Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phantom iexplore processes


  • This topic is locked This topic is locked
41 replies to this topic

#1 jhallander9591

jhallander9591

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 02 June 2015 - 04:17 PM

I read through a topic that was similar to this, but I get the idea that everyone's fix is potentially unique. At least it seems like provided .txt files are specific to a computer based on what the logs show for that computer.

 

In that spirit, I am running Windows 7 64 bit and I keep getting phantom iexplore processes clogging my process table. I am able to kill them, but of course they keep coming back. PhantomIExplore.jpg?dl=0

 

So. I would like to clean it up. I thought I had seen a thread that had identified the threat, and had step by step procedure for cleansing, but I haven't found that one again. So apologies for having a duplicate problem.

 

Cheers

Eric

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 03 June 2015 - 06:18 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop. Don't kill any malicious processes at your own.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked before you press the Scan button.
  • Press Scan button.
  • It will make 2 logs (FRST.txt and Addition.txt) in the same directory the tool is run. Please copy and paste them to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 03 June 2015 - 08:44 AM

Hello Georgi,
 
Thank you for your assistance. 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by eric_hallander (administrator) on EAT-HALLANDER-2 on 03-06-2015 09:42:07
Running from C:\Users\eric_hallander\Downloads
Loaded Profiles: eric_hallander (Available Profiles: Helpdesk & Administrator & eric_hallander & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(GNU) C:\Program Files (x86)\cvsnt\cvsservice.exe
() C:\Program Files (x86)\cvsnt\cvslock.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
() C:\Program Files\MongoDB 2.6 Standard\bin\mongod.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Windows\System32\rpcnetp.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Dell Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Dropbox, Inc.) C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(SourceForge.net) C:\Program Files (x86)\Password Safe\pwsafe.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(JetBrains s.r.o.) C:\Program Files (x86)\JetBrains\WebStorm 10.0.1\bin\WebStorm.exe
(JetBrains s.r.o.) C:\Program Files (x86)\JetBrains\WebStorm 10.0.1\bin\fsnotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\eclipse-luna\eclipse.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
(IBM Corp.) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClientUI.exe
(Sysinternals - www.sysinternals.com) C:\Windows\System32\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\eric_hallander\AppData\Local\Temp\PROCEXP64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [592240 2011-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-02-22] (IDT, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DellNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1298448 2014-10-21] (Dell Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-03-20] (Google Inc.)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [GoogleChromeAutoLaunch_8EE138E5CE3808E675263126E1D471E3] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\MountPoints2: {6cb38eac-8426-11e1-9592-806e6f6e6963} - D:\LAUNCH.EXE /a
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\MountPoints2: {ae075372-4c48-11e2-aad9-fd16610bf0e0} - E:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\Control Panel\Desktop\\SCRNSAVE.EXE -> 
IFEO\taskmgr.exe: [Debugger] "C:\WINDOWS\SYSTEM32\PROCEXP.EXE"
Lsa: [Authentication Packages] msv1_0 setuid
Startup: C:\Users\administrator.VIECOREFSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk [2012-11-08]
ShortcutTarget: Webshots.lnk -> C:\Program Files (x86)\Webshots\3.1.5.7620\Launcher.exe (Webshots.com)
Startup: C:\Users\eric_hallander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-03-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\eric_hallander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pwsafe.lnk [2015-02-18]
ShortcutTarget: pwsafe.lnk -> C:\Program Files (x86)\Password Safe\pwsafe.exe (SourceForge.net)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers: [TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-565831887-3637738334-3767947266-1127] => http=10.50.5.164:8080;https=10.50.5.164:8080
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
SearchScopes: HKU\.DEFAULT -> DefaultScope {0BC6E3FA-78EF-4886-842C-5A1258C4455A} URL = 
SearchScopes: HKU\S-1-5-21-565831887-3637738334-3767947266-1127 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
SearchScopes: HKU\S-1-5-21-565831887-3637738334-3767947266-1127 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-565831887-3637738334-3767947266-1127 -> {182F7BCD-78B5-470A-85B5-2370F3AAD3AE} URL = 
SearchScopes: HKU\S-1-5-21-565831887-3637738334-3767947266-1127 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7GGNI_enUS528
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2010-07-16] (Zeon Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL [2012-11-03] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2010-07-16] (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
Toolbar: HKLM-x32 - Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2010-07-16] (Zeon Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-565831887-3637738334-3767947266-1127 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-03-03] (Google Inc.)
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} C:\Users\ERIC_H~1\AppData\Local\Temp\f5tmp\urxvpn.cab
DPF: HKLM-x32 {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} C:\Users\ERIC_H~1\AppData\Local\Temp\f5tmp\f5tunsrv.cab
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\ERIC_H~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} C:\Users\ERIC_H~1\AppData\Local\Temp\f5tmp\urxshost.cab
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} C:\Users\ERIC_H~1\AppData\Local\Temp\f5tmp\urxhost.cab
Handler-x32: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files (x86)\Microsoft\SMIME Client (2010)\mimectl.dll [2013-02-04] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.50.4.21 10.50.4.250 10.50.4.251
Tcpip\..\Interfaces\{187B50FA-DAF9-4949-8BC4-34AFB888A474}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{596E4555-CECF-409F-9180-E9D1C13B5493}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{67E11639-E6A7-4D47-B2AE-3A121725A1BC}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{C3862D04-ABF8-4F5B-BB0B-6D28DAD757E2}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{C5EFD2FD-DF79-4CCE-9BBC-8A6C79E49598}: [NameServer] 107.6.133.8,23.23.180.210
Tcpip\..\Interfaces\{CCCC018A-96EE-4900-A776-526D910AC08C}: [NameServer] 107.6.133.8,23.23.180.210
 
FireFox:
========
FF ProfilePath: C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF NetworkProxy: "http", "10.50.5.164"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "ssl", "10.50.5.164"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2010-07-16] (Zeon Corporation)
FF user.js: detected! => C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\user.js [2015-05-28]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-14] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-14] (Apple Inc.)
FF SearchPlugin: C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\searchplugins\askcom.xml [2013-05-15]
FF Extension: Google Web Toolkit Developer Plugin for Firefox - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\gwt-dev-plugin@google.com [2014-02-05]
FF Extension: EPUBReader - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2015-01-22]
FF Extension: CacheViewer Fx21 - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\{81328583-3CA7-4809-B4BA-570A85818FBB} [2013-12-13]
FF Extension: F5 Networks Host Plugin - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-05-08]
FF Extension: Dojo Firebug Extension - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\dojo@silvergate.ar.ibm.com.xpi [2014-06-25]
FF Extension: EventBug - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\eventbug@getfirebug.com.xpi [2014-06-25]
FF Extension: Firebug - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\firebug@software.joehewitt.com.xpi [2013-09-04]
FF Extension: FirePHP - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\FirePHPExtension-Build@firephp.org.xpi [2014-06-25]
FF Extension: cssUpdater - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\info@cssUpdater.com.xpi [2014-06-25]
FF Extension: Illuminations for Developers - C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\Extensions\sroussey@illumination-for-developers.com.xpi [2014-06-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-24]
 
Chrome: 
=======
CHR Profile: C:\Users\eric_hallander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\eric_hallander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-28]
CHR Extension: (Bookmark Manager) - C:\Users\eric_hallander\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\eric_hallander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\eric_hallander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-28]
CHR HKU\S-1-5-21-565831887-3637738334-3767947266-1127\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ERIC_H~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-04]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\eric_hallander\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path Or update_url value
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 BESClient; C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe [4792768 2012-07-26] (IBM Corp.)
R2 CVS; C:\Program Files (x86)\cvsnt\cvsservice.exe [35328 2004-08-19] (GNU) [File not signed]
R2 CVSLock; C:\Program Files (x86)\cvsnt\cvslock.exe [17280 2010-03-26] ()
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MongoDB; C:\Program Files\MongoDB 2.6 Standard\bin\mongod.exe [18920960 2014-08-08] () [File not signed]
S2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [214040 2008-07-10] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [37176 2014-10-29] (The OpenVPN Project)
S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2075480 2009-03-30] (Microsoft Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [614416 2014-10-21] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [479824 2013-04-09] (VMware, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [X]
S3 MSSQLFDLauncher; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10.MSSQLSERVER [X]
S2 MSSQLSERVER; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER [X]
S4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [X]
S2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Config"
S4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [X]
S3 SQLSERVERAGENT; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20150521.011\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [101416 2011-02-22] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2010-02-24] (Copyright© Digitech Systems)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-04] (Citrix Systems, Inc.)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-02-22] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-02-22] (Ericsson AB)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
S3 f5ipfw; C:\Windows\system32\drivers\urfltv64.sys [30952 2013-12-11] (F5 Networks, Inc.)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20150601.011\IDSvia64.sys [671448 2015-04-06] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-02-22] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-02-22] (MCCI Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150602.005\ENG64.SYS [129752 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20150602.005\EX64.SYS [2137304 2015-05-20] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2011-02-22] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [217856 2011-02-22] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [217856 2011-02-22] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2011-02-22] (Novatel Wireless Inc.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [25536 2014-10-21] (SonicWALL Inc.)
S3 QCFilterdl; C:\Windows\system32\drivers\qcfilterdl.sys [6528 2009-10-13] (QUALCOMM Incorporated)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2010-12-20] (QUALCOMM Incorporated)
S3 qcusbserdl; C:\Windows\system32\drivers\qcusbserdl.sys [118272 2009-10-13] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [121600 2010-12-20] (QUALCOMM Incorporated)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2011-03-03] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2011-03-03] (SUNIX Co., Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2011-02-14] ()
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-12-11] (F5 Networks, Inc.)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-04-14] (VMware, Inc.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-05-28 22:11 - 2015-05-28 22:11 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\eric_hallander\Downloads\tdsskiller.exe
2015-05-28 10:59 - 2015-05-28 10:59 - 00000924 _____ () C:\Users\eric_hallander\Downloads\fixlist.txt
2015-05-28 10:48 - 2015-06-03 09:42 - 00039407 _____ () C:\Users\eric_hallander\Downloads\FRST.txt
2015-05-28 10:48 - 2015-06-03 09:42 - 00000000 ____D () C:\FRST
2015-05-28 10:48 - 2015-05-28 10:49 - 00077783 _____ () C:\Users\eric_hallander\Downloads\Addition.txt
2015-05-28 10:47 - 2015-05-28 10:47 - 02108928 _____ (Farbar) C:\Users\eric_hallander\Downloads\frst64.exe
2015-05-28 10:31 - 2015-06-01 10:12 - 00000146 _____ () C:\Windows\setupact.log
2015-05-28 10:31 - 2015-05-28 10:31 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-28 10:10 - 2015-05-28 10:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-28 10:09 - 2015-05-28 10:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-28 10:09 - 2015-05-28 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-28 10:09 - 2015-05-28 10:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-28 10:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-28 10:09 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-28 10:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-28 09:54 - 2015-05-28 10:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-28 09:54 - 2015-05-28 09:55 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\eric_hallander\Downloads\mbam-setup-2.1.6.1022 (1).exe
2015-05-28 09:54 - 2015-05-28 09:54 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-28 09:53 - 2015-05-28 09:53 - 00000218 _____ () C:\Users\eric_hallander\.recently-used.xbel
2015-05-28 09:51 - 2015-05-28 09:52 - 20781656 _____ () C:\Users\eric_hallander\Downloads\RogueKillerX64.exe
2015-05-28 09:45 - 2015-05-28 09:46 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\eric_hallander\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-27 14:03 - 2015-05-27 14:03 - 01153436 _____ () C:\Users\eric_hallander\Downloads\cdf35_0-dist-cdf.tar.gz
2015-05-27 12:37 - 2015-05-27 12:37 - 00156364 _____ () C:\Users\eric_hallander\Downloads\mongodb-1.4.38.tgz
2015-05-22 10:59 - 2015-05-22 10:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Web Tools
2015-05-22 10:55 - 2015-05-22 11:05 - 00000000 ____D () C:\ProgramData\Windows App Certification Kit
2015-05-22 10:55 - 2015-05-22 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2015-05-22 10:55 - 2015-05-22 10:55 - 00000000 ____D () C:\Program Files\Application Verifier
2015-05-22 10:55 - 2015-05-22 10:55 - 00000000 ____D () C:\Program Files (x86)\Application Verifier
2015-05-22 10:54 - 2015-05-22 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2015-05-22 10:54 - 2015-05-22 10:54 - 00000000 ____D () C:\Program Files (x86)\NuGet
2015-05-22 10:54 - 2015-05-22 10:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft WCF Data Services
2015-05-22 10:52 - 2015-05-22 10:52 - 00000000 ____D () C:\Program Files (x86)\HTML Help Workshop
2015-05-22 10:50 - 2015-05-22 11:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
2015-05-22 10:50 - 2015-05-22 10:50 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 11.0
2015-05-22 10:37 - 2015-05-22 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2015-05-22 09:49 - 2015-05-22 09:49 - 00693568 _____ () C:\Windows\Minidump\052215-18876-01.dmp
2015-05-20 14:47 - 2015-05-20 14:47 - 00849825 _____ () C:\Users\eric_hallander\Downloads\MonjaDB-master.zip
2015-05-19 10:48 - 2015-05-19 10:48 - 15363034 _____ () C:\Users\eric_hallander\Downloads\AKO Files.zip
2015-05-19 10:41 - 2015-05-19 10:42 - 00043157 _____ () C:\Users\eric_hallander\Downloads\Demo Recommendations (1).pptx
2015-05-19 09:18 - 2015-05-19 09:18 - 35414029 _____ () C:\Users\eric_hallander\Downloads\RichardHehsWWIIJournals.zip
2015-05-15 09:52 - 2015-05-15 09:52 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-13 21:26 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:26 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 21:15 - 2015-05-13 21:15 - 00000000 _____ () C:\Users\eric_hallander\SocketProxyLog0_0.txt.lck
2015-05-13 14:32 - 2015-06-02 16:11 - 00025270 _____ () C:\Users\eric_hallander\EIOKBAgent0.log.0
2015-05-13 14:32 - 2015-06-02 15:32 - 00016051 _____ () C:\Users\eric_hallander\EIOKBAgent0.log.1
2015-05-13 14:32 - 2015-06-02 15:17 - 00016242 _____ () C:\Users\eric_hallander\EIOKBAgent0.log.2
2015-05-13 14:32 - 2015-06-02 15:01 - 00108130 _____ () C:\Users\eric_hallander\EIOKBAgent0.log.3
2015-05-13 14:32 - 2015-06-02 12:01 - 00001840 _____ () C:\Users\eric_hallander\EIOKBAgent0.log.4
2015-05-13 10:35 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 10:35 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 10:35 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 10:35 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 10:35 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 10:35 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 10:35 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 10:35 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 10:35 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 10:35 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 10:35 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 10:35 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 10:35 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 10:35 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 10:35 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 10:35 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 10:35 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 10:35 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 10:35 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 10:35 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 10:35 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 10:35 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 10:35 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 10:35 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 10:35 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 10:35 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 10:35 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 10:35 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 10:35 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 10:35 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 10:35 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 10:35 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 10:35 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 10:35 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 10:35 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 10:35 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 10:35 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 10:35 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 10:35 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 10:35 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 10:35 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 10:35 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 10:35 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 10:35 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 10:35 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 10:35 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 10:35 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 10:35 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 10:35 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 10:35 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 10:35 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 10:35 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 10:35 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 10:35 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 10:35 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 10:35 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 10:35 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 10:35 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 10:35 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 10:35 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 10:35 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 10:35 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 10:35 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 10:35 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 10:34 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 10:34 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 10:34 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 10:34 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 10:34 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 10:34 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 10:34 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 10:34 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 10:34 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 10:34 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 10:34 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 10:34 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 10:34 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 10:34 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 10:34 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 10:34 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 10:34 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 10:34 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 10:34 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 10:34 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 10:34 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 10:34 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 10:34 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 10:34 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 10:34 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 10:34 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 10:34 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 10:34 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 10:34 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 10:34 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 10:34 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 10:34 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 10:34 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 10:34 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 10:34 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 10:34 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 10:34 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 10:34 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 10:34 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 10:34 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 10:34 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 10:34 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 10:34 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 10:34 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 10:34 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 10:34 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 10:34 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 10:34 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 10:34 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 10:34 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 10:34 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 10:34 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-07 16:21 - 2015-05-07 16:21 - 01953816 _____ () C:\Users\eric_hallander\Downloads\PSU-ARL Parametric Data Reduction Tool for DMS 6 MARCH 13.pptx
2015-05-07 15:06 - 2015-05-07 15:06 - 00342802 _____ () C:\Users\eric_hallander\Downloads\ARL-PSU_LogIC Tasks  Components v14 27Apr2015.pptx
2015-05-07 15:04 - 2015-05-07 15:04 - 06661120 _____ () C:\Users\eric_hallander\Downloads\LogIC_E15_OV1_Network_V7_2007.vsd
2015-05-07 14:57 - 2015-05-07 14:57 - 00043157 _____ () C:\Users\eric_hallander\Downloads\Demo Recommendations.pptx
2015-05-07 10:57 - 2015-05-07 10:57 - 00428760 _____ () C:\Users\eric_hallander\Downloads\EIO _ CBM+ Diagram.pptx
2015-05-07 10:54 - 2015-05-07 16:19 - 00025163 _____ () C:\Users\eric_hallander\Downloads\LogIC Equipment List.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-03 09:41 - 2013-06-12 09:54 - 00000000 ____D () C:\Users\eric_hallander\AppData\Roaming\.purple
2015-06-03 09:39 - 2013-10-22 11:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 09:39 - 2012-09-21 14:54 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384UA.job
2015-06-03 09:39 - 2011-09-14 09:49 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-03 09:39 - 2011-09-12 10:40 - 00000136 _____ () C:\Windows\system32\config\netlogon.ftl
2015-06-02 17:13 - 2014-03-17 10:55 - 00000000 ____D () C:\Users\eric_hallander\Documents\ScreenCapture
2015-06-02 16:12 - 2012-11-06 12:47 - 00000000 ____D () C:\Users\eric_hallander
2015-06-02 14:59 - 2012-09-21 14:54 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384Core.job
2015-06-02 13:37 - 2009-07-14 00:45 - 00024832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-02 13:37 - 2009-07-14 00:45 - 00024832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-02 13:33 - 2011-09-12 09:29 - 01561145 _____ () C:\Windows\WindowsUpdate.log
2015-06-02 09:47 - 2011-09-14 09:49 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-02 09:31 - 2009-07-14 01:13 - 01114968 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 10:35 - 2013-06-12 11:52 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\8D8AD5EA-492B-4961-8A9C-E81E4E5AFF99.aplzod
2015-06-01 10:15 - 2015-01-30 14:36 - 00000000 ____D () C:\eclipse-luna
2015-06-01 10:15 - 2012-11-06 14:40 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\Eclipse
2015-06-01 10:14 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-06-01 10:13 - 2014-03-28 11:32 - 00000442 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-01 10:13 - 2014-03-26 15:25 - 00000000 ___RD () C:\Users\eric_hallander\Dropbox
2015-06-01 10:13 - 2012-11-06 14:49 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\PasswordSafe
2015-06-01 10:13 - 2012-11-06 14:38 - 00000000 ____D () C:\Users\eric_hallander\AppData\Roaming\Dropbox
2015-06-01 10:13 - 2011-10-11 10:33 - 00000420 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2015-06-01 10:12 - 2015-04-02 17:14 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
2015-06-01 10:12 - 2015-04-02 17:14 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
2015-06-01 10:12 - 2015-04-02 17:14 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
2015-06-01 10:12 - 2011-09-12 11:14 - 00000000 ____D () C:\ProgramData\VMware
2015-06-01 10:12 - 2010-09-16 19:44 - 01254966 _____ () C:\Windows\PFRO.log
2015-06-01 10:12 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-01 10:11 - 2012-09-24 16:33 - 00010310 _____ () C:\Users\eric_hallander\_viminfo
2015-05-29 14:35 - 2014-11-03 15:59 - 00000000 ____D () C:\Users\eric_hallander\Documents\My Status
2015-05-28 18:11 - 2014-12-03 17:57 - 00000000 ____D () C:\Users\eric_hallander\Documents\My CBM+
2015-05-28 10:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Web
2015-05-27 16:17 - 2014-09-22 12:06 - 00000000 ____D () C:\Users\eric_hallander\workspace_bctm_irad
2015-05-26 14:27 - 2013-06-12 09:57 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\gtk-2.0
2015-05-26 09:11 - 2012-09-21 18:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-22 12:17 - 2013-11-08 11:37 - 00000000 ____D () C:\Users\eric_hallander\Documents\Visual Studio 2012
2015-05-22 11:15 - 2012-07-24 11:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-05-22 10:58 - 2012-07-24 11:33 - 00000000 ____D () C:\Program Files\IIS
2015-05-22 10:58 - 2012-07-24 11:33 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-05-22 10:55 - 2013-11-08 11:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 11.0
2015-05-22 10:54 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-22 10:52 - 2013-11-08 11:17 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-05-22 10:52 - 2009-07-14 01:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-22 10:50 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-22 10:17 - 2014-08-26 13:44 - 00000000 ____D () C:\Users\eric_hallander\AppData\Roaming\npm-cache
2015-05-22 09:49 - 2012-07-20 17:54 - 788934799 _____ () C:\Windows\MEMORY.DMP
2015-05-22 09:49 - 2012-03-19 09:31 - 00000000 ____D () C:\Windows\Minidump
2015-05-21 13:56 - 2014-09-09 13:41 - 00004559 _____ () C:\Users\eric_hallander\.dbshell
2015-05-20 15:18 - 2014-06-17 13:32 - 00000000 ____D () C:\Users\eric_hallander\git
2015-05-20 15:12 - 2015-01-30 16:12 - 00000000 ____D () C:\eclipse
2015-05-20 14:53 - 2014-11-14 16:48 - 00000000 ____D () C:\Users\eric_hallander\AppData\Roaming\GitHub
2015-05-20 14:53 - 2014-11-14 16:48 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\GitHub
2015-05-20 14:50 - 2014-05-08 13:57 - 00000000 ____D () C:\Users\eric_hallander\AppData\Local\Deployment
2015-05-20 14:18 - 2015-04-08 09:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 14:18 - 2015-04-08 09:23 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 09:43 - 2011-09-14 09:49 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 09:43 - 2011-09-14 09:49 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 09:52 - 2013-06-27 17:47 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-15 09:47 - 2010-09-22 14:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-15 09:46 - 2014-09-23 12:50 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-05-14 00:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-13 23:42 - 2012-05-13 04:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 23:42 - 2011-09-12 15:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-13 23:42 - 2009-07-14 00:45 - 00408440 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-13 23:41 - 2009-07-14 03:47 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-13 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 21:42 - 2013-08-05 09:56 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 21:32 - 2010-09-16 19:09 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 21:26 - 2012-05-13 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-11 10:43 - 2014-03-26 15:23 - 00000000 ____D () C:\Users\eric_hallander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
==================== Files in the root of some directories =======
 
2013-12-06 13:22 - 2014-05-02 11:38 - 0000134 _____ () C:\Users\eric_hallander\AppData\Roaming\Camdata.ini
2013-12-06 13:22 - 2014-05-02 11:38 - 0000408 _____ () C:\Users\eric_hallander\AppData\Roaming\CamLayout.ini
2013-12-06 13:22 - 2014-05-02 11:38 - 0000408 _____ () C:\Users\eric_hallander\AppData\Roaming\CamShapes.ini
2013-12-06 13:22 - 2014-02-05 16:59 - 0004536 _____ () C:\Users\eric_hallander\AppData\Roaming\CamStudio.cfg
2013-04-04 08:23 - 2013-04-04 08:29 - 0038501 _____ () C:\Users\eric_hallander\AppData\Roaming\Comma Separated Values (Windows).ADR
2013-04-04 08:24 - 2013-04-04 08:26 - 0013033 _____ () C:\Users\eric_hallander\AppData\Roaming\Comma Separated Values (Windows).CAL
2013-11-29 14:47 - 2014-05-01 16:58 - 0000096 _____ () C:\Users\eric_hallander\AppData\Roaming\version2.xml
2013-06-27 14:37 - 2014-09-05 16:31 - 0000600 _____ () C:\Users\eric_hallander\AppData\Roaming\winscp.rnd
2015-01-27 12:00 - 2015-01-27 12:00 - 0004096 ____H () C:\Users\eric_hallander\AppData\Local\keyfile3.drm
2012-11-09 20:54 - 2014-09-03 10:50 - 0000600 _____ () C:\Users\eric_hallander\AppData\Local\PUTTY.RND
 
ZeroAccess:
C:\Users\eric_hallander\AppData\Local\Dropbox
C:\Users\eric_hallander\AppData\Local\Dropbox\config.db
C:\Users\eric_hallander\AppData\Local\Dropbox\filecache.db
C:\Users\eric_hallander\AppData\Local\Dropbox\host.db
C:\Users\eric_hallander\AppData\Local\Dropbox\sigstore.db
C:\Users\eric_hallander\AppData\Local\Dropbox\unlink.db
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e08e3d0_sent
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e08ecce_sent
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0b6637
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0b6867
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0b9c93
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0c8fcc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0cb31d
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0cc24f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e0cea54
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1352bc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1352cf
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e147a5f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e148789
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e149dc9
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e14c5e1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e172410
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1b1773
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1b5238
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1b526c
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e1ef953
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2045c3
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e244079
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e244090
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e24411b
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e24423a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2448cc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2585db
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e29c2d7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2d7b30
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2dc4a8
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2dc788
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e2ecebf
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e3019f3
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e308096
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e3197bd
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e32fa9e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36ca88
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36eebe
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36eee7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36f303
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36f504
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e36fe0e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e370cb1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e371dc8
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e396ee8
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e39ad42
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e39ae80
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e3aa433
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e3c1011
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e416abf
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e418efd
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e419218
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4192f4
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41a6b7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41a99f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41aa2f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41ba2d
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41bd57
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41bdd2
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41be5c
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e41bfeb
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42f949
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42f9d0
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42fa52
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42fc32
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42fcee
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e42fddc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4413da
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e443713
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4540c6
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e454145
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e454c21
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e454c23
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4561a2
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4829dd
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e482d5a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e493483
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e493489
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e493494
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4934a4
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4934d1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e49834e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4a8163
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4a8628
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4a868a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4a8889
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4add74
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4d46dc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4d5558
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e4d8185
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e527606
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e52b4a9
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e52c62d
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53bcbc
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53cdae
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53f125
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53f1a5
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53f4b1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53f566
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53f601
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e53fbb4
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e550816
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e550899
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e550a93
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e551089
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5527b7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e555310
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e555fa9
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e56609d
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e57ad0e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e57b448
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5b9a45
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5b9ab1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5bb7af
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5c0232
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5d0a36
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5d0aaa
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5d0c36
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5d1232
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5d27e7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e3ca9
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e412e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e5dfa
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e958f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e95a1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e9620
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e9635
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e9640
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e9690
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5e96ef
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5f8ff9
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e5fe194
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e60dc88
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e60ee10
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e66352f
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6645fe
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e66476b
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e667862
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6678ee
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e667ef2
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e66889c
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e668b27
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e668bc5
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e668d16
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e677362
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6773de
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6775de
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6781be
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e679929
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67a553
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67acd0
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67ad88
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67b183
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67b206
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67b227
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67b4a7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e67c21a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68c798
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68ca75
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68d8ef
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68d99e
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68e0d7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68e161
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68e397
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68e4b1
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68f29a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e68f2ca
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6901b3
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e69025d
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6903e2
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e690449
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e690b76
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e690c2a
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a1dd0
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a1f13
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2415
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2418
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2508
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a28ad
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2969
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2a02
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a2ac3
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a313c
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a37e7
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a4bcb
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a4e41
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a709c
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\4e6a75da
C:\Users\eric_hallander\AppData\Local\Dropbox\shellext\l\new_trace
C:\Users\eric_hallander\AppData\Local\Dropbox\l\4e0a75a4
C:\Users\eric_hallander\AppData\Local\Dropbox\installer\l\4e08e3b4
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\Dropbox.exe
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\Dropbox.exe.log
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\DropboxExt.14.dll
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\itag
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\msvcp71.dll
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\msvcr71.dll
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\Python25.dll
C:\Users\eric_hallander\AppData\Local\Dropbox\bin\Uninstall.exe
 
Files to move or delete:
====================
C:\Users\eric_hallander\.mongorc.js
 
 
Some files in TEMP:
====================
C:\Users\eric_hallander\AppData\Local\Temp\dllnt_dump.dll
C:\Users\eric_hallander\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxzad1.dll
C:\Users\eric_hallander\AppData\Local\Temp\PROCEXP64.exe
C:\Users\eric_hallander\AppData\Local\Temp\_isA0CA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-24 09:46
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by eric_hallander at 2015-06-03 09:42:35
Running from C:\Users\eric_hallander\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1826351551-1419467886-1616656803-500 - Administrator - Enabled) => C:\Users\Administrator
c2d (S-1-5-21-1826351551-1419467886-1616656803-1017 - Limited - Enabled)
EAT-EHALLANDER-2 (S-1-5-21-1826351551-1419467886-1616656803-1001 - Administrator - Enabled)
Guest (S-1-5-21-1826351551-1419467886-1616656803-501 - Limited - Disabled)
Helpdesk (S-1-5-21-1826351551-1419467886-1616656803-1000 - Administrator - Enabled) => C:\Users\Helpdesk
___VMware_Conv_SA___ (S-1-5-21-1826351551-1419467886-1616656803-1005 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
"Minimal SYStem 1.0.11" (HKLM-x32\...\MSYS-1.0_is1) (Version: 1.0.11 - MinGW)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ActivePerl 5.14.2 Build 1402 (64-bit) (HKLM\...\{4FC945A7-D54E-4F00-BE32-90553F80FCE8}) (Version: 5.14.1402 - ActiveState)
Adobe Connect Add-in (HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Any DVD Cloner Platinum 1.2.2 (HKLM-x32\...\Any DVD Cloner Platinum_is1) (Version:  - dvdsmith.com)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aptana Studio 3 (HKLM-x32\...\Aptana Studio 3) (Version: 3.4.2 - Appcelerator, Inc.)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2013.1211.1151 - F5 Networks, Inc.)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boost C++ Libraries 1.41 (HKLM-x32\...\boost_1_41) (Version:  - )
CDF Distribution V3.5.0.2 (64-bit) (HKLM\...\{0B161DB7-B758-4AED-A724-632D74939668}) (Version: 3.5.0.2 - Space Physics Data Facility, Goddard Space Flight Center, NASA)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CVSNT (HKLM-x32\...\CVSNT_is1) (Version: 2.0.51 - CVSNT)
CVSNT 2.5.05.3744 (HKLM-x32\...\{76F9F5C5-FF87-4ED8-B63C-2A25A299C4AA}) (Version: 2.5.05.3744 - March Hare Software)
DCO XMPP Desktop Client (remove only) (HKLM-x32\...\DCO XMPP Desktop Client) (Version:  - )
Dell SonicWALL NetExtender (HKLM-x32\...\Dell SonicWALL NetExtender) (Version: 7.5.223 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.114 - ALPS ELECTRIC CO., LTD.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Dropbox (HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{AFA4B0BF-3289-495A-B949-BA91F39B1A44}) (Version: 11.1.21009.00 - Microsoft Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version:  - SEIKO EPSON Corporation)
Epub reader (HKLM-x32\...\{739126B3-1C80-4F1F-8D59-312A19633E1A}_is1) (Version:  - )
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Git Extensions 2.40 (HKLM-x32\...\{F8B36890-43D9-47C5-B78D-7D4DE076FAA3}) (Version: 2.40 - Henk)
Git version 1.8.3-preview20130601 (HKLM-x32\...\Git_is1) (Version: 1.8.3-preview20130601 - The Git Development Community)
GitHub (HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\5f7eb300e2ea4ebf) (Version: 2.13.2.4 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Graphviz (HKLM-x32\...\{884CF059-9A11-4DF7-A2A7-17EFE90B9278}) (Version: 2.38 - AT&T Research Labs.)
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
HMA! Pro VPN 2.8.19.0 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.19.0 - Privax Ltd)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
IIS URL Rewrite Module 2 (HKLM\...\{EB675D0A-2C95-405B-BEE8-B42A65D23E11}) (Version: 7.2.2 - Microsoft Corporation)
InfraRecorder (HKLM-x32\...\InfraRecorder) (Version:  - Christian Kindahl)
Integrated Webcam Driver (1.03.02.0919)   (HKLM\...\Creative OA001) (Version:  - )
iPhone Configuration Utility (HKLM-x32\...\{B90FCEB7-2B0C-4D27-95B5-54238DF059ED}) (Version: 3.6.2.300 - Apple Inc.)
ISO Creator 1.0 (HKLM-x32\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java SE Development Kit 7 Update 75 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170750}) (Version: 1.7.0.750 - Oracle)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JetBrains WebStorm 10.0.1 (HKLM-x32\...\WebStorm 10.0.1) (Version: 141.506 - JetBrains s.r.o.)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\Juniper_Setup_Client) (Version: 7.1.10.21853 - Juniper Networks, Inc.)
KDiff3 (remove only) (HKLM-x32\...\KDiff3) (Version:  - )
KONICA MINOLTA C364Series(PS_PCL_FAX) (HKLM\...\KONICA MINOLTA C364Series Installer(PS_PCL_FAX)) (Version:  - KONICA MINOLTA)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Luminance HDR 2.4.0 (HKLM-x32\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2010 (HKLM-x32\...\Office14.Access) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools Update (HKLM-x32\...\{FC909837-27D0-4FB4-8653-00F63EB70D74}) (Version: 3.0.20406.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools (HKLM-x32\...\{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Visio Viewer 2007 (HKLM-x32\...\{95120000-0052-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft S/MIME (HKLM-x32\...\{D932D6AE-786B-4ECD-B6FE-B9C0EB059B3C}) (Version: 14.3.123.2 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Premium 2012 (HKLM-x32\...\{ddf0bb95-e254-447e-8472-3470057d9c7e}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.0 (HKLM\...\{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}) (Version: 3.1236.1631 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
MinGW-Get version 0.5-beta-20120426-1 (HKLM-x32\...\{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1) (Version: 0.5-beta-20120426-1 - MinGW)
MongoDB 2.6.4 2008R2Plus (64 bit) (HKLM\...\{492A039D-61E0-40CB-99F7-A8FD64775CDB}) (Version: 2.6.4 - MongoDB)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (HKLM-x32\...\Multi-Targeting Pack for Microsoft .NET Framework 4.0.3) (Version: 4.0.551 - Microsoft Corporation)
Multi-Targeting Pack for Microsoft .NET Framework 4.0.3 (KB2600213) (x32 Version: 4.0.551 - Microsoft Corporation) Hidden
Node.js (HKLM\...\{A744EE31-693F-43F2-AF73-A093264A9E1B}) (Version: 0.10.31 - Joyent, Inc. and other Node contributors)
Nuance PDF Converter Enterprise 7 (HKLM\...\{8B9C3805-9BC6-4CBB-A02D-86D266D30C5B}) (Version: 7.00.6420 - Nuance Communications, Inc)
Openfire 3.7.1 (HKLM-x32\...\Openfire 3.7.1) (Version:  - Ignite Realtime RTC Community)
OpenSSL 1.0.1f Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
Pandoc 1.11.1 (HKLM-x32\...\{9328E44F-9713-40B7-AA5C-D3D3B585EB36}) (Version: 1.11.1 - John MacFarlane)
Password Safe (HKLM-x32\...\Password Safe) (Version:  - )
Photomatix Pro version 5.0.3 (HKLM\...\PhotomatixPro5x64_is1) (Version: 5.0.3 - HDRsoft Ltd)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Protege 3.3.1 (HKLM-x32\...\Protege 3.3.1) (Version: 1.0.0.0 - Stanford Medical Informatics)
PushOk CVS SCC 1.5.0.6 (HKLM-x32\...\{601CCA8B-1BD0-4525-9017-23B0C13BA301}) (Version: 1.5.0006 - Pushok Software)
Python 2.7.8 (HKLM-x32\...\{61121B12-88BD-4261-A6EE-AB32610A56DD}) (Version: 2.7.8150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Roxio Creator DE 10.3 (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio)
Samsung Data Migration (HKLM-x32\...\{D4DE3DB4-7734-47E5-8D92-B80146311406}) (Version: 2.7 - Samsung)
Scala (HKLM-x32\...\{7606E6DA-E168-42B5-8345-B08BF774CB30}) (Version: 2.11.4.400 - LAMP/EPFL and Typesafe, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0000-0000-0000000FF1CE}_Office14.Access_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
Spark 2.6.3.12555 (HKLM-x32\...\Spark 2.6.3.12555) (Version:  - Jive Software)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
StarTeam 2009 R2 Eclipse Client (HKLM-x32\...\StarTeam 2009 R2 Eclipse Client) (Version: 6.0.0.0 - Borland)
StarTeam Cross-Platform Client 2009 (HKLM-x32\...\StarTeam Cross-Platform Client 2009) (Version: 11.0.48.0 - Borland)
StarTeam SDK Runtime 11.0 (HKLM-x32\...\StarTeam SDK Runtime 11.0) (Version:  - )
Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation)
Tivoli Endpoint Manager Client (HKLM-x32\...\{19684E1D-3427-4216-96D8-8744D44E4159}) (Version: 8.2.1310.0 - IBM Corp.)
TortoiseOverlays (HKLM\...\{9CFA7A85-AEB6-487B-9C8E-C3C9432AA8F7}) (Version: 1.0.17375 - TortoiseSVN)
TortoiseOverlays (HKLM-x32\...\{C9DCF4E9-A41B-40E7-B028-2255E36D2A1C}) (Version: 1.0.17375 - TortoiseSVN)
UltraVNC 1.0.8.2 (HKLM\...\Ultravnc2_is1) (Version: 1.0.8.2 - 1.0.8.2)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VanDyke Software SecureCRT 6.0 (HKLM-x32\...\{ED218669-1F95-477C-9DFD-D78AEA99A2AF}) (Version: 6.0.0 - VanDyke Software, Inc.)
VC9RunTime (HKLM-x32\...\{5A37B181-B8D0-48C3-B4A4-5DC1ED104CED}) (Version: 1.0.0 - Default Company Name)
VC9RunTimeX64 (HKLM-x32\...\{2460EA85-D9D1-4D44-915E-6019271AFB1D}) (Version: 1.0.0 - Default Company Name)
Vim 7.2 (self-installing) (HKLM-x32\...\Vim 7.2) (Version:  - )
VinylStudio (HKLM-x32\...\VinylStudio) (Version:  - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 3 (KB2707250) (HKLM-x32\...\{29828f33-4679-462a-8c98-1c3507678922}) (Version: 11.0.60610 - Microsoft Corporation)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.2 - VMware, Inc)
VMware Player (Version: 6.0.2 - VMware, Inc.) Hidden
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.0.1087880 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.14766 - VMware, Inc.)
Waterfox 35.0 (x64 en-US) (HKLM\...\Waterfox 35.0 (x64 en-US)) (Version: 35.0 - Mozilla)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Webshots (HKLM-x32\...\{2857dbef-0b50-361c-8690-7d505747009f}) (Version: 3.1.5.7620 - AG Interactive)
WinCvs 2.0 (HKLM-x32\...\D2D77DC2-8299-11D1-8949-444553540000_is1) (Version:  - CvsGui)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinSCP 4.3.5 (HKLM-x32\...\winscp3_is1) (Version: 4.3.5 - Martin Prikryl)
XAMPP (HKLM-x32\...\xampp) (Version: 1.8.3-4 - Bitnami)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\eric_hallander\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-565831887-3637738334-3767947266-1127_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\eric_hallander\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-10-27 10:25 - 00001280 ____A C:\Windows\system32\Drivers\etc\hosts
10.50.5.100 eat-hallander-2.viecorefsd.com eat-hallander-2
10.50.4.21 FSD-DC1.viecorefsd.com FSD-DC1
10.50.4.24 patton.viecorefsd.com patton
10.50.4.40 eat-vcenter01.viecorefsd.com eat-vcenter01
10.50.4.41 eat-filesrv01.viecorefsd.com eat-filesrv01
10.50.4.44 eat-starteam.viecorefsd.com eat-starteam
10.50.5.173 jc2cui-desktop jc2cui-desktop.viecorefsd.com test.domain.net
192.168.5.198 hammurabi.eoir.com hammurabi
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0988D8E8-AE1B-4B61-837B-5205A1BC4AE2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {0FBAB7A9-2FEF-4B41-8A9D-E5D381094864} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {115330E2-5911-4FE7-98FD-ADDED32B9123} - System32\Tasks\{E5550631-143D-4A1D-9F36-E08D696A95A5} => pcalua.exe -a "C:\Program Files (x86)\Openfire\uninstall.exe"
Task: {2422E837-6BA7-4841-ABAF-B6327C22064C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {334D4FF3-5BDE-4D40-A245-5C9CADDBE4EE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {3DE316A6-9386-4C79-A090-CE030672C595} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {45B114BE-ABB4-4CEC-95CD-B2645B5EAD12} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384UA => C:\Users\ehallander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {4F2F2C10-270C-4730-BE3B-4F667E5EE60F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {59F026B6-C156-4BCD-A806-C08615FF3628} - System32\Tasks\{C4FEBAAB-5631-4A50-ABF7-88AA17631D00} => pcalua.exe -a "C:\Users\eric_hallander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UNY6V3X\C8setup.exe" -d C:\Users\eric_hallander\Desktop
Task: {5D6541E6-B204-4CD5-A1AC-100096792E97} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {5FC6AE45-0994-4912-87E1-B344DBB5573D} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {708C667D-CE1A-40A0-8A63-5DDB14D33F58} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384Core => C:\Users\ehallander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {7BF07D7F-0B91-43A3-A91F-60554E93C7CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A6086D8A-5E26-4A72-A6B7-469A39B4126A} - System32\Tasks\{1443A1D1-0177-4DA8-A921-3B9E7013425A} => pcalua.exe -a "E:\My Downloads\GetGnuWin32\gnuwin32\bin\install-info.exe" -d "E:\My Downloads\GetGnuWin32" -c --infodir=./gnuwin32/info gnuwin32\info\autoconf.info
Task: {C55979BC-C929-45E5-A526-C175FCFC557C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {DB590C06-C724-442E-B80F-88C3FE596CBE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {E2B95815-01FC-4A17-AC48-71604C5F78AC} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {E59E4CCD-79BB-404A-841C-6ADDC34226CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E744DB06-649D-4778-8C93-B04377014417} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E987F261-B88E-405C-8391-BF7B49CC6300} - System32\Tasks\{2848821B-1C15-40C1-8F6F-112D0A2C67E7} => pcalua.exe -a "C:\Program Files (x86)\Openfire\uninstall.exe" -d "C:\Program Files (x86)\Openfire"
Task: {F0BCFF86-AFBB-4953-AC92-C0E02C704234} - System32\Tasks\{8CBB5885-29D3-4B95-9B72-F03FC55C5ADC} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {F170EC27-9167-4787-8914-D278B718B51B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F49F70A8-2027-4745-B523-1E393E43D23F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {F92869D0-EFFE-4688-B9E0-2DD2F2A8C364} - System32\Tasks\{265AEF92-6749-492F-91BE-994DFD88294E} => pcalua.exe -a "E:\My Downloads\GetGnuWin32\gnuwin32\bin\install-info.exe" -d "E:\My Downloads\GetGnuWin32" -c --infodir=./gnuwin32/info gnuwin32\info\a2ps.info
Task: {FF1B899C-7471-4ACB-875F-5B7AEEC16089} - System32\Tasks\{F5423CAC-071D-46B1-8C15-F922855192F1} => pcalua.exe -a E:\Setup.exe -d E:\
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384Core.job => C:\Users\ehallander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2218520587-1409104296-78237529-1384UA.job => C:\Users\ehallander\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-26 14:42 - 2010-03-26 14:42 - 00017280 _____ () C:\Program Files (x86)\cvsnt\cvslock.exe
2014-08-08 21:28 - 2014-08-08 21:28 - 18920960 _____ () C:\Program Files\MongoDB 2.6 Standard\bin\mongod.exe
2015-04-02 17:14 - 2015-06-01 10:12 - 00017920 _____ () C:\Windows\System32\rpcnetp.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-11 19:20 - 2011-02-22 00:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-09-25 15:56 - 2015-01-30 14:36 - 00320216 _____ () C:\eclipse-luna\eclipse.exe
2014-06-04 01:16 - 2015-01-30 14:41 - 00057344 _____ () C:\eclipse-luna\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20140603-1326\eclipse_1603.dll
2015-01-30 14:57 - 2015-01-30 14:57 - 00055296 _____ () C:\eclipse-luna\configuration\org.eclipse.osgi\80\0\.cp\os\win32\x86_64\localfile_1_0_0.dll
2015-01-30 14:57 - 2015-01-30 14:57 - 00043520 _____ () C:\eclipse-luna\configuration\org.eclipse.osgi\85\0\.cp\os\win32\x86_64\win32refresh.dll
2015-01-30 14:57 - 2015-01-30 14:57 - 00044032 _____ () C:\eclipse-luna\configuration\org.eclipse.osgi\83\0\.cp\jWinHttp-1.0.0.dll
2010-03-26 14:42 - 2010-03-26 14:42 - 00079744 _____ () C:\Program Files (x86)\cvsnt\cvslock.dll
2009-08-12 03:15 - 2009-08-12 03:15 - 00979968 _____ () C:\Program Files (x86)\Common Files\March Hare Software Ltd\libxml2-2.7.3.dll
2009-08-12 03:15 - 2009-08-12 03:15 - 00009216 _____ () C:\Program Files (x86)\Common Files\March Hare Software Ltd\libpcreposix-7.9.dll
2009-08-12 03:15 - 2009-08-12 03:15 - 00144896 _____ () C:\Program Files (x86)\Common Files\March Hare Software Ltd\libpcre-7.9.dll
2010-03-26 14:42 - 2010-03-26 14:42 - 00027008 _____ () C:\Program Files (x86)\cvsnt\mdns\mini.dll
2010-03-26 14:42 - 2010-03-26 14:42 - 00027520 _____ () C:\Program Files (x86)\cvsnt\mdnsclient.dll
2013-04-09 08:49 - 2013-04-09 08:49 - 00086096 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 01296976 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2013-04-09 08:37 - 2013-04-09 08:37 - 00542288 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2014-04-14 16:41 - 2014-04-14 16:41 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-01 10:13 - 2015-06-01 10:13 - 00043008 _____ () c:\Users\eric_hallander\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsxzad1.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00028160 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00100352 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 01274655 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00310491 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00092874 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00209619 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00105620 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00190464 _____ () C:\Program Files (x86)\Pidgin\libsasl.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00373657 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00149933 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00106670 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00116583 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00171090 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 02097721 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00818985 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00055758 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00415553 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00228908 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00047391 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029225 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00069575 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00027811 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00023305 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2013-02-13 00:45 - 2013-02-13 00:45 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102400 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00115712 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00140288 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2013-02-13 00:43 - 2013-02-13 00:43 - 00102912 _____ () C:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2013-02-13 00:44 - 2013-02-13 00:44 - 00425984 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2013-06-12 09:53 - 2013-06-12 09:53 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-25 16:50 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-25 16:50 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2015-04-03 00:34 - 2015-04-03 00:34 - 00036352 _____ () C:\Program Files (x86)\JetBrains\WebStorm 10.0.1\bin\IdeaWin32.dll
2015-04-03 00:34 - 2015-04-03 00:34 - 00032768 _____ () C:\Program Files (x86)\JetBrains\WebStorm 10.0.1\bin\focuskiller.dll
2015-04-03 00:34 - 2015-04-03 00:34 - 00054784 _____ () C:\Program Files (x86)\JetBrains\WebStorm 10.0.1\bin\jumplistbridge.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 06:37 - 2013-05-11 06:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\dictaphone.com -> dictaphone.com
IE trusted site: HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\elementk.com -> elementk.com
IE trusted site: HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\nuance.com -> nuance.com
IE trusted site: HKU\S-1-5-21-565831887-3637738334-3767947266-1127\...\scansoft.com -> scansoft.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\Control Panel\Desktop\\Wallpaper -> C:\Users\eric_hallander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.50.4.21 - 10.50.4.250
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2BF333D3-CB4D-44D9-81B4-830562648D30}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{1A5AA0F3-05B4-44E0-885F-EB833FFA72ED}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{A7AB1E23-B173-4A50-A3FA-64A8FC5D7A79}] => (Allow) C:\Program Files (x86)\BigFix Enterprise\BES Client\BESClient.exe
FirewallRules: [{00ACEFA1-22FB-4289-A7DE-1A1F3630EB0B}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{3F45DF38-B012-4F37-BD6A-C46EA2605309}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{BF04803A-7165-4453-B450-BC07B3EAF165}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{31A49D2A-0A61-4872-9583-086F21FF70FB}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{B86E9065-BD9F-4D16-AC18-89181AFED391}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{7CA2071E-1E81-41B0-8907-176B5EEC3842}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{0B6E0D3C-4301-4660-8642-AB00F37C9B8A}] => (Allow) LPort=5900
FirewallRules: [{87DADED7-E09F-47CE-BEAE-7854F0325242}] => (Allow) LPort=5900
FirewallRules: [{1714EBBC-D480-4C83-AEDF-1578EC49CD7E}] => (Allow) LPort=5800
FirewallRules: [{818F0667-6E76-4A54-8869-76E77CE1E72A}] => (Allow) LPort=5800
FirewallRules: [{AB4285E8-B3E7-406E-BE57-FC62160711B1}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{62687B0D-BDB1-402F-A9A1-A3718D2D6E24}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{833CD211-4059-4A48-856E-32862ACB5692}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{A4FA4B2A-4968-46FF-9339-6EE0C7D6718E}] => (Allow) C:\Program Files\UltraVNC\vncviewer.exe
FirewallRules: [{68D3C477-CE0C-4124-83AE-E295FC89E986}] => (Allow) C:\Users\ehallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{05BE470F-F1E7-4870-AFBB-D6E9575CF2F0}] => (Allow) C:\Users\ehallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{39EAC3F2-975E-4529-B963-FFA1B3C02B59}] => (Allow) C:\Users\ehallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{BD3CEBA0-B75F-41E1-97C9-BADC90A69A8A}] => (Allow) C:\Users\ehallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6C15A9DC-F9CA-416F-B321-990271B68001}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{8E0BDBB0-75D4-4DCE-BA8E-BBB9A0D69868}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{E470EE38-9C8E-4007-833F-4A79185128EE}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
FirewallRules: [{5BACB15B-E613-41AE-93DB-CD44D78AF9CB}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
FirewallRules: [{47E4F922-7943-463C-9D56-AAEFB868B266}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
FirewallRules: [{0E6A5526-7BC7-4398-AEB1-7E111B6817F9}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe
FirewallRules: [TCP Query User{320A8D2A-4EE6-450E-A70C-C951C41B5395}C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvtray.exe] => (Block) C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvtray.exe
FirewallRules: [UDP Query User{55EAF9AE-61B9-4EFE-AC4D-8B8BB3ED10CC}C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvtray.exe] => (Block) C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvtray.exe
FirewallRules: [TCP Query User{FDCE7A74-CCCD-4D31-8F86-2B3C48BDC931}C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvcheck.exe] => (Block) C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvcheck.exe
FirewallRules: [UDP Query User{DF8E293B-1CC2-4C1B-B627-B441B910E1B5}C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvcheck.exe] => (Block) C:\program files (x86)\hewlett-packard\hp media vault\utilities\hpmvcheck.exe
FirewallRules: [{BF52911A-ECDF-43D1-BFBF-C7F389C718EA}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{275910FF-8892-4270-97F1-5A7D3CFA7144}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{A7CE339C-1D51-4D6B-9824-DB4E39306812}] => (Allow) LPort=1935
FirewallRules: [{D2458145-DF0A-4FB9-8CEA-8E11AF70EC6D}] => (Allow) LPort=1935
FirewallRules: [{A12A20F9-D8D6-454D-A06A-3DF63C363998}] => (Allow) C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8A90C5F9-E11F-4300-BA8F-D3DD9FC0899C}] => (Allow) C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8B9FF44F-9576-47B7-A333-497220C125F6}] => (Allow) C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0E5DBCBD-6F39-45D3-A256-C6AC18D188EC}] => (Allow) C:\Users\eric_hallander\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{C7A48F6C-A8A4-4F25-9791-272408D57191}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{590B4CB5-5144-47FC-BF76-CAE5621F943A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{2DA0774B-8531-4B8F-9C21-6408CBE1BB34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D34ABDF2-F72F-431D-8F46-EE42074E807C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{303D432B-2DFC-420F-85C8-DCE44A29C1C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8F75F401-2F23-43B9-BFFE-058CFA0D8B7D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08DA48BA-B0FB-465A-9811-116A4723D92E}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{2168FC47-4B85-4FCF-B630-C10AC74EDC74}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{0648C1AC-6F4E-4C54-8C43-78A188AAD8AA}] => (Allow) LPort=9089
FirewallRules: [TCP Query User{F909B4F7-8FEE-4578-BD04-6EC24048684A}C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe] => (Allow) C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe
FirewallRules: [UDP Query User{1D4EF1D1-4268-462A-99C1-A399D4096FF2}C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe] => (Allow) C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe
FirewallRules: [{17B36D1D-46F8-4839-BBC1-CDDA4DE3D85B}] => (Block) C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe
FirewallRules: [{5B7915E9-6ACB-41A6-B76F-5841F8F3F8ED}] => (Block) C:\program files (x86)\jetbrains\webstorm 7.0.3\bin\webstorm.exe
FirewallRules: [{1CC78897-92A4-4BE2-8F96-FD057F47F1A7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1915E37F-B99B-47E9-8E8B-B9CE3BE87A9A}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{09C2C422-1D6B-40B6-BD86-3C6C2C43DFE1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/03/2015 09:41:52 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).
 
Error: (06/03/2015 09:41:52 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (06/03/2015 09:40:30 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).
 
Error: (06/03/2015 09:40:30 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (06/03/2015 09:39:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmware-usbarbitrator64.exe, version: 12.1.17.0, time stamp: 0x530ff71d
Faulting module name: vmware-usbarbitrator64.exe, version: 12.1.17.0, time stamp: 0x530ff71d
Exception code: 0xc0000005
Fault offset: 0x0000000000006092
Faulting process id: 0xd20
Faulting application start time: 0xvmware-usbarbitrator64.exe0
Faulting application path: vmware-usbarbitrator64.exe1
Faulting module path: vmware-usbarbitrator64.exe2
Report Id: vmware-usbarbitrator64.exe3
 
Error: (06/03/2015 09:39:08 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: The application domain WindowsService_0 failed to start. Error: System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).
 
Error: (06/03/2015 09:39:07 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (06/03/2015 09:41:52 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 935 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/03/2015 09:40:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 934 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/03/2015 09:39:20 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
 
Error: (06/03/2015 09:39:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware USB Arbitration Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/03/2015 09:39:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 933 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/02/2015 05:22:00 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 932 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/02/2015 05:20:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 931 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/02/2015 05:19:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 930 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/02/2015 05:17:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 929 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/02/2015 05:16:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SQL Server Reporting Services (MSSQLSERVER) service terminated unexpectedly.  It has done this 928 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (06/03/2015 09:41:52 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: WindowsService_0System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)
 
Error: (06/03/2015 09:41:52 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (06/03/2015 09:40:30 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: WindowsService_0System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)
 
Error: (06/03/2015 09:40:30 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (06/03/2015 09:39:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmware-usbarbitrator64.exe12.1.17.0530ff71dvmware-usbarbitrator64.exe12.1.17.0530ff71dc00000050000000000006092d2001d09c7510736622C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeC:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exeea0e7b7c-09f5-11e5-a2de-d5b6e01fc9d9
 
Error: (06/03/2015 09:39:08 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 139) (User: )
Description: WindowsService_0System.DllNotFoundException: Unable to load DLL 'sqlboot.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
 
Server stack trace: 
   at Microsoft.ReportingServices.Diagnostics.Sku.QueryValueID(UInt32 dwSetting, INST_ID pInstanceID)
   at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
   at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
   at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
   at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
   at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
   at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
   at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
   at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
   at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
   at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)
 
Error: (06/03/2015 09:39:07 AM) (Source: Report Server Windows Service (MSSQLSERVER)) (EventID: 107) (User: )
Description: Report Server Windows Service (MSSQLSERVER)
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1045
 
Error: (06/02/2015 05:23:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-02 13:21:02.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:21:02.809
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:21:00.337
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:21:00.307
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:56.971
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:56.937
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:56.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:56.191
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:50.963
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-02 13:20:50.929
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2640M CPU @ 2.80GHz
Percentage of memory in use: 57%
Total physical RAM: 8072.93 MB
Available physical RAM: 3471.14 MB
Total Pagefile: 16144.07 MB
Available Pagefile: 10098.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:465.76 GB) (Free:221.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:586.26 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: C40A1774)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 01FF913E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 04 June 2015 - 06:04 AM

Hello,

 

Did you set this proxy yourself?
 

 

ProxyServer: [S-1-5-21-565831887-3637738334-3767947266-1127] => http=10.50.5.164:8080;https=10.50.5.164:8080

 

FF NetworkProxy: "http", "10.50.5.164"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "ssl", "10.50.5.164"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4

 

As for the browser issue can boot your system into a clean boot state and let me know if the problem persists there?

 

https://support.microsoft.com/en-us/kb/929135

 

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#5 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 04 June 2015 - 11:03 AM

That FF proxy I don't believe I would have set that myself. I had already uninstalled FF some time last year.

 

As for that address, it was the address of machine local to my domain here, though I haven't identified the machine yet.

 

 

I have booted clean according to the directions at the MS site, and am observing my process table. It started with a single phantom iexplore process, but so far I haven't seen any new ones spawn. 

 

The properties of that process have an <access denied> associated with it, so I am pretty sure it is a doo doo process.



#6 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 04 June 2015 - 12:00 PM

That process is in fact spawning clones of itself still.



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 04 June 2015 - 04:13 PM

Hi,

 

Please boot back to Normal Mode. Use msconfig to reverse the changes and be sure that all services and startup items are checked and then hit apply and reboot.

 

Next please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

That's it for now.

 

 

Regards,

Georgi


cXfZ4wS.png


#8 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 June 2015 - 10:03 AM

pastebin complained about the size of the past, so here is a dropbox link to the output 

https://dl.dropboxusercontent.com/u/33668976/TDSSKiller.3.0.0.44_05.06.2015_10.28.53_log.txt

 

Followed instructions, got 0 on the scan after the reboot.

 

Cheers



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 05 June 2015 - 10:31 AM

Hi,

 

Please go ahead and kill all instances of the iexplore.exe processes in Task Manager.

 

Next please download Process Monitor and save it to your desktop. Extract the archive to your desktop and run the file procmon.exe

 

Process Monitor will begin logging from the moment it starts running. To stop this, click the "Capture" icon (ico-01.png).
 
01.png

 

Clear all the events that Process Monitor recorded by clicking the "Clear" icon (ico-03.png)

 

03.png

 

Now go in to the Options menu and select Enable Boot Logging
 
04.png

 

You will be presented with the following dialog. Ensure that profiling events are generated every second and click OK.
 
05.png

 

Reboot the computer.

 

Allow the system to fully load windows and any associated startup programs and wait for the iexplore.exe to start multiplying again.

 

Next double-click on the Procmon.exe file to run Process Monitor again.

 

Upon opening Procmon.exe, you will be presented with the following dialog.
 
07.png

 

Click Yes to save the collected data. Insert in the “File name” field the desired name for the output and select the "Save" button.

 

Close Process Monitor.

 

Compress and archive (zip) all PML files and upload them here then post the link to the archive in your next reply.

 

Thanks!

 

 

 

Regards,

Georgi


cXfZ4wS.png


#10 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 05 June 2015 - 12:09 PM

http://www.filedropper.com/ehallanderbootlog

 

Was browsing the task manager since I restarted, and I don't see anything this time around.. I am going to restart again and see if anything pops up.

 

So, I restarted again, and the processes started showing up. 

 

I set up the Procmon to run again at boot, and restarted yet again, and as before in generating the above bootlogs, I do not see the offending process or processes in this run. 

 

So, observation wise, booting with Procmon running seems clear, booting without it seems infected. Those are just observations, the bootlog may say something different.

 

Cheers


Edited by jhallander9591, 05 June 2015 - 12:58 PM.


#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 05 June 2015 - 06:23 PM

Hi,

 

 

Interesting...

 

Please download the following file => [attachment=165727:fixlist.txt] and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Next please run a new scan with FRST (make sure that Addition.txt is checked before you press the scan button) and then please post both logs in your next reply.

 

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 08 June 2015 - 05:27 AM

Hi,

It's been several days. Do you still need help on this?
This thread will be closed if you don't respond within 72 hours.
Thank you for your understanding!


Regards,
Georgi


cXfZ4wS.png


#13 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 08 June 2015 - 08:55 AM

Sorry, It was the weekend here and I didn't startup my laptop.

 

I will run your last instructions and get some new results for you shortly.

 

I ran FRST with the provided fixlist.txt and the results are attached.

 

I was still in a session in which I had re-started the system with Procmon running at boot which, as I said above, appears to produce a running environment in which the malware is not active.

 

Upon restart after FRST, the malware was present in the taskmgr.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by eric_hallander at 2015-06-08 10:45:42 Run:1
Running from C:\Users\eric_hallander\Downloads
Loaded Profiles: eric_hallander (Available Profiles: Helpdesk & Administrator & eric_hallander & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-565831887-3637738334-3767947266-1127] => http=10.50.5.164:8080;https=10.50.5.164:8080
FF NetworkProxy: "http", "10.50.5.164"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "ssl", "10.50.5.164"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF user.js: detected! => C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\user.js [2015-05-28]
FF SearchPlugin: C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\searchplugins\askcom.xml [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\eric_hallander\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
cmd: type C:\Users\eric_hallander\Downloads\fixlist.txt
cmd: type C:\Users\eric_hallander\.mongorc.js
Task: {5D6541E6-B204-4CD5-A1AC-100096792E97} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\user.js => Moved successfully.
C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\searchplugins\askcom.xml => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo" => key Removed successfully
 
=========  type C:\Users\eric_hallander\Downloads\fixlist.txt =========
 
start
CreateRestorePoint:
CloseProcesses:
ProxyServer: [S-1-5-21-565831887-3637738334-3767947266-1127] => http=10.50.5.164:8080;https=10.50.5.164:8080
FF NetworkProxy: "http", "10.50.5.164"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "ssl", "10.50.5.164"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF user.js: detected! => C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\user.js [2015-05-28]
FF SearchPlugin: C:\Users\eric_hallander\AppData\Roaming\Mozilla\Firefox\Profiles\br5j9kur.default\searchplugins\askcom.xml [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\eric_hallander\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [Not Found]
cmd: type C:\Users\eric_hallander\Downloads\fixlist.txt
cmd: type C:\Users\eric_hallander\.mongorc.js
Task: {5D6541E6-B204-4CD5-A1AC-100096792E97} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F
AlternateDataStreams: C:\ProgramData\TEMP:B946D9EE
cmd: bitsadmin /reset /allusers
cmd: netsh winsock reset catalog
cmd: ipconfig /flushdns
RemoveProxy:
EmptyTemp:
End
========= End of CMD: =========
 
 
=========  type C:\Users\eric_hallander\.mongorc.js =========
 
 
========= End of CMD: =========
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D6541E6-B204-4CD5-A1AC-100096792E97}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6541E6-B204-4CD5-A1AC-100096792E97}" => key Removed successfully
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key Removed successfully
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
"C:\Windows\system32\autochk.exe" => ":BAK" ADS not found.
C:\ProgramData\TEMP => ":7FFED16F" ADS Removed successfully.
C:\ProgramData\TEMP => ":B946D9EE" ADS Removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{8C47D0AD-32C2-4F74-A1A3-3D048248537F} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-565831887-3637738334-3767947266-1127\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 27.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 10:46:10 ====

Edited by jhallander9591, 08 June 2015 - 10:00 AM.


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:55 PM

Posted 08 June 2015 - 12:04 PM

Hello,

 

No problems. I was on 2 weddings (2 of my friends had married this weekend) and I was busy as well. :)

 

Ok please next run a new scan with FRST (make sure that Addition.txt is checked before you press the scan button) and then please post both logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#15 jhallander9591

jhallander9591
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:55 AM

Posted 08 June 2015 - 12:18 PM

http://pastebin.com/wyWMWQkE for FRST.txt and

http://pastebin.com/PHL75jkT for Addition.txt

 

Two weddings. That would be two good times. I did a pub crawl on Saturday, and spent yesterday recovering.

 

Cheers






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users