnlineManagement\Updates\Bin\omupdclt.exe [2014-05-22] (Microsoft Corporation)

Task: {49FCE501-4B31-42A1-ADE5-6A7E974D6F34} - System32\Tasks\Microsoft\Windows\PLA\KCTR$1496 => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "KCTR$1496" "$(Arg0)"

Task: {74AB0A29-37A7-4166-83F5-3515EB420170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)

Task: {F7EB2E38-B802-43D2-B071-A4DC16E90F1A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {FAD63D9F-66C3-4583-935C-A6BB16FA26ED} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-05-22 23:32 - 2014-05-22 23:32 - 01253088 _____ () C:\Program Files\Microsoft\OnlineManagement\Monitoring\IntuneConnector.dll

2011-09-01 03:13 - 2011-09-01 03:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-08-25 09:34 - 2014-06-26 07:44 - 00358144 _____ () C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

2012-08-03 13:53 - 2012-08-03 13:53 - 00062968 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-08-20 22:01 - 2014-08-20 22:01 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3413aa334f7a551bbf5f4be4a38bf0f2\IsdiInterop.ni.dll

2012-09-05 11:52 - 2012-05-30 12:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-03-29 22:06 - 2012-07-17 22:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KARCHMRC62752467171068 => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KARCHMRC62752467171068 => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_c03ade6f-f426-4215-8df3-04ddcb1a7acd => ""="Service"

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

 

==================== Faulty Device Manager Devices =============

 

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Cisco Systems

Service: vpnva

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/25/2014 08:50:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/25/2014 08:50:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/25/2014 08:49:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/25/2014 08:24:28 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Faulting module name: mbamservice.exe, version: 3.0.2.0, time stamp: 0x5318d363

Exception code: 0x40000015

Fault offset: 0x0007da8a

Faulting process id: 0x29e0

Faulting application start time: 0xmbamservice.exe0

Faulting application path: mbamservice.exe1

Faulting module path: mbamservice.exe2

Report Id: mbamservice.exe3

 

Error: (08/25/2014 05:56:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/25/2014 05:56:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/25/2014 05:55:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/24/2014 11:22:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011007}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/24/2014 11:22:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011008}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (08/24/2014 11:21:03 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

Error: (08/25/2014 10:01:27 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

Error: (08/25/2014 09:36:35 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

Error: (08/25/2014 09:24:00 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

Error: (08/25/2014 09:07:53 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

Error: (08/25/2014 08:52:27 AM) (Source: TermService) (EventID: 1067) (User: )

Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.

.

 

Error: (08/25/2014 08:50:32 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

Error: (08/25/2014 08:50:08 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: SUNOPTA)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (08/25/2014 08:49:57 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)

Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

 

Error: (08/25/2014 08:49:34 AM) (Source: NETLOGON) (EventID: 5719) (User: )

Description: This computer was not able to set up a secure session with a domain

controller in domain SUNOPTA due to the following:

%%1311

 

This may lead to authentication problems. Make sure that this

computer is connected to the network. If the problem persists,

please contact your domain administrator.

 

 

 

ADDITIONAL INFO

 

If this computer is a domain controller for the specified domain, it

sets up the secure session to the primary domain controller emulator in the specified

domain. Otherwise, this computer sets up the secure session to any domain controller

in the specified domain.

 

Error: (08/25/2014 08:39:23 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)

Description: A new BITS job could not be created. The current job count for the user SUNOPTA\Marie.Kozlowski (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

 

 

Microsoft Office Sessions:

=========================

Error: (08/25/2014 08:50:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

 

Error: (08/25/2014 08:50:42 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

 

Error: (08/25/2014 08:49:39 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/25/2014 08:24:28 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbamservice.exe3.0.2.05318d363mbamservice.exe3.0.2.05318d363400000150007da8a29e001cfc067e17ddf31C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe231f696f-2c5b-11e4-ad06-b4b67637b6b6

 

Error: (08/25/2014 05:56:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

 

Error: (08/25/2014 05:56:39 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

 

Error: (08/25/2014 05:55:57 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (08/24/2014 11:22:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)

 

Error: (08/24/2014 11:22:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: SUNOPTA)

Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011008}1625(NULL)(NULL)(NULL)

 

Error: (08/24/2014 11:21:03 AM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i5-3427U CPU @ 1.80GHz

Percentage of memory in use: 27%

Total physical RAM: 12151.54 MB

Available physical RAM: 8808.33 MB

Total Pagefile: 24301.27 MB

Available Pagefile: 20541.56 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:167.58 GB) (Free:95.95 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: DAFEEEE1)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 


Edited by naterased, 25 August 2014 - 10:09 AM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 PM

Posted 26 August 2014 - 03:16 AM

:welcome:

Hello naterased,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 naterased

naterased
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 26 August 2014 - 08:55 AM

I have the FRST logs posted in my original post. Thanks, I'll work on getting the other log.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 PM

Posted 27 August 2014 - 07:31 AM

1. Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Any problems with that tool?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 PM

Posted 29 August 2014 - 06:05 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:48 PM

Posted 31 August 2014 - 01:04 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users