Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JS/Kryptik.l trojan - Causing lots of popups


  • This topic is locked This topic is locked
18 replies to this topic

#1 MajorBrainDamage

MajorBrainDamage

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 28 September 2014 - 07:22 PM

Hello,

 

I have managed to get infected with the JS/Kryptik.l Trojan on my machine when I was booking a hotel.

This has been driving me nuts for a few weeks and it does not matter what I do I can’t get rid of this.

 

I keep getting popups regarding hotel accommodation popups, every time I roll over an image in a browser it replaces it with an image of its own.

 

ESET Endpoint Antivirus keeps flagging this and terminating the connection (quarantined)

I have ran Malwarebytes to try and resolve this but this simply recreates itself.

 

I am running: Windows 8.1 64bit, using IE11.0.9600.17278, Firefox 30.0.3 & Opera 24.0.1558.64

 

I would appreciate any support in getting rid of this infection.

 

Kind Regards,

MBD



BC AdBot (Login to Remove)

 


m

#2 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 28 September 2014 - 07:41 PM

I have tried to run the DDS.com file but I am getting an error:

 

"DDS is not meant to run in 'Compatibility Mode'.

The program shall now exit."

 

I don't know how to run this correctly.



#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 29 September 2014 - 12:53 PM

Hi MajorBrainDamage and Welcome to BleepingComputer!

As I am currently in training, my posts have to be approved by my mentor first. I will advice you on what to do in my next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 29 September 2014 - 05:02 PM

Hello MajorBrainDamage

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Step 1

I would like to see the Log Malwarebytes Anti-malware made when it removed the threats.

Logs can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.

Step 2

Please Download Farbar Recovery Scan Tool Farbar Recovery Scan Tool 64-Bit and save it to your Desktop.

[*]Double Click the Program to Run it.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log FRST.txt and Additional.txt which will open in Notepad. Please copy and paste it to your reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 29 September 2014 - 05:02 PM

Hello Seedy21,

 

Good to see you working through the ranks :)

 

I look forward to your next reply.

 

 

Regards,

MBD



#6 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 29 September 2014 - 05:20 PM

Hello Seedy21,

 

I agree to the points that you asked and I can reassure you that I will not change my computer (apart from day to day use), I will not request any additional help (unless this thread is closed unresolved), I will ensure that I'll reply within 48 hours of any post. All software running on this machine should be legimiate and if it is not I would like to know what so I can find out why & lastly I totally understand that you are a volunteer and completley value and appreciate your time and effort in helping me with this issue.

 

 

Please find the requested information below,

 

------------------------------------------------------------------
MALWAREBYTES LOG
22-09-2014

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 22/09/2014
Scan Time: 11:23:46 p.m.
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.22.02
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: dhen062

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 357876
Time Elapsed: 13 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-614565923-1027956908-3001582966-24762-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [baf02dc3accf0a2ce99480ba09fa57a9],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-614565923-1027956908-3001582966-24762-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [9416ef01116ac076fde0c68a05ff23dd],

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-614565923-1027956908-3001582966-24762-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0M2P0U0F0B1O1O1G, Quarantined, [9416ef01116ac076fde0c68a05ff23dd]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

------------------------------------------------------------------
FRST LOG
30-09-2014

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by dhen062 (administrator) on IT291881 on 30-09-2014 11:08:57
Running from C:\Users\dhen062\Documents\Desktop
Loaded Profile: dhen062 (Available profiles: Dave & dhen062)
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DesktopSSO\DesktopSSO.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessus-service.exe
(Tenable Network Security, Inc) C:\Program Files\Tenable\Nessus\nessusd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ESET) C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(Dropbox, Inc.) C:\Users\dhen062\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
() C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
() C:\Program Files (x86)\NetLogin\NetLogin.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\EXCEL.EXE
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(RightNow Technologies, Inc.) C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\XOVM02TO.C8X\righ...uoa_48ad3057c253cb4a_000d.000b_da1ebfe4a29a4a70\RightNow.CX.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4148664 2014-04-04] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-06] (Adobe Systems Inc.)
HKLM-x32\...\Run: [DesktopInfo] => C:\Program Files\DesktopInfo\DesktopInfo.exe
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Qsync] => C:\Program Files (x86)\QNAP\Qsync\Qsync.exe [13765840 2014-07-02] (QNAP Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-614565923-1027956908-3001582966-24762\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049120 2014-08-12] (Microsoft Corporation)
HKU\S-1-5-21-614565923-1027956908-3001582966-24762\...\Run: [KillCopy] => "C:\Windows\system32\killcopy.exe" /kcresume /startup
HKU\S-1-5-21-614565923-1027956908-3001582966-24762\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-614565923-1027956908-3001582966-24762\...\Run: [DellSystemDetect] => C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\XOVM02TO.C8X\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-08-14] (Dell)
HKU\S-1-5-21-614565923-1027956908-3001582966-24762\...\Policies\system: [DisableChangePassword] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers:  QsyncEx_Icon1 -> {9EF65B94-EC0D-49F7-B46D-006B388EB03E} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll ()
ShellIconOverlayIdentifiers:  QsyncEx_Icon2 -> {1530F879-62C4-478D-9EDB-CFA716CC703B} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll ()
ShellIconOverlayIdentifiers:  QsyncEx_Icon3 -> {C6D35E15-0D92-44F3-9E36-63EDCD4EDEE1} => C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xE22C88C182D8CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://askit.auckland.ac.nz/
http://google.co.nz/
http://directory.auckland.ac.nz/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 130.216.190.1 130.216.191.1

FireFox:
========
FF ProfilePath: C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default
FF Homepage: hxxp://askit.auckland.ac.nz/|hxxp://google.co.nz/|hxxp://directory.auckland.ac.nz/|majorbraindamage.myqnapcloud.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\dhen062\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: New Zealand English Dictionary - C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\Extensions\en-NZ@dictionaries.addons.mozilla.org [2014-09-13]
FF Extension: Website Counselor - C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\Extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-08-14]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird
FF Extension: ESET Endpoint Security Extension - C:\Program Files\ESET\ESET Endpoint Antivirus\Mozilla Thunderbird [2014-08-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 DesktopSSO; C:\Program Files (x86)\DesktopSSO\DesktopSSO.exe [228352 2014-07-10] () [File not signed]
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [42048 2014-04-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1029704 2014-04-04] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [191368 2014-04-04] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-14] (Intel Corporation)
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R2 Tenable Nessus; C:\Program Files\Tenable\Nessus\nessus-service.exe [18160 2014-06-11] (Tenable Network Security, Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [452432 2012-11-03] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [219696 2014-04-10] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [185224 2013-09-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [155896 2013-09-09] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [147096 2013-09-09] (ESET)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-11-14] (Intel Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R1 nvkflt; C:\Windows\system32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52080 2013-10-11] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 11:08 - 2014-09-30 11:09 - 00000000 ____D () C:\FRST
2014-09-29 13:39 - 2014-09-29 13:40 - 00688992 _____ (Swearware) C:\Users\dhen062\Downloads\dds(1).com
2014-09-29 13:24 - 2014-09-29 13:24 - 00688992 _____ (Swearware) C:\Users\dhen062\Downloads\dds.com
2014-09-29 08:24 - 2014-09-29 08:24 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-29 08:24 - 2014-09-29 08:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-28 22:04 - 2014-09-28 22:04 - 00000370 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-09-27 17:01 - 2014-09-27 17:01 - 00001083 _____ () C:\Users\Public\Desktop\DriverToolkit.lnk
2014-09-27 17:01 - 2014-09-27 17:01 - 00000000 ____D () C:\Users\dhen062\AppData\Local\DriverToolkit
2014-09-27 17:01 - 2014-09-27 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2014-09-27 17:01 - 2014-09-27 17:01 - 00000000 ____D () C:\Program Files (x86)\DriverToolkit
2014-09-27 17:00 - 2014-09-27 17:01 - 02448688 _____ (Megaify Software ) C:\Users\dhen062\Downloads\driver_setup.exe
2014-09-26 18:30 - 2014-09-26 18:30 - 00918952 _____ (Oracle Corporation) C:\Users\dhen062\Downloads\jxpiinstall(1).exe
2014-09-26 18:29 - 2014-09-26 18:29 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-26 18:29 - 2014-09-26 18:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-26 18:29 - 2014-09-26 18:29 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-26 18:29 - 2014-09-26 18:29 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-26 18:29 - 2014-09-26 18:29 - 00000000 ____D () C:\ProgramData\Sun
2014-09-26 18:29 - 2014-09-26 18:29 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-26 18:29 - 2014-09-26 18:29 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-26 18:28 - 2014-09-26 18:28 - 00918952 _____ (Oracle Corporation) C:\Users\dhen062\Downloads\jxpiinstall.exe
2014-09-26 12:46 - 2014-09-26 12:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 14:10 - 2014-09-23 14:10 - 00000000 ____D () C:\Users\dhen062\Downloads\Video
2014-09-23 12:45 - 2014-09-23 12:45 - 00003110 _____ () C:\Windows\System32\Tasks\{0C3F866C-E801-4AE0-BB91-5E8EBD6BE9A6}
2014-09-23 12:40 - 2014-09-23 12:40 - 00002093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\GetDataBack for NTFS.lnk
2014-09-23 12:40 - 2014-09-23 12:40 - 00002087 _____ () C:\Users\Public\Desktop\GetDataBack for NTFS.lnk
2014-09-23 12:40 - 2014-09-23 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-09-23 12:40 - 2014-09-23 12:40 - 00000000 ____D () C:\Program Files (x86)\Runtime Software
2014-09-23 00:22 - 2014-09-30 11:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-23 00:22 - 2014-09-23 00:22 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-23 00:22 - 2014-09-23 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-23 00:21 - 2014-09-23 00:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-23 00:21 - 2014-09-23 00:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-23 00:21 - 2014-05-12 08:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-23 00:21 - 2014-05-12 08:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-23 00:21 - 2014-05-12 08:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-22 07:50 - 2014-09-22 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-22 07:50 - 2014-09-22 07:49 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-22 07:50 - 2014-09-22 07:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-22 07:50 - 2014-09-22 07:49 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-22 07:50 - 2014-09-22 07:49 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-09-22 07:49 - 2014-09-22 07:49 - 00000000 ____D () C:\Program Files\Java
2014-09-22 07:45 - 2014-09-22 07:45 - 00001905 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetLogin.lnk
2014-09-22 07:45 - 2014-09-22 07:45 - 00000000 ____D () C:\Program Files (x86)\NetLogin
2014-09-19 22:54 - 2014-09-19 23:03 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\FileZilla
2014-09-19 22:53 - 2014-09-19 22:53 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\WebExtend
2014-09-19 22:53 - 2014-09-19 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-19 22:53 - 2014-09-19 22:53 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-09-19 22:20 - 2014-09-19 22:20 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy
2014-09-19 22:20 - 2014-09-19 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy
2014-09-19 22:20 - 2014-09-19 22:20 - 00000000 ____D () C:\Program Files (x86)\KillSoft
2014-09-18 13:19 - 2014-09-18 13:19 - 00003484 _____ () C:\Windows\System32\Tasks\Sync Toy
2014-09-18 11:10 - 2014-09-18 11:10 - 00000016 ____H () C:\Users\dhen062\Documents\SyncToy_079bb06c-0372-4406-89b1-eb4c72587ab5.dat
2014-09-18 11:07 - 2014-09-30 09:09 - 00000000 ___RD () C:\Users\dhen062\Dropbox
2014-09-18 11:06 - 2014-09-20 13:38 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 11:03 - 2014-09-29 11:11 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\Dropbox
2014-09-17 00:32 - 2014-09-29 11:07 - 00001024 _____ () C:\.rnd
2014-09-17 00:32 - 2014-09-17 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-17 00:32 - 2014-09-17 00:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tenable Network Security
2014-09-17 00:32 - 2014-09-17 00:32 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-17 00:30 - 2014-09-17 00:30 - 00000000 ____D () C:\ProgramData\Tenable
2014-09-17 00:30 - 2014-09-17 00:30 - 00000000 ____D () C:\Program Files\Tenable
2014-09-16 20:07 - 2014-09-28 22:03 - 00000000 ___RD () C:\Users\dhen062\Qsync
2014-09-16 20:06 - 2014-09-16 20:06 - 00001896 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\QNAP Qsync.lnk
2014-09-16 20:06 - 2014-09-16 20:06 - 00001890 _____ () C:\Users\Public\Desktop\Qsync.lnk
2014-09-16 18:23 - 2014-09-16 20:06 - 00000000 ____D () C:\Users\dhen062\AppData\Local\QNAP
2014-09-16 18:22 - 2014-09-16 20:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2014-09-16 18:22 - 2014-09-16 20:05 - 00000000 ____D () C:\Program Files (x86)\QNAP
2014-09-16 18:22 - 2014-09-16 18:22 - 00002962 _____ () C:\Windows\System32\Tasks\iSCSIAgentAutoStartup
2014-09-16 18:22 - 2014-09-16 18:22 - 00001110 _____ () C:\Users\Public\Desktop\Qfinder.lnk
2014-09-15 09:43 - 2014-09-15 09:43 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\RightNow_Technologies
2014-09-15 09:43 - 2014-09-15 09:43 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightNow
2014-09-15 09:39 - 2014-09-15 09:39 - 00004958 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {1c3745b4-6344-4ded-96b4-f85bcc4d3969} IT291881.UoA.auckland.ac.nz
2014-09-11 09:12 - 2014-08-02 13:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-11 09:09 - 2014-08-26 11:27 - 04148736 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-11 09:08 - 2014-08-29 14:58 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-09-11 09:08 - 2014-08-29 14:32 - 02779136 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-11 09:08 - 2014-08-29 13:59 - 03117568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-11 09:08 - 2014-08-29 12:56 - 02646016 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-11 09:08 - 2014-08-29 12:47 - 02321920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-11 09:08 - 2014-08-23 20:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-11 09:08 - 2014-08-23 20:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-11 09:08 - 2014-08-23 19:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-11 09:08 - 2014-08-23 18:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-11 09:08 - 2014-08-23 17:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-11 09:08 - 2014-08-23 17:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-11 09:08 - 2014-08-23 17:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-11 09:08 - 2014-08-23 17:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-11 09:08 - 2014-08-23 17:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-11 09:05 - 2014-08-16 17:08 - 21195616 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-11 09:05 - 2014-08-16 17:08 - 01507648 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-09-11 09:05 - 2014-08-16 17:01 - 01710184 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-09-11 09:05 - 2014-08-16 16:58 - 01112512 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-11 09:05 - 2014-08-16 16:57 - 02498880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-11 09:05 - 2014-08-16 16:57 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-11 09:05 - 2014-08-16 16:16 - 18722600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-11 09:05 - 2014-08-16 16:16 - 01205976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-09-11 09:05 - 2014-08-16 16:03 - 01467384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-09-11 09:05 - 2014-08-16 14:31 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-11 09:05 - 2014-08-16 14:30 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2014-09-11 09:05 - 2014-08-16 14:19 - 00329216 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2014-09-11 09:05 - 2014-08-16 14:04 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2014-09-11 09:05 - 2014-08-16 13:58 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-09-11 09:05 - 2014-08-16 13:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-11 09:05 - 2014-08-16 13:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\ProximityService.dll
2014-09-11 09:05 - 2014-08-16 13:45 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-09-11 09:05 - 2014-08-16 13:43 - 00321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2014-09-11 09:05 - 2014-08-16 13:43 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-11 09:05 - 2014-08-16 13:31 - 00914432 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-11 09:05 - 2014-08-16 13:31 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-09-11 09:05 - 2014-08-16 13:29 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 09:05 - 2014-08-16 13:23 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-11 09:05 - 2014-08-16 13:22 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-09-11 09:05 - 2014-08-16 13:22 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-09-11 09:05 - 2014-08-16 13:20 - 00921600 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-09-11 09:05 - 2014-08-16 13:19 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-11 09:05 - 2014-08-16 13:18 - 04758528 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-09-11 09:05 - 2014-08-16 13:17 - 08757760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-11 09:05 - 2014-08-16 13:14 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-09-11 09:05 - 2014-08-16 13:13 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-11 09:05 - 2014-08-16 13:13 - 05902848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-11 09:05 - 2014-08-16 13:13 - 00840192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-09-11 09:05 - 2014-08-16 13:11 - 00920064 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-11 09:05 - 2014-08-16 13:11 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-09-11 09:05 - 2014-08-16 13:10 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-09-11 09:05 - 2014-08-16 13:08 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-11 09:05 - 2014-08-16 13:07 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-11 09:05 - 2014-08-01 12:22 - 00388729 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-11 09:02 - 2014-08-16 14:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 09:02 - 2014-08-16 14:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 09:02 - 2014-02-07 00:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 09:02 - 2014-02-06 23:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 09:01 - 2014-08-16 15:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 09:01 - 2014-08-16 15:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 09:01 - 2014-08-16 15:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 09:01 - 2014-08-16 15:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 09:01 - 2014-08-16 14:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 09:01 - 2014-08-16 14:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 09:01 - 2014-08-16 14:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 09:01 - 2014-08-16 14:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 09:01 - 2014-08-16 14:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 09:01 - 2014-08-16 14:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 09:01 - 2014-08-16 14:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 09:01 - 2014-08-16 14:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 09:01 - 2014-08-16 14:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 09:01 - 2014-08-16 14:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 09:01 - 2014-08-16 14:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 09:01 - 2014-08-16 14:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 09:01 - 2014-08-16 14:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 09:01 - 2014-08-16 14:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 09:01 - 2014-08-16 14:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 09:01 - 2014-08-16 13:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 09:01 - 2014-08-16 13:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 09:01 - 2014-08-16 13:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 09:01 - 2014-08-16 13:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 09:01 - 2014-08-16 13:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 09:01 - 2014-08-16 13:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 09:01 - 2014-08-16 13:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 09:01 - 2014-08-16 13:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 09:01 - 2014-08-16 13:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 09:01 - 2014-08-16 13:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 09:01 - 2014-08-16 13:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 09:01 - 2014-08-16 13:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 09:01 - 2014-08-16 13:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 09:01 - 2014-08-16 13:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 09:01 - 2014-07-24 16:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-11 09:01 - 2014-07-24 16:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-11 09:01 - 2014-05-30 22:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 09:01 - 2014-05-30 21:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 09:01 - 2014-02-07 00:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 09:01 - 2014-02-07 00:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 09:01 - 2014-02-07 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 09:01 - 2014-02-06 23:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 09:01 - 2014-02-06 23:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 09:01 - 2014-02-06 23:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 09:01 - 2014-02-06 23:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 09:01 - 2014-02-06 23:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 09:01 - 2014-02-06 22:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 09:01 - 2014-02-06 22:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 09:01 - 2014-02-06 22:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 09:01 - 2014-02-06 22:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-06 22:10 - 2014-09-06 22:10 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\dvdcss
2014-09-04 09:10 - 2014-09-04 09:10 - 00000016 ____H () C:\Users\dhen062\Documents\SyncToy_10079f67-3e12-413b-8b92-f2e89b09f741.dat
2014-09-03 16:38 - 2014-09-03 16:38 - 00000000 ____D () C:\Users\dhen062\AppData\Local\Bomgar
2014-09-03 16:38 - 2014-09-03 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bomgar
2014-09-03 16:38 - 2014-09-03 16:38 - 00000000 ____D () C:\Program Files\Bomgar
2014-09-03 15:13 - 2014-09-03 15:13 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-03 15:13 - 2014-09-03 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 15:13 - 2014-09-03 15:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-03 15:13 - 2014-09-03 15:13 - 00000000 ____D () C:\Program Files\iTunes
2014-09-03 15:13 - 2014-09-03 15:13 - 00000000 ____D () C:\Program Files\iPod
2014-09-03 15:13 - 2014-09-03 15:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-03 15:13 - 2012-08-21 14:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-03 14:27 - 2014-09-03 14:27 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-03 09:00 - 2014-08-15 13:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-03 09:00 - 2014-07-30 14:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-03 09:00 - 2014-07-29 18:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-02 17:46 - 2014-09-30 11:06 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\Skype
2014-09-02 17:46 - 2014-09-29 08:24 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-02 17:46 - 2014-09-29 08:24 - 00000000 ____D () C:\ProgramData\Skype
2014-09-02 17:46 - 2014-09-02 17:46 - 00000000 ____D () C:\Users\dhen062\AppData\Local\Skype
2014-09-02 15:22 - 2014-09-29 11:13 - 00000000 ___DO () C:\Users\dhen062\OneDrive
2014-09-02 15:01 - 2014-09-02 15:01 - 00000000 ____D () C:\ProgramData\RICOH
2014-09-02 12:33 - 2014-09-02 12:33 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-09-02 09:58 - 2014-09-02 13:44 - 00000600 _____ () C:\Users\dhen062\AppData\Local\PUTTY.RND
2014-09-01 09:38 - 2014-09-25 17:01 - 00018650 _____ () C:\Windows\setupact.log
2014-09-01 09:38 - 2014-09-01 09:38 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 11:00 - 2013-08-23 04:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-30 10:54 - 2014-08-13 22:43 - 00001688 _____ () C:\Windows\system32\config\netlogon.ftl
2014-09-30 10:24 - 2014-08-14 10:58 - 00002248 ____H () C:\Users\dhen062\Documents\Default.rdp
2014-09-30 09:31 - 2014-08-14 14:49 - 00000000 ____D () C:\Users\dhen062\AppData\Local\Deployment
2014-09-30 09:31 - 2014-08-14 08:53 - 00000000 ____D () C:\Users\dhen062\AppData\Local\Packages
2014-09-30 09:21 - 2014-08-13 21:09 - 01864614 _____ () C:\Windows\WindowsUpdate.log
2014-09-30 09:02 - 2013-08-23 04:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-29 12:17 - 2014-03-18 23:01 - 00867944 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-29 11:12 - 2014-08-14 10:51 - 00000463 _____ () C:\Windows\SMSCFG.ini
2014-09-29 11:09 - 2014-08-14 08:53 - 00000000 ____D () C:\Users\dhen062
2014-09-29 11:07 - 2014-08-14 12:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 11:07 - 2014-03-18 22:51 - 00031324 _____ () C:\Windows\PFRO.log
2014-09-29 11:07 - 2013-08-23 03:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-29 11:07 - 2013-08-23 03:44 - 00483920 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-29 09:14 - 2014-08-14 08:58 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-614565923-1027956908-3001582966-24762
2014-09-29 08:23 - 2014-08-14 08:53 - 00007282 __RSH () C:\Users\dhen062\ntuser.pol
2014-09-28 21:49 - 2014-08-15 16:56 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\vlc
2014-09-27 17:00 - 2014-08-14 12:08 - 00003818 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1407971297
2014-09-27 17:00 - 2014-08-14 12:08 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-09-26 21:57 - 2014-08-19 09:17 - 00000228 _____ () C:\Users\dhen062\BullseyeCoverageError.txt
2014-09-26 21:25 - 2014-08-14 09:19 - 00000000 ____D () C:\Users\dhen062\Documents\Bomgar Config Backup
2014-09-25 15:39 - 2014-08-18 12:16 - 00000000 ____D () C:\Users\dhen062\AppData\Local\CrashDumps
2014-09-25 11:43 - 2013-08-23 04:36 - 00000000 ____D () C:\Windows\rescache
2014-09-25 09:01 - 2013-08-23 04:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-24 18:32 - 2014-08-14 09:20 - 00000000 ____D () C:\Users\dhen062\Documents\Change
2014-09-23 12:19 - 2014-08-14 08:45 - 00027986 __RSH () C:\ProgramData\ntuser.pol
2014-09-23 12:17 - 2013-08-23 02:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-09-23 12:03 - 2014-08-16 11:35 - 00000000 ____D () C:\Users\dhen062\AppData\Roaming\uTorrent
2014-09-21 10:21 - 2014-08-15 11:09 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 22:49 - 2014-08-14 08:53 - 00000000 ____D () C:\Users\dhen062\AppData\Local\VirtualStore
2014-09-17 13:26 - 2014-08-26 22:32 - 00001118 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-17 13:26 - 2014-08-26 22:32 - 00001106 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-09-17 00:40 - 2014-08-17 21:41 - 00000000 ____D () C:\Users\dhen062\AppData\Local\WinZip
2014-09-12 09:36 - 2013-08-23 04:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-12 09:36 - 2013-08-23 04:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-11 09:15 - 2014-08-14 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-11 09:14 - 2014-08-14 09:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-06 15:29 - 2013-08-23 04:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-05 08:03 - 2014-08-14 08:53 - 00001998 _____ () C:\Windows\system32\ricdb.ini
2014-09-03 09:06 - 2014-08-13 23:16 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-03 09:06 - 2014-08-13 23:16 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\dhen062\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\dhen062\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprh0ek.dll
C:\Users\dhen062\AppData\Local\Temp\jna8817835706745993090.dll
C:\Users\dhen062\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-29 09:14

==================== End Of Log ============================

 

------------------------------------------------------------------
Addition LOG
30-09-2014

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2014
Ran by dhen062 at 2014-09-30 11:09:37
Running from C:\Users\dhen062\Documents\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Endpoint Antivirus 5.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34024 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe CS6 Design and Web Premium (HKLM-x32\...\{402F6F2E-5683-491C-977D-0CA599A07CAF}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{BCFB58FF-181E-472F-A9DB-827B75C1EDF7}) (Version: 12.0.4.144 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bomgar Representative Console 14.2.3 [remote.auckland.ac.nz] (HKLM\...\Bomgar Representative Console [remote.auckland.ac.nz]) (Version: 14.2.3 - Bomgar Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BF1E7B7B-8FBB-45C8-B170-214AA0F4F6AE}) (Version:  - Microsoft)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
DesktopSSO (HKLM-x32\...\{49028C38-AAEA-45CF-B40C-634836155776}) (Version: 0.63.0.0 - The University of Auckland)
DriverToolkit version 8.4.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.4.0.0 - Megaify Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
ESET Endpoint Antivirus (HKLM\...\{889331A6-54A4-4ED0-87CA-0200D720BC12}) (Version: 5.0.2229.1 - ESET, spol. s r.o.)
FileZilla Client 3.9.0.5 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.5 - Tim Kosse)
GetDataBack for NTFS (HKLM-x32\...\{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}) (Version: 4.33.000 - Runtime Software)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.2.1000 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft App Update for Microsoft.ZuneMusic_2014.321.1036.1167_neutral_~_8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NetLogin (HKLM-x32\...\{E4D71B1B-DA8F-4D71-AEF1-7357BD415C17}) (Version: 4.0.6 - The University of Auckland)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
Opera Stable 24.0.1558.64 (HKLM-x32\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.2.1.0722 - QNAP Systems, Inc.)
QNAP Qsync (HKLM-x32\...\Qsync) (Version: 1.3.0.0702 - QNAP Systems, Inc.)
RightNow (uoa) (HKCU\...\6257e859bf7940ae) (Version: 13.11.4.122 - RightNow)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Tenable Nessus (x64) (HKLM\...\{A481DCAA-4FA0-44C4-BB69-10B2F511D8D1}) (Version: 5.2.7.25122 - Tenable Network Security, Inc.)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.0.9.6 - uvnc bvba)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Update for Microsoft Access 2013 (KB2768008) 32-Bit Edition (HKLM-x32\...\{90150000-0015-0409-0000-0000000FF1CE}_Office15.PROPLUS_{104D0AEE-BC85-4FFB-8BD8-D95A850D7A4D}) (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{FB31ABE4-BB41-4E9A-A252-1A4BC9DC8C43}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F47D9DA0-739D-4FEE-A2CD-16B23382F7EE}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F15AA550-A0B9-44AD-9067-2294CCA51F1C}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1AB594AE-C42D-4194-931B-29AD09067631}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F307363-49DA-4AE7-9D9D-DAA1FF59274F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6E6B2968-B9D7-40C9-9FC2-8E729DDBB39C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AFDC9BDD-5608-4A21-8066-13E2ACE1EDB4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4F8AD68D-9F41-446E-AA81-C43BF88671BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{BCD0EA38-A8FB-4F3D-B04E-DFFB38BC7849}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9E03AB38-EF60-4DE6-92FB-656E23403BFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E58009CD-D950-4CAE-89B4-E97C3B78319B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{03FC8649-9511-4FB1-BE34-67A442505DCF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B299B17D-874D-43DD-84AA-414BD9C70021}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{A07ABCD5-4CAF-4493-A591-A6233EF13C7F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5EFADE14-CE0B-43BF-ADD2-850FCB79485F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{188DFB16-BA3F-4AD3-9432-45C8FA64EC8B}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{C5CF8938-646A-41A5-A4E6-6EEE4205CBA4}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{954A0EA5-CCCB-4B4E-8664-40E2CC8BBCBB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4B1A48FA-CAE2-49BB-A912-6F96AE7875D9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{31849233-AD8B-42D7-9AE1-74C79C8E8C03}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1B208923-2810-414F-82CC-AFFC1B19563F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6171BC1B-907E-44D4-930A-4AE0D9260E65}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E1285C4F-1DB7-4A7F-9DEF-22068D09EBFA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{96AE4BBC-69CC-4004-8B53-1F40B2461755}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D4319725-BE26-4B7A-AFAA-17875F8FFA61}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D4319725-BE26-4B7A-AFAA-17875F8FFA61}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{D4319725-BE26-4B7A-AFAA-17875F8FFA61}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2889866) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{D4319725-BE26-4B7A-AFAA-17875F8FFA61}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F080A0ED-070F-4E33-833F-CF893968E6A8}) (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DFC72135-28F1-48CD-B39A-AD28ED0AFEF5}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2837632) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{6D8F4981-88A1-4386-8B3C-A51021FD8395}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{20FF2192-E507-4B44-B861-AED6BE5E890C}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
XSOL InOrder V5.1 (HKLM-x32\...\{1583AE95-B9F6-43D7-B2F8-390AA100AE8F}) (Version: 5.1.1206 - XSOL Limited)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-614565923-1027956908-3001582966-24762_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\dhen062\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-09-2014 11:30:18 Installed Tenable Nessus (x64).
21-09-2014 18:45:26 Installed NetLogin
24-09-2014 20:00:17 Windows Update
26-09-2014 05:29:02 Installed Java 7 Update 67

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-27 12:32 - 2014-09-26 15:23 - 00000992 ____A C:\Windows\system32\Drivers\etc\hosts
130.216.158.20  mail.auckland.ac.nz
130.216.158.20  autodiscover.auckland.ac.nz
130.216.158.20  autodiscover.uoa.auckland.ac.nz
130.216.158.20  imap.auckland.ac.nz


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {02F6BD91-4508-413F-83C9-B659C1029FAE} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2014-07-22] ()
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {245F8D47-011A-4F7F-9D2A-2AEA75836AE6} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {394F1B44-FC26-4038-AA93-A2044F805915} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-23] (Microsoft Corporation)
Task: {41E64CF5-E719-4A8A-9983-35D9792FD83A} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {527AD54E-FD9E-4C5E-B7F4-9862BB9F7C8A} - System32\Tasks\Cab reminder => C:\Windows\System32\WindowsPowerShell\v1.0\\powershell.exe [2013-08-22] (Microsoft Corporation)
Task: {68C88A97-0314-4F5C-99B2-CA76E0C222C7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6B1AAA1C-E097-4823-B563-BF32556CBCD2} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {795D7EA0-4830-403F-835B-910C37F28C25} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {1c3745b4-6344-4ded-96b4-f85bcc4d3969} IT291881.UoA.auckland.ac.nz => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {85C153AD-05E2-4DA8-9E3D-C8E8F4CF65FD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0915A60-02DB-4715-B650-18E62A68330D} - System32\Tasks\Opera scheduled Autoupdate 1407971297 => C:\Program Files (x86)\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {A320DAA0-6074-4266-8B3C-F317106CF5B6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B162B551-73E4-4ABA-93C3-246548B3F423} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C6C8D324-F7D2-48F3-9E80-E134B1E95308} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D05125F7-61DF-42E8-9E4D-B94102192333} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EAE12C0F-587F-4972-A4DC-2FC4458FB459} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EB6A4A0E-E9BC-4A00-8084-E27B05FD8341} - System32\Tasks\Sync Toy => C:\Program Files\SyncToy 2.1\SyncToyCmd.exe [2009-10-19] (Microsoft Corporation)
Task: {FA82F4C6-3B17-42A6-93E0-400B60D11AB0} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {FC381F75-A40A-480C-99F4-46720565F574} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: C:\Windows\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe

==================== Loaded Modules (whitelisted) =============

2013-12-04 03:22 - 2013-12-04 03:22 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-07-10 15:00 - 2014-07-10 15:00 - 00228352 _____ () C:\Program Files (x86)\DesktopSSO\DesktopSSO.exe
2014-06-11 09:50 - 2014-06-11 09:50 - 00070144 _____ () C:\Program Files\Tenable\Nessus\zlib1.dll
2014-09-16 18:22 - 2014-07-22 20:30 - 01739952 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2014-05-02 08:29 - 2014-05-02 08:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-07-02 21:30 - 2014-07-02 21:30 - 00297680 _____ () C:\Program Files (x86)\QNAP\Qsync\QsyncExt.dll
2014-08-12 10:55 - 2014-08-12 10:55 - 08894120 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-08-12 10:55 - 2014-08-12 10:55 - 06483616 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
2014-05-12 22:49 - 2014-05-12 22:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-27 17:00 - 2014-09-27 17:00 - 01372280 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2013-05-13 16:29 - 2013-05-13 16:29 - 11580269 _____ () C:\Program Files (x86)\NetLogin\NetLogin.exe
2013-10-11 10:48 - 2013-10-11 10:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-27 12:41 - 2014-07-27 12:41 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2014-09-26 12:46 - 2014-09-26 12:46 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-29 11:10 - 2014-09-29 11:10 - 00043008 _____ () c:\users\dhen062\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprh0ek.dll
2013-08-24 08:01 - 2013-08-24 08:01 - 25100288 _____ () C:\Users\dhen062\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-21 11:45 - 2013-11-14 08:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-07-19 13:56 - 2013-07-19 13:56 - 01027240 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2012-10-01 21:32 - 2012-10-01 21:32 - 00321136 _____ () C:\Program Files (x86)\Microsoft Office\Office15\msfad.dll
2014-09-07 05:44 - 2014-09-07 05:44 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-25 05:41 - 2014-05-25 05:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-25 05:41 - 2014-05-25 05:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2014-09-27 17:00 - 2014-09-27 17:00 - 01378936 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libglesv2.dll
2014-09-27 17:00 - 2014-09-27 17:00 - 00182392 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\libegl.dll
2014-09-27 17:00 - 2014-09-27 17:00 - 00974968 _____ () C:\Program Files (x86)\Opera\24.0.1558.64\ffmpegsumo.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 02396691 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 02043411 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00244243 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00189971 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00091667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00036371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00075283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00087059 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00292371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00017939 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01280019 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00018451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00336403 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00344595 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00198675 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00027155 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00015891 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01393171 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00146451 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00022035 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00733203 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00026131 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00171027 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 10447379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01549843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00030227 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00103443 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libkate_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00047123 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00746515 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00130579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00168979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00058899 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 01496083 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00019475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00013331 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00014355 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00025619 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00026643 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00587283 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00113683 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00019987 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00053779 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00016915 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00032275 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00018963 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00020499 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00017427 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00015379 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00013843 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2014-07-23 12:29 - 2014-07-23 12:29 - 00068115 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2014-09-15 11:07 - 2013-01-16 23:13 - 00164864 _____ () C:\Users\dhen062\AppData\Roaming\RightNow_Technologies\uoa\13.11.5220.122\FunctionValidator.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Dave\OneDrive:ms-properties
AlternateDataStreams: C:\Users\dhen062\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Qsync"

========================= Accounts: ==========================

Administrator (S-1-5-21-4090860707-1943966576-4130439147-500 - Administrator - Disabled)
Dave (S-1-5-21-4090860707-1943966576-4130439147-1001 - Administrator - Enabled) => C:\Users\Dave
Guest (S-1-5-21-4090860707-1943966576-4130439147-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: HL-DT-ST DVD+-RW GU70N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49681765

Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49681765

Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1343

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1343

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5250

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5250

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 04:08:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906


System errors:
=============
Error: (09/30/2014 09:01:46 AM) (Source: bcbtums) (EventID: 1026) (User: )
Description: Failed initializing BT device, failed RAM patch download.

Error: (09/29/2014 07:04:36 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: UOA)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (09/29/2014 06:12:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/29/2014 05:55:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (09/29/2014 05:55:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: UOA)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (09/29/2014 05:55:04 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain UOA due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.



ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (09/29/2014 03:15:01 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adfsuoa. The target name used was HTTP/adfs.uoa.auckland.ac.nz. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (UOA.AUCKLAND.AC.NZ) is different from the client domain (UOA.AUCKLAND.AC.NZ), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Error: (09/29/2014 01:53:10 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adfsuoa. The target name used was HTTP/adfs.uoa.auckland.ac.nz. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (UOA.AUCKLAND.AC.NZ) is different from the client domain (UOA.AUCKLAND.AC.NZ), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Error: (09/29/2014 00:28:21 PM) (Source: Kerberos) (EventID: 4) (User: )
Description: The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server adfsuoa. The target name used was HTTP/adfs.uoa.auckland.ac.nz. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (UOA.AUCKLAND.AC.NZ) is different from the client domain (UOA.AUCKLAND.AC.NZ), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Error: (09/29/2014 11:13:14 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application Local Management Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 49681765

Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 49681765

Error: (09/30/2014 09:01:42 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1343

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1343

Error: (09/29/2014 07:13:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5250

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5250

Error: (09/29/2014 04:08:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/29/2014 04:08:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3906


CodeIntegrity Errors:
===================================
  Date: 2014-09-23 22:32:46.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 10:51:37.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 10:41:14.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

  Date: 2014-09-02 10:20:11.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3360M CPU @ 2.80GHz
Percentage of memory in use: 70%
Total physical RAM: 8065.44 MB
Available physical RAM: 2354.98 MB
Total Pagefile: 9345.44 MB
Available Pagefile: 2681.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.29 GB) (Free:249.67 GB) NTFS
Drive h: (myhome) (Network) (Total:112484 GB) (Free:53962.03 GB) NTFS
Drive q: () (Network) (Total:243 GB) (Free:13.09 GB)
Drive s: () (Network) (Total:2 GB) (Free:1.51 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: AB5347F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 30 September 2014 - 04:09 PM

Hi MajorBrainDamage

 

Your Logs indicate that this machine is part of a Domain and also looks to have custom programs for a Univeristy.

 

Is this machine owned by the univeristy ? If so you may need to talk to the IT DEPT as they will need to fix the machine for you.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#8 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 30 September 2014 - 04:13 PM

Hello Seedy,

 

Yes this machine is indeed part of a Domain and yes does have custom programs for the University.

This machine however is my personal machine as I contract to the University and as such am not able to get assistance from them.

 

Any program installed on this machine has been installed by myself.

 

Is this an issue?

 

Regards,

MBD



#9 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 30 September 2014 - 04:47 PM


Hi MajorBrainDamage

Thank you for the addional information, we have to check just incase. I hope you understand. Now lets get started.

 


Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

You will need to Uninstall this program before continuing.

 

I also would recommend uninstalling Bonjour as you seem to be getting alot of errors from the program.


Step 1

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it on the Desktop as fixlist.txt
 

CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\dhen062\AppData\Roaming\uTorrent
C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\
C:\Users\dhen062\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\dhen062\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprh0ek.dll
C:\Users\dhen062\AppData\Local\Temp\jna8817835706745993090.dll
C:\Users\dhen062\AppData\Local\Temp\xmlUpdater.exe
EmptyTemp:

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the desktop (Fixlog.txt) please post it to your reply.

Step 2

Download ADWCleaner to your desktop:
http://www.bleepingcomputer.com/download/adwcleaner/

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Step 3
Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar !
autoclean;
emptyclsid;
emptyfolderscheck;delete
startupall;
services_list;
standardsearch;
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#10 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 30 September 2014 - 05:46 PM

Hello Seedy21,

 

Logs as requested,

 

Please be aware that I managed to save three logs from AdwCleaner so I have added them all (they had different file names)

 

Cheers

MBD

 

-------------------------------------------------------------------------------------------------------------

FIXLOG

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-09-2014
Ran by dhen062 at 2014-10-01 11:03:53 Run:1
Running from C:\Users\dhen062\Documents\Desktop
Loaded Profile: dhen062 (Available profiles: Dave & dhen062)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
C:\Users\dhen062\AppData\Roaming\uTorrent
C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\
C:\Users\dhen062\AppData\Local\Temp\BullseyeCoverage-2-x86.dll
C:\Users\dhen062\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprh0ek.dll
C:\Users\dhen062\AppData\Local\Temp\jna8817835706745993090.dll
C:\Users\dhen062\AppData\Local\Temp\xmlUpdater.exe
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
C:\Users\dhen062\AppData\Roaming\uTorrent => Moved successfully.
C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX => Moved successfully.
C:\Users\dhen062\AppData\Local\Temp\BullseyeCoverage-2-x86.dll => Moved successfully.
"C:\Users\dhen062\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpprh0ek.dll" => File/Directory not found.
C:\Users\dhen062\AppData\Local\Temp\jna8817835706745993090.dll => Moved successfully.
C:\Users\dhen062\AppData\Local\Temp\xmlUpdater.exe => Moved successfully.
EmptyTemp: => Removed 3.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

 

-------------------------------------------------------------------------------------------------------------

AdwCleaner[S0]

 

# AdwCleaner v3.311 - Report created 01/10/2014 at 11:16:02
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Enterprise  (64 bits)
# Username : dhen062 - IT291881
# Running from : C:\Users\dhen062\Documents\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\dhen062\AppData\Roaming\WebExtend

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [955 octets] - [01/10/2014 11:13:30]
AdwCleaner[R1].txt - [1014 octets] - [01/10/2014 11:15:34]
AdwCleaner[S0].txt - [941 octets] - [01/10/2014 11:16:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1000 octets] ##########

 

 

-------------------------------------------------------------------------------------------------------------

AdwCleaner[R0]

 

# AdwCleaner v3.311 - Report created 01/10/2014 at 11:13:30
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Enterprise  (64 bits)
# Username : dhen062 - IT291881
# Running from : C:\Users\dhen062\Documents\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\dhen062\AppData\Roaming\WebExtend

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [817 octets] - [01/10/2014 11:13:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [876 octets] ##########
 

-------------------------------------------------------------------------------------------------------------

AdwCleaner[R1]

 

# AdwCleaner v3.311 - Report created 01/10/2014 at 11:15:34
# Updated 30/09/2014 by Xplode
# Operating System : Windows 8.1 Enterprise  (64 bits)
# Username : dhen062 - IT291881
# Running from : C:\Users\dhen062\Documents\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Users\dhen062\AppData\Roaming\WebExtend

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17278


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [955 octets] - [01/10/2014 11:13:30]
AdwCleaner[R1].txt - [876 octets] - [01/10/2014 11:15:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [935 octets] ##########
 

 

-------------------------------------------------------------------------------------------------------------

zoek-results

 

Zoek.exe v5.0.0.0 Updated 30-09-2014
Tool run by dhen062 on Wed 01/10/2014 at 11:23:04.47.
Microsoft Windows 8.1 Enterprise 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\dhen062\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/10/2014 11:24:32 a.m. Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Wondershare deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Dave\AppData\Local\VirtualStore deleted successfully
C:\Users\dhen062\AppData\Local\DriverToolkit deleted successfully
C:\Users\dhen062\AppData\Local\XSol deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\DesktopSSO\DesktopSSO.exe
C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
C:\Users\dhen062\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TechSmith\Snagit 12\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 12\snagiteditor.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\dhen062\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\Wondershare deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\dhen062\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default\extensions\{cc6cc772-f121-49e0-b1f0-c26583cb0c5e} deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8066 MB
CPU Info: Intel® Core™ i5-3360M CPU @ 2.80GHz
CPU Speed: 2864.9 MHz
Sound Card: Speakers (High Definition Audio |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | NVIDIA NVS 5200M    | NVIDIA NVS 5200M
Monitors: 3x; Generic PnP Monitor | Dell U2412M(Digital) | Dell U2412M(Digital) |
Screen Resolution: 1920 X 1200 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Intel® Centrino® Advanced-N 6205 | Intel® 82579LM Gigabit Network Connection
CD / DVD Drives: No optical drives found.
Ports: COM Ports NOT Present. LPT1
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  698.3GB
Hard Disks - Free: C:  249.9GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 10/08/12 | DELL   - 1072009
Time Zone: New Zealand Standard Time
Motherboard *: Dell Inc. 07Y85M
Country: New Zealand
Language: ENZ

==== System Specs (Software) ======================

Anti-Virus: ESET Endpoint Antivirus 5.0 On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: ESET Endpoint Antivirus 5.0 disabled (Outdated)
Default Browser: Firefox    32.0.3
Internet Explorer Version: 11.0.9600.17278
Mozilla Firefox version: 32.0.3 (x86 en-US)
Opera Browser version: 24.0.1558.64
Adobe Reader version: 11.0.9.29
Sun Java version: 1.7.0_67 (32-bit)
Sun Java version: 1.7.0_67 (64-bit)
Flash Player version: 14.0.0.179
Shockwave Player version: 12.0.4r144

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-09-10 20:08:51    ACDBE1ED38167C8B01B8F63161BB2CEA    2374784    ----a-w-    C:\Windows\explorer.exe
====== C:\Users\dhen062\AppData\Local\Temp ====
2014-09-30 22:19:16    4E566FEA83FCEEAF2873702806B55006    43008    ----a-w-    C:\Users\dhen062\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6z94un.dll
====== Java Cache =====
2014-09-28 21:11:39    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Users\dhen062\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-5b549917
====== C:\Windows\SysWOW64 =====
2014-09-26 05:29:47    07EF2978A5BC36720378F95566697FD8    272808    ----a-w-    C:\Windows\SysWOW64\javaws.exe
2014-09-26 05:29:44    0F70F4DAF2BC5613EE75C9B2585CE67E    98216    ----a-w-    C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-26 05:29:40    3BDEB17FE6390BFF1BF3A2D964DE8E48    175528    ----a-w-    C:\Windows\SysWOW64\javaw.exe
2014-09-26 05:29:40    11FD45A41DF45298686ED39062AABE2A    175528    ----a-w-    C:\Windows\SysWOW64\java.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-21 18:50:04    1E4B49F0261DFE0554ADC597F531E2C6    319912    ----a-w-    C:\Windows\Sysnative\javaws.exe
2014-09-21 18:50:00    F5853E27E18E47E4A0F1F69F068B5AEC    111016    ----a-w-    C:\Windows\Sysnative\WindowsAccessBridge-64.dll
2014-09-21 18:50:00    EC335EBD1AD1B3D252F9485DFE9AA6A7    189352    ----a-w-    C:\Windows\Sysnative\javaw.exe
2014-09-21 18:50:00    881430C055BAD0233EF9014C12AC629A    189352    ----a-w-    C:\Windows\Sysnative\java.exe
====== C:\Windows\Sysnative\drivers =====
2014-09-22 11:22:09    8A50D5304E6AE48664CF5838EC32F647    122584    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-22 11:21:57    F92B0E478C0FAA6D6661E6E977247E60    25816    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2014-09-22 11:21:57    9D9ED48F841EA37AA5310D54B9E5D3C7    91352    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-22 11:21:57    0664F6335F108F38FE08C3CA747311EE    64216    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2014-09-10 20:05:42    87F3713E620F62D243A82B3CB66CBDDE    2498880    ----a-w-    C:\Windows\Sysnative\drivers\tcpip.sys
2014-09-10 20:05:42    329FEB41BBE82FBBD9BD69547BA1CB82    428864    ----a-w-    C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-09-03 02:13:30    8E98D21EE06192492A5671A6144D092F    33240    ----a-w-    C:\Windows\Sysnative\drivers\GEARAspiWDM.sys
2014-09-02 20:00:30    8DF1254093B5C354CE725EB6B9B0DE19    146752    ----a-w-    C:\Windows\Sysnative\drivers\msgpioclx.sys
2014-09-01 23:33:00    D41D8CD98F00B204E9800998ECF8427E    0    ---ha-w-    C:\Windows\Sysnative\drivers\Msft_Kernel_netaapl64_01009.Wdf
====== C:\Windows\Tasks ======
2014-09-28 09:04:00    2FC8602FAF4F32DA8AB6CD660602DCAF    370    ----a-w-    C:\Windows\Tasks\DriverToolkit Autorun.job
2014-09-22 23:45:09    4446E677E9F34F36601276C56DF78834    3110    ----a-w-    C:\Windows\Sysnative\Tasks\{0C3F866C-E801-4AE0-BB91-5E8EBD6BE9A6}
2014-09-18 00:19:38    6DB40CB21C820D3C80B9F64F2587F65D    3484    ----a-w-    C:\Windows\Sysnative\Tasks\Sync Toy
2014-09-16 05:22:45    26C1685D80D7A63E230D82A92220A88E    2962    ----a-w-    C:\Windows\Sysnative\Tasks\iSCSIAgentAutoStartup
2014-09-14 20:39:19    8233BE046CD1776C241608641E76FBAA    4958    ----a-w-    C:\Windows\Sysnative\Tasks\Microsoft Office 15 Sync Maintenance for {1c3745b4-6344-4ded-96b4-f85bcc4d3969} IT291881.UoA.auckland.ac.nz
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-21 18:49:56    --------    d-----w-    C:\Program Files\Java
2014-09-16 11:30:38    --------    d-----w-    C:\Program Files\Tenable
2014-09-03 03:38:39    --------    d-----w-    C:\Program Files\Bomgar
2014-09-03 02:13:14    --------    d-----w-    C:\Program Files\iTunes
2014-09-03 02:13:14    --------    d-----w-    C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-09-28 19:24:52    --------    d-----w-    C:\PROGRA~2\COMMON~1\Skype
2014-09-28 19:24:48    --------    d-----r-    C:\PROGRA~2\Skype
2014-09-27 04:01:30    --------    d-----w-    C:\PROGRA~2\DriverToolkit
2014-09-26 05:29:49    --------    d-----w-    C:\PROGRA~2\COMMON~1\Java
2014-09-26 05:29:28    --------    d-----w-    C:\PROGRA~2\Java
2014-09-22 23:40:55    --------    d-----w-    C:\PROGRA~2\Runtime Software
2014-09-19 09:53:45    --------    d-----w-    C:\PROGRA~2\FileZilla FTP Client
2014-09-19 09:20:33    --------    d-----w-    C:\PROGRA~2\KillSoft
2014-09-16 11:32:05    --------    d-----w-    C:\PROGRA~2\WinPcap
2014-09-16 05:22:37    --------    d-----w-    C:\PROGRA~2\QNAP
2014-09-03 02:13:14    --------    d-----w-    C:\PROGRA~2\iTunes
======= C: =====
2014-09-16 11:32:07    3B450FBF312502D684CEE144822D5F74    1024    ----a-w-    C:\.rnd
====== C:\Users\dhen062\AppData\Roaming ======
2014-09-28 21:48:14    --------    d-----w-    C:\Users\dhen062\AppData\Locallow\Temp
2014-09-22 11:21:45    --------    d-----w-    C:\Users\dhen062\AppData\Local\Programs
2014-09-21 18:49:49    --------    d-----w-    C:\Users\dhen062\AppData\Locallow\Sun
2014-09-19 09:54:08    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\FileZilla
2014-09-19 09:52:35    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\ESET
2014-09-19 09:20:34    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KillCopy
2014-09-17 22:06:39    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-17 22:03:36    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\Dropbox
2014-09-16 05:23:25    --------    d-----w-    C:\Users\dhen062\AppData\Local\QNAP
2014-09-14 20:43:01    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RightNow
2014-09-06 09:10:52    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\dvdcss
2014-09-06 02:28:13    --------    d-----w-    C:\Users\dhen062\AppData\Local\Diagnostics
2014-09-04 18:43:33    F180B1AC324C1974960B5D460DA46932    255680    ----a-w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-09-03 03:38:44    --------    d-----w-    C:\Users\dhen062\AppData\Local\Bomgar
2014-09-02 04:46:23    --------    d-----w-    C:\Users\dhen062\AppData\Local\Skype
2014-09-02 04:46:21    --------    d-----w-    C:\Users\dhen062\AppData\Roaming\Skype
2014-09-01 20:58:38    C888C2CF9A5785622CA1BCE589861DD2    600    ----a-w-    C:\Users\dhen062\AppData\Local\PUTTY.RND
2014-09-01 09:17:39    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\CrashDumps
====== C:\Users\dhen062 ======
2014-09-28 19:24:53    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-27 04:01:31    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
2014-09-26 05:29:50    --------    d-----w-    C:\ProgramData\Sun
2014-09-22 23:40:57    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2014-09-21 18:50:00    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-19 09:53:47    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-09-19 09:20:34    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KillCopy
2014-09-17 22:07:28    --------    d-----r-    C:\Users\dhen062\Dropbox
2014-09-16 11:32:06    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-09-16 11:30:38    --------    d-----w-    C:\ProgramData\Tenable
2014-09-16 07:07:10    --------    d-----r-    C:\Users\dhen062\Qsync
2014-09-16 05:22:48    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
2014-09-03 03:38:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bomgar
2014-09-03 02:13:36    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-03 02:13:14    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-02 04:46:15    --------    d-----w-    C:\ProgramData\Skype
2014-09-02 02:22:00    --------    d---a-w-    C:\Users\dhen062\OneDrive
2014-09-02 02:01:36    --------    d-----w-    C:\ProgramData\RICOH

====== C: exe-files ==
2014-09-30 22:12:23    12EFD5FA51597F188E5DB50BE20EE597    1375089    ----a-w-    C:\Users\dhen062\Documents\Desktop\AdwCleaner.exe
2014-09-29 22:07:59    82347B17CCE708CE5A7FEBD7AB6843D1    2108928    ----a-w-    C:\Users\dhen062\Dropbox\Desktop\FRST64.exe
2014-09-29 22:07:59    82347B17CCE708CE5A7FEBD7AB6843D1    2108928    ----a-w-    C:\Users\dhen062\Documents\Desktop\FRST64.exe
2014-09-27 04:01:31    AC4B5A0FFE105562F80DC0D4555BC0BF    150328    ----a-w-    C:\Program Files (x86)\DriverToolkit\RemoveDT.exe
2014-09-27 04:01:30    BE3C79033FA8302002D9D3A6752F2263    1050104    ----a-w-    C:\Program Files (x86)\DriverToolkit\DPInst64.exe
2014-09-27 04:01:30    B1D6153B48E44D135FE52764DFBF9EE5    1209033    ----a-w-    C:\Program Files (x86)\DriverToolkit\unins000.exe
2014-09-27 04:01:30    755D84EA4C86B67EC65AEA8947210938    1304376    ----a-w-    C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
2014-09-27 04:01:30    64A25F43AC18508CC26A351B7C3F4B1B    170296    ----a-w-    C:\Program Files (x86)\DriverToolkit\extract.exe
2014-09-27 04:01:30    30A0AFEE4AEA59772DB6434F1C0511AB    921992    ----a-w-    C:\Program Files (x86)\DriverToolkit\DPInst32.exe
2014-09-27 04:00:23    DEC2A2F2CDA3AE91C73E0B4B4FEA0DC6    3180152    ----a-w-    C:\Program Files (x86)\Opera\24.0.1558.64\opera_autoupdate.exe
2014-09-27 04:00:23    A1A237B57E77E3271B3D0BD29D2798B1    1372280    ----a-w-    C:\Program Files (x86)\Opera\24.0.1558.64\opera_crashreporter.exe
2014-09-27 04:00:23    9F924CB7A38551A6A4F04509D4B1A402    48070776    ----a-w-    C:\Program Files (x86)\Opera\24.0.1558.64\opera.exe
2014-09-27 04:00:23    98D7E192D9839DACEED7E0F1CE2FBEBD    73336    ----a-w-    C:\Program Files (x86)\Opera\24.0.1558.64\wow_helper.exe
2014-09-27 04:00:22    A48C4823DFF14C5CADBD9431B496F68B    3537016    ----a-w-    C:\Program Files (x86)\Opera\24.0.1558.64\installer.exe
2014-09-26 05:29:47    07EF2978A5BC36720378F95566697FD8    272808    ----a-w-    C:\Windows\SysWOW64\javaws.exe
2014-09-26 05:29:40    3BDEB17FE6390BFF1BF3A2D964DE8E48    175528    ----a-w-    C:\Windows\SysWOW64\javaw.exe
2014-09-26 05:29:40    11FD45A41DF45298686ED39062AABE2A    175528    ----a-w-    C:\Windows\SysWOW64\java.exe
2014-09-26 05:29:32    F67D9621616CB31217A497FEDE4913F5    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\pack200.exe
2014-09-26 05:29:32    CEEFA72555A8FAD52C29BA17AE3E6DEF    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\servertool.exe
2014-09-26 05:29:32    A788E5ED0454307CBCFB95CC33E5F717    16808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\orbd.exe
2014-09-26 05:29:32    A6B7A388547C4CDF4D8F2AF55D79AC85    145832    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\unpack200.exe
2014-09-26 05:29:32    8B986C008892DB58928BC72483ADF7B9    16808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\tnameserv.exe
2014-09-26 05:29:32    7BDCC29DDFBB355761A018A74D4A1E8C    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\rmiregistry.exe
2014-09-26 05:29:32    7A17013ABD895DFBD61A5AF9996D0E5E    50088    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\ssvagent.exe
2014-09-26 05:29:32    48442596BFEB26E56898A0E4D2596A95    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\policytool.exe
2014-09-26 05:29:32    34CEC403ED594B55D55DED61A3A53DAF    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\rmid.exe
2014-09-26 05:29:31    EC4C47AADE6606AFCDEAB28E29654ECE    75688    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
2014-09-26 05:29:31    C3F55C9B02A22EC0B345E20AE9AE9B71    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\klist.exe
2014-09-26 05:29:31    BF918C9473D64BBD53C22C47045883F5    182696    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jqs.exe
2014-09-26 05:29:31    7ED5C21F9F29B5278FFF39718C667235    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\ktab.exe
2014-09-26 05:29:31    7DC9A0127F850997B4CFD9923C680D7D    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\keytool.exe
2014-09-26 05:29:31    0371CFD6228F89B5B9E20F67807987FE    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\kinit.exe
2014-09-26 05:29:30    F69D8BDC202973592D710BC913D01919    48040    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\jabswitch.exe
2014-09-26 05:29:30    C8883F91C31CAC40890AC8B668E05F61    16296    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\java-rmi.exe
2014-09-26 05:29:30    8B657BA869AE7D3C6A29792C986E0DD5    68008    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
2014-09-26 05:29:30    3BDEB17FE6390BFF1BF3A2D964DE8E48    175528    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javaw.exe
2014-09-26 05:29:30    11FD45A41DF45298686ED39062AABE2A    175528    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\java.exe
2014-09-26 05:29:30    07EF2978A5BC36720378F95566697FD8    272808    ----a-w-    C:\Program Files (x86)\Java\jre7\bin\javaws.exe
2014-09-26 05:28:49    3842C46F2FBC7522EF625F1833530804    145408    ----a-w-    C:\Users\dhen062\AppData\LocalLow\Sun\Java\jre1.7.0_67\lzma.exe
=== C: other files ==
2014-09-30 01:51:14    FE0F01410AF49759A549BE09C6DCB54B    167706064    ----a-w-    C:\Users\dhen062\Dropbox\Desktop\TS-421_20140927-4.1.1.zip
2014-09-30 01:51:14    FE0F01410AF49759A549BE09C6DCB54B    167706064    ----a-w-    C:\Users\dhen062\Documents\Desktop\TS-421_20140927-4.1.1.zip
2014-09-26 05:29:33    F3EABF8A2AF5C0D8BAE022EE6C17FD91    18650    ----a-w-    C:\Program Files (x86)\Java\jre7\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-614565923-1027956908-3001582966-24762\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"="C:\Program Files (x86)\Microsoft Office\Office15\lync.exe /fromrunkey"
"KillCopy"="C:\Windows\system32\killcopy.exe /kcresume /startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DellSystemDetect"="C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\XOVM02TO.C8X\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cisco AnyConnect Secure Mobility Agent for Windows"="C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
"DesktopInfo"="C:\Program Files\DesktopInfo\DesktopInfo.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Qsync"="C:\Program Files (x86)\QNAP\Qsync\Qsync.exe /launch_qsync"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"="C:\Program Files (x86)\Microsoft Office\Office15\lync.exe /fromrunkey"
"KillCopy"="C:\Windows\system32\killcopy.exe /kcresume /startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"DellSystemDetect"="C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\XOVM02TO.C8X\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe /hide /waitservice"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe 60"

==== Startup Folders ======================

2014-09-17 22:07:06    1101    ----a-w-    C:\Users\dhen062\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2014-08-17 23:16:11    1166    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\DriverToolkit Autorun.job --a-------- C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [20/09/2014 11:12 a.m.]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Cab reminder" [powershell.exe]
"C:\Windows\SysNative\tasks\iSCSIAgentAutoStartup" ["C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe"]
"C:\Windows\SysNative\tasks\Opera scheduled Autoupdate 1407971297" [C:\Program Files (x86)\Opera\launcher.exe]
"C:\Windows\SysNative\tasks\Sync Toy" ["C:\Program Files\SyncToy 2.1\SyncToyCmd.exe"]
"C:\Windows\SysNative\tasks\TechSmith Updater" [C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [14/08/2014 01:10 p.m.]

==== Firefox Extensions ======================

ProfilePath: C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default
- New Zealand English Dictionary - %ProfilePath%\extensions\en-NZ@dictionaries.addons.mozilla.org

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\dhen062\AppData\Roaming\Mozilla\Firefox\Profiles\eoyzfa1p.default
9EE20E6E2E3F94714D44F739B9A228F4    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll -    Shockwave Flash
2BC6A052D9B153F6DC2F0E420FB4F407    - C:\Users\dhen062\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll -    Unity Player
A4BFA750298323B31EF4B6D0401861B8    - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll -    Shockwave for Director / Shockwave for Director


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 130.216.158.20 mail.auckland.ac.nz
O1 - Hosts: 130.216.158.20 autodiscover.auckland.ac.nz
O1 - Hosts: 130.216.158.20 autodiscover.uoa.auckland.ac.nz
O1 - Hosts: 130.216.158.20 imap.auckland.ac.nz
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DesktopInfo] C:\Program Files\DesktopInfo\DesktopInfo.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qsync] "C:\Program Files (x86)\QNAP\Qsync\Qsync.exe" /launch_qsync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [KillCopy] "C:\Windows\system32\killcopy.exe" /kcresume /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DellSystemDetect] C:\Users\dhen062\AppData\Local\Apps\2.0\01PE1QV4.DZX\XOVM02TO.C8X\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
O4 - Startup: Dropbox.lnk = dhen062\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Snagit 12.lnk = C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = UoA.auckland.ac.nz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = UoA.auckland.ac.nz
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @oem6.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DesktopSSO - Unknown owner - C:\Program Files (x86)\DesktopSSO\DesktopSSO.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: Tenable Nessus - Tenable Network Security, Inc - C:\Program Files\Tenable\Nessus\nessus-service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\dhen062\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\dhen062\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=68 folders=30 92631104 bytes)

==== Empty Temp Folders ======================

C:\Users\Dave\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\dhen062\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\dhen062\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Wed 01/10/2014 at 11:36:41.84 ======================
 



#11 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 01 October 2014 - 03:27 PM

Hi MajorBrainDamage

Your log looks clean, can you tell me if you are still getting the Pop-up issues?
 
Perform an Online Antivirus Scan with ESET:


Note:ESET recommends disabling your resident antivirus's active protection component BEFORE scanning , how to do so can be read here. Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan. If you are using Vista or Windows 7 or 8, launch Internet Explorer by right-clicking the Start Menu icon & selecting "Run as Administrator".

  • Please go here then click on Run ESET ONLINE SCANNER
  • Select the option YES, I accept the Terms of Use then click on START
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked.
  • Now click on Advanced Settings and select the following:
     
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
     
  • Now click on START
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    When the scan is complete,

    If no threats were found:
     
  • Check in "Uninstall application on close"
  • Close program

    If threats were found:
     
  • Select "list of threats found"
  • Select "Export to Text File" & Save the Report to your Desktop as ESETScanLog"
  • Select Back
  • Place a checkmark in "Uninstall application on close"
  • Select Finish & Exit the program
  • Copy and paste ESETScanLog.txt in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#12 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 01 October 2014 - 08:13 PM

Hello Seedy21,

 

The ESET Log detected 3 items,

 

C:\Windows\SysWOW64\CCM\Cache\DST00247.1.System\Shockwave_Installer_Full.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak potentially unwanted application    deleted - quarantined
C:\Windows\System32\CCM\Cache\DST00247.1.System\Shockwave_Installer_Full.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
 



#13 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 02 October 2014 - 01:56 AM

As far as I am aware the pop-up's have stopped.

 

I do notice that my screen continually goes unreadable, fonts are all over the place or looks like some type of scripting.

I will try to get a screen-shot the next time it happens.

Cheers

MBD



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:06:34 PM

Posted 02 October 2014 - 10:48 AM

Hi MajorBrainDamage
 

I do notice that my screen continually goes unreadable, fonts are all over the place or looks like some type of scripting.

I will try to get a screen-shot the next time it happens.

Have you had this fault before the pop-ups?  Does the fault seem to appear from one particular program?

I suggest running your machine for a day and let me know if the pop-ups reappear. If the screen issue appears please try and get me a screenshot.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 MajorBrainDamage

MajorBrainDamage
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:34 AM

Posted 02 October 2014 - 02:28 PM

Hi Seedy21,

 

Sure thing I will run this for a day or so and see what I can grab.

 

Cheers
MBD






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users