Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Parite.A.gen (Virus)


  • This topic is locked This topic is locked
29 replies to this topic

#1 A P Bustraan

A P Bustraan

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 03:08 AM

A client's SonicWall Appliance had numerous alert entries from this system.

 

12/10/2015 13:19:45.128 - Alert - Security Services -         Gateway Anti-Virus Alert: Parite.A.gen (Virus) blocked. -                 LocalIP, 52012, X0, LocalComputer1 -      128.11.138.54, 80, X1 -   

 

Took the system offline, scanned it with current versions and definitions of McAfee Enterprise and MalwareBytes Enterprise and nothing found.

 

The system is Windows 7x64 with all Windows Updates Installed.

 

Put the system back online and restarted it, and the alerts resumed.

 

Have taken the system back offline and imaged it.

 

Ready to wipe, but would like to try and find the infection.

 



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 11 December 2015 - 10:53 AM


Hello A P Bustraan,

my name is Jo and I will help you with your computer problems.


What you wrote looks like a file infector which means a full format and complete re-install!

Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***



ESET Online Scanner

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

***


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.




***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 02:56 PM

Here's the requested logs. Since my original posting, I have 2 other systems generating traffic that is being flagged as Parite.A.gen (Virus)

 

 

 

ESET Online Scanner Results

 

C:\Program Files (x86)\AAONECat32\BACKUP\AAON Engineering Toolkit.EXE a variant of Win32/InstallMonstr.CV

potentially unwanted application
C:\Program Files (x86)\AAONECat32\BACKUP\Aaon pool calculator.exe a variant of Win32/InstallMonstr.CV

potentially unwanted application
C:\Program Files (x86)\AAONECat32\BACKUP\Energy Comparision Digital vs Standard Compressors.EXE a variant of

Win32/InstallMonstr.CV potentially unwanted application
C:\Temp\epasrec-53011881.exe Win32/WinWrapper.J potentially unwanted application

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-12-2015
Ran by LocalUser1 (administrator) on LocalSystem-LocalUser12 (11-12-2015 13:41:09)
Running from E:\
Loaded Profiles: UpdatusUser & LocalUser1 (Available Profiles: LK & UpdatusUser & LocalUser1)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(United Technologies Corporation) C:\E20-II\ENVIRO\Library\Librarian\LibrarianService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.2\bin\postgres.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dell Inc.) C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(United Technologies Corporation) C:\E20-II\ENVIRO\Library\Librarian\LibrarianController.exe
(Key Metric Software) C:\Program Files\Key Metric Software\OfficeStatus Windows Client\OfficeStatus.WinClient.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mcconsol.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-08-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [274936 2013-12-18] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-10-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2722080 2013-08-08] ()
HKLM\...\Run: [DLPSP] => C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE [942400 2012-04-18] (Dell Inc.)
HKLM\...\Run: [DLQLU] => C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE [1241408 2012-04-11] (Dell Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-11-13] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-09-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-06-25] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104288 2015-09-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-17] (Google Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1079592 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Policies\Explorer: []
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\MountPoints2: {9e836de8-d7a3-11e4-8e4d-34e6d706358e} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-08-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-08-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Librarian Controller.lnk [2014-12-03]
ShortcutTarget: Librarian Controller.lnk -> C:\Windows\Installer\{8EA724D7-5FE2-44E8-9E63-CA69355258AF}\_39854616A73D6E358E5C8F.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeStatus Windows Client.lnk [2014-11-17]
ShortcutTarget: OfficeStatus Windows Client.lnk -> C:\Program Files\Key Metric Software\OfficeStatus Windows Client\OfficeStatus.WinClient.exe (Key Metric Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.16 68.105.29.16
Tcpip\..\Interfaces\{98F90C25-D166-4804-9BF7-856505A24D54}: [DhcpNameServer] 68.105.28.16 68.105.29.16
Tcpip\..\Interfaces\{DF41CF14-99C6-4F07-9A97-142ED7483A0F}: [NameServer] 192.168.100.251,192.168.100.90
Tcpip\..\Interfaces\{DF41CF14-99C6-4F07-9A97-142ED7483A0F}: [DhcpNameServer] 192.168.100.251
Tcpip\..\Interfaces\{E43DC961-250B-4BEF-9D38-EC28C5FBCF89}: [DhcpNameServer] 192.168.100.251 68.105.28.16 68.105.29.16

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/
hxxps://www.google.com/maps/dir/345+Riverview+St,+Wichita,+KS+67203,+USA//@37.691358,-97.3461754,17z/data=!3m1!4b1!4m8!4m7!1m5!1m1!1s0x87bae3dc7918186f:0x36ef3168f5dc750e!2m2!1d-97.3440296!2d37.691358!1m0
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670 -> {D4C94653-A89A-4F10-A4D0-5A7BD68641C3} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670 -> {F65D403C-5D9C-4DDD-AA70-66CCC63A4667} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20141117001518.dll [2014-11-17] (McAfee, Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-25] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20141117001518.dll [2014-11-17] (McAfee, Inc.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-11-25] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-25] (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-11-25] (Google Inc.)
Toolbar: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-11-25] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP10EP1-10115/training/ieatgpc1.cab
Handler-x32: asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: ezstor - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-asp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-cnote - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-hsp - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\Windows\SysWow64\WowCtl2.dll [2006-10-13] (EzTools Software)
Handler-x32: x-zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)
Handler-x32: zip - {8D32BA61-D15B-11d4-894B-000000000000} - C:\Windows\SysWow64\hsppp.dll [2006-10-07] (EzTools Software)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-11-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2857191529-4038278520-3241676031-3670: @citrixonline.com/appdetectorplugin -> C:\Users\LocalUser1\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-12-09] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-11-18] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2014-11-17] [not signed]

Chrome:
=======
CHR Profile: C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25]
CHR Extension: (Google Slides) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25]
CHR Extension: (Google Drive) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25]
CHR Extension: (YouTube) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25]
CHR Extension: (Google Search) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25]
CHR Extension: (Google Slides) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25]
CHR Extension: (Google Wallet) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25]
CHR Extension: (Gmail) - C:\Users\LocalUser1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 CarrierLibrarianService; C:\E20-II\ENVIRO\Library\Librarian\LibrarianService.exe [37888 2014-05-20] (United Technologies Corporation) [File not signed]
S3 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2486272 2013-04-30] (Dell Inc.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-10-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [130080 2013-06-25] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-11-17] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-11-17] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [641232 2013-12-18] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [277712 2013-12-18] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [516304 2013-12-18] (Dell Inc.)
R2 postgresql-9.2; C:\Program Files (x86)\PostgreSQL\9.2\bin\pg_ctl.exe [79872 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
S2 SCCommService; C:\Program Files (x86)\Malwarebytes' Managed Client\SCComm.exe [142848 2013-09-29] (Malwarebytes Corporation) [File not signed]
S4 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{37E42610-7264-419E-A659-84D29DC09CB5}

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2013-04-29] (Dell Computer Corporation)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-05] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-10-18] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2261464 2013-08-27] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-11-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-11-17] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-11-17] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-11-17] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-11-17] (McAfee, Inc.)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-08-08] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2013-12-18] (Dell Computer Corporation)
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R2 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 13:41 - 2015-12-11 13:41 - 00000000 ____D C:\FRST
2015-12-11 13:39 - 2015-12-11 13:39 - 00001084 _____ C:\Users\LocalUser1\Documents\2015-12-11_ESet_results.txt
2015-12-11 13:24 - 2015-12-11 13:24 - 12792546 _____ C:\Users\LocalUser1\Downloads\ToZip.zip
2015-12-11 13:23 - 2015-12-11 13:24 - 00000000 ____D C:\Users\LocalUser1\Downloads\ToZip
2015-12-11 13:22 - 2015-12-11 13:19 - 12993208 _____ C:\Users\LocalUser1\Desktop\New WinRAR ZIP archive2.zip
2015-12-11 13:20 - 2015-12-11 13:20 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\WinRAR
2015-12-11 13:17 - 2015-12-11 13:19 - 12993208 _____ C:\Users\LocalUser1\Desktop\New WinRAR ZIP archive.zip
2015-12-11 13:06 - 2015-12-11 13:06 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-11 13:06 - 2015-12-11 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-12-11 12:58 - 2015-12-11 13:06 - 00000000 ____D C:\Program Files\WinRAR
2015-12-11 12:58 - 2015-12-11 12:58 - 01965488 _____ C:\Users\LocalUser1\Downloads\winrar-x64-530.exe
2015-12-11 10:39 - 2015-12-11 10:39 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-11 08:13 - 2015-12-11 08:13 - 00001085 _____ C:\Users\LocalUser1\Desktop\15185.00 Lakeside at the Waterfront - Hinkle tenant - Shortcut.lnk
2015-12-10 13:48 - 2015-12-10 13:48 - 00000985 _____ C:\Users\LocalUser1\Desktop\15477- Fieldhouse USA- Council Bluffs - Shortcut.lnk
2015-12-08 11:31 - 2015-12-08 11:31 - 00001080 _____ C:\Users\LocalUser1\Desktop\74640 -  Southeast High School - Wichita, KS - Shortcut.lnk
2015-12-06 17:42 - 2015-12-06 17:42 - 00001129 _____ C:\Users\LocalUser1\Desktop\COMcheck 4.0.2.3.lnk
2015-12-06 17:42 - 2015-12-06 17:42 - 00000000 ____D C:\Users\LocalUser1\Documents\COMcheck
2015-12-06 17:42 - 2015-12-06 17:42 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COMcheck
2015-12-06 17:42 - 2015-12-06 17:42 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\COMcheck
2015-12-06 17:42 - 2015-12-06 17:42 - 00000000 ____D C:\ProgramData\COMcheck
2015-12-06 17:41 - 2015-12-06 17:41 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\Check
2015-12-06 17:40 - 2015-12-06 17:41 - 109282900 _____ C:\Users\LocalUser1\Downloads\COMcheck_4_0_2_3_setup.exe
2015-11-29 12:54 - 2015-11-29 12:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-29 12:54 - 2015-11-29 12:54 - 00000000 ____D C:\Program Files\iTunes
2015-11-29 12:54 - 2015-11-29 12:54 - 00000000 ____D C:\Program Files\iPod
2015-11-29 12:54 - 2015-11-29 12:54 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-25 14:51 - 2015-11-25 14:51 - 00000948 _____ C:\Users\LocalUser1\Desktop\PlotStyles - Shortcut.lnk
2015-11-25 10:40 - 2015-11-25 11:06 - 00004695 _____ C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL_selection.xml
2015-11-25 10:40 - 2015-11-25 10:40 - 00005302 _____ C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL.xml
2015-11-25 10:22 - 2015-11-25 10:22 - 00022154 _____ C:\Users\LocalUser1\Documents\LK Letterhead W.dotx
2015-11-24 10:39 - 2015-12-07 09:08 - 00094526 _____ C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL.xml
2015-11-24 10:39 - 2015-12-07 09:08 - 00055446 _____ C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL_selection.xml
2015-11-16 15:29 - 2015-12-06 17:33 - 00049309 _____ C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL_selection.xml
2015-11-16 15:29 - 2015-12-06 17:29 - 00070411 _____ C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 00017669 _____ C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 00010569 _____ C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL_selection.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 00012904 _____ C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 00009503 _____ C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL_selection.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 00005626 _____ C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 00003834 _____ C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL_selection.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 00007423 _____ C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 00004557 _____ C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL_selection.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 00002439 _____ C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 00002398 _____ C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL_selection.xml

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-11 13:41 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-11 13:38 - 2014-11-25 08:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-11 13:38 - 2014-11-25 08:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 13:37 - 2014-12-09 11:56 - 00000568 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job
2015-12-11 12:59 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\Registration
2015-12-11 12:56 - 2014-10-22 07:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-11 11:51 - 2015-06-02 12:16 - 00000664 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job
2015-12-11 10:40 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 10:40 - 2009-07-13 22:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 10:39 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-11 10:32 - 2015-08-24 12:40 - 00000000 ___RD C:\Users\LocalUser1\iCloudDrive
2015-12-11 10:31 - 2014-11-17 12:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-11 10:31 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-11 09:27 - 2014-11-16 21:50 - 00000000 ____D C:\Acad2014Temp
2015-12-11 09:21 - 2014-11-14 15:54 - 00000264 _____ C:\Windows\system32\config\netlogon.ftl
2015-12-11 08:49 - 2014-11-17 14:49 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\CrashDumps
2015-12-11 08:05 - 2015-03-10 07:36 - 00000000 ____D C:\ProgramData\sccomm
2015-12-11 07:46 - 2015-08-24 12:41 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\7C6887B7-0637-4571-AE55-29648AACB609.aplzod
2015-12-10 15:55 - 2014-11-26 15:53 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\Deployment
2015-12-10 13:47 - 2015-11-09 11:57 - 00000268 _____ C:\Windows\Trace.INI
2015-12-10 13:47 - 2014-11-17 14:32 - 00000136 _____ C:\Windows\ODBC.INI
2015-12-10 10:31 - 2014-12-03 10:33 - 00000000 ____D C:\Users\LocalUser1\Documents\TRACE 700 Projects
2015-12-10 10:00 - 2015-01-21 11:10 - 00001998 _____ C:\Users\LocalUser1\Desktop\Psychrometric Tool v1.lnk
2015-12-08 18:08 - 2014-11-24 17:17 - 00000000 ____D C:\Program Files (x86)\CAFWin
2015-12-08 17:31 - 2014-10-22 07:48 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2015-12-07 13:59 - 2014-11-24 16:26 - 00000000 ____D C:\Program Files (x86)\AAONECat32
2015-12-06 17:38 - 2015-03-19 10:56 - 00005171 _____ C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL.xml
2015-12-06 17:38 - 2015-03-19 10:56 - 00003478 _____ C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL_selection.xml
2015-12-05 12:29 - 2014-11-17 10:01 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\cache
2015-12-03 08:02 - 2009-07-13 23:13 - 00787758 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 08:02 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-11-30 15:21 - 2014-11-25 13:26 - 00000000 ____D C:\_SEB - Desktop
2015-11-29 13:56 - 2014-11-25 08:05 - 00000000 ____D C:\Users\LocalUser1\AppData\Local\Google
2015-11-29 12:54 - 2014-11-18 21:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-25 10:49 - 2015-10-08 12:45 - 00091120 _____ C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL.xml
2015-11-25 10:49 - 2015-10-08 12:45 - 00062583 _____ C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL_selection.xml
2015-11-25 10:48 - 2014-10-22 07:55 - 00000000 ____D C:\Temp
2015-11-25 08:39 - 2014-11-25 08:06 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-24 17:08 - 2014-11-26 16:36 - 00000000 ____D C:\Program Files (x86)\MasterSpec
2015-11-24 17:03 - 2014-11-26 16:22 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\GetRightToGo
2015-11-24 16:46 - 2014-11-26 16:23 - 00000000 ____D C:\Users\LocalUser1\Documents\Masterspec Install
2015-11-24 10:20 - 2015-03-02 10:40 - 00091865 _____ C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL.xml
2015-11-24 10:20 - 2015-02-21 13:52 - 00091222 _____ C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL_selection.xml
2015-11-20 15:19 - 2014-12-17 13:31 - 00000000 ____D C:\Users\LocalUser1\AppData\Roaming\CafWin
2015-11-20 15:19 - 2014-11-17 15:12 - 00000000 ____D C:\Users\LocalUser1\Documents\Cook Jobs
2015-11-18 13:35 - 2015-07-16 07:11 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2015-11-18 13:35 - 2015-07-16 07:11 - 00002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2015-11-18 13:35 - 2015-07-16 07:11 - 00002046 _____ C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2015-11-16 14:36 - 2015-09-25 06:50 - 00002433 _____ C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL_selection.xml
2015-11-16 11:44 - 2015-02-21 14:44 - 00056846 _____ C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL.xml
2015-11-16 11:44 - 2015-02-21 14:44 - 00040269 _____ C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL_selection.xml
2015-11-16 11:19 - 2014-11-16 23:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-16 10:56 - 2015-10-29 08:21 - 00002929 _____ C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL.xml
2015-11-16 10:56 - 2015-02-21 12:45 - 00002554 _____ C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL_selection.xml
2015-11-16 10:48 - 2014-12-15 14:15 - 00006417 _____ C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL.xml
2015-11-16 10:48 - 2014-12-15 14:15 - 00004742 _____ C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL_selection.xml
2015-11-16 10:34 - 2015-09-25 06:50 - 00003095 _____ C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL.xml
2015-11-11 13:48 - 2015-03-18 21:28 - 00115403 _____ C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL_selection.xml
2015-11-11 13:48 - 2015-02-21 15:05 - 00099629 _____ C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL.xml
2015-11-11 09:59 - 2015-02-25 16:45 - 00041832 _____ C:\Users\LocalUser1\AppData\Roaming\232300_1_12_01_13_FL_selection.xml
2015-11-11 09:49 - 2015-02-05 07:46 - 00015078 _____ C:\Users\LocalUser1\AppData\Roaming\233113_1_09_01_13_FL_selection.xml

==================== Files in the root of some directories =======

2014-12-10 09:10 - 2014-12-10 09:10 - 0008734 _____ () C:\Users\LocalUser1\AppData\Roaming\071800_1_06_01_14_FL.xml
2014-12-10 09:10 - 2014-12-10 09:11 - 0005136 _____ () C:\Users\LocalUser1\AppData\Roaming\071800_1_06_01_14_FL_selection.xml
2015-11-16 15:29 - 2015-12-06 17:29 - 0070411 _____ () C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL.xml
2015-11-16 15:29 - 2015-12-06 17:33 - 0049309 _____ () C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL_selection.xml
2015-11-24 10:39 - 2015-12-07 09:08 - 0094526 _____ () C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL.xml
2015-11-24 10:39 - 2015-12-07 09:08 - 0055446 _____ () C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL_selection.xml
2015-05-27 09:30 - 2015-05-27 09:30 - 0012410 _____ () C:\Users\LocalUser1\AppData\Roaming\089516_1_03_20_2010_SF.xml
2015-05-27 09:30 - 2015-05-28 17:04 - 0007911 _____ () C:\Users\LocalUser1\AppData\Roaming\089516_1_03_20_2010_SF_selection.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\210518_1_03_20_2010_SF.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\210518_1_03_20_2010_SF_selection.xml
2015-04-06 16:26 - 2015-04-06 16:26 - 0057544 _____ () C:\Users\LocalUser1\AppData\Roaming\211313_1_09_01_13_FL.xml
2015-04-06 16:26 - 2015-04-07 08:26 - 0050790 _____ () C:\Users\LocalUser1\AppData\Roaming\211313_1_09_01_13_FL_selection.xml
2014-12-10 10:21 - 2014-12-10 10:21 - 0002986 _____ () C:\Users\LocalUser1\AppData\Roaming\220517_1_03_20_2010_SF.xml
2014-12-10 10:21 - 2014-12-10 10:26 - 0002377 _____ () C:\Users\LocalUser1\AppData\Roaming\220517_1_03_20_2010_SF_selection.xml
2015-10-06 08:49 - 2015-10-06 08:49 - 0368966 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_03_20_2010_FL.xml
2015-10-06 08:49 - 2015-10-06 08:57 - 0285060 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_03_20_2010_FL_selection.xml
2014-12-15 10:48 - 2014-12-15 10:48 - 0059797 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_10_01_13_SP.xml
2014-12-15 10:48 - 2014-12-15 12:49 - 0040345 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_10_01_13_SP_selection.xml
2015-10-06 08:56 - 2015-10-06 08:56 - 0057731 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_03_20_2010_FL.xml
2015-10-06 08:56 - 2015-10-06 14:22 - 0044591 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_03_20_2010_FL_selection.xml
2014-12-15 11:02 - 2014-12-15 11:02 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_10_01_13_SP.xml
2014-12-15 11:02 - 2014-12-15 11:02 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_10_01_13_SP_selection.xml
2014-12-15 11:04 - 2014-12-15 11:04 - 0004148 _____ () C:\Users\LocalUser1\AppData\Roaming\220533_1_10_01_13_SP.xml
2014-12-15 11:04 - 2014-12-15 11:05 - 0003025 _____ () C:\Users\LocalUser1\AppData\Roaming\220533_1_10_01_13_SP_selection.xml
2014-12-30 09:13 - 2014-12-30 09:13 - 0052398 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_09_01_11_FL.xml
2014-12-30 09:13 - 2014-12-30 09:13 - 0042009 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_09_01_11_FL_selection.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0039428 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_10_01_13_SP.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0031448 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_10_01_13_SP_selection.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0017638 _____ () C:\Users\LocalUser1\AppData\Roaming\220553_1_10_01_13_SP.xml
2014-12-15 11:06 - 2014-12-15 11:07 - 0011168 _____ () C:\Users\LocalUser1\AppData\Roaming\220553_1_10_01_13_SP_selection.xml
2014-12-15 11:08 - 2014-12-15 11:08 - 0031866 _____ () C:\Users\LocalUser1\AppData\Roaming\220700_1_10_01_13_SP.xml
2014-12-15 11:08 - 2014-12-15 11:11 - 0028812 _____ () C:\Users\LocalUser1\AppData\Roaming\220700_1_10_01_13_SP_selection.xml
2015-10-06 09:03 - 2015-10-06 09:03 - 0072138 _____ () C:\Users\LocalUser1\AppData\Roaming\220719_1_03_20_2010_FL.xml
2015-10-06 09:03 - 2015-10-06 14:22 - 0073300 _____ () C:\Users\LocalUser1\AppData\Roaming\220719_1_03_20_2010_FL_selection.xml
2014-12-15 11:11 - 2014-12-15 11:11 - 0035094 _____ () C:\Users\LocalUser1\AppData\Roaming\221113_1_10_01_13_SP.xml
2014-12-15 11:11 - 2014-12-15 11:19 - 0025381 _____ () C:\Users\LocalUser1\AppData\Roaming\221113_1_10_01_13_SP_selection.xml
2014-12-15 11:20 - 2014-12-15 11:20 - 0003661 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_10_01_13_SP.xml
2014-12-15 11:20 - 2014-12-15 11:20 - 0003838 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_10_01_13_SP_selection.xml
2015-10-06 09:40 - 2015-10-06 09:40 - 0035319 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_12_01_12_FL.xml
2015-10-06 09:40 - 2015-10-06 14:22 - 0032643 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_12_01_12_FL_selection.xml
2014-12-15 11:21 - 2014-12-15 11:29 - 0060461 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_10_01_13_SP.xml
2014-12-15 11:21 - 2014-12-15 11:38 - 0041744 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_10_01_13_SP_selection.xml
2015-10-06 09:51 - 2015-10-06 09:51 - 0204571 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_12_01_12_FL.xml
2015-10-06 09:51 - 2015-10-06 14:23 - 0158902 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_12_01_12_FL_selection.xml
2014-12-15 11:41 - 2014-12-15 11:41 - 0005852 _____ () C:\Users\LocalUser1\AppData\Roaming\221123_1_10_01_13_SP.xml
2014-12-15 11:41 - 2014-12-15 11:42 - 0004733 _____ () C:\Users\LocalUser1\AppData\Roaming\221123_1_10_01_13_SP_selection.xml
2014-12-15 11:44 - 2014-12-15 11:44 - 0006827 _____ () C:\Users\LocalUser1\AppData\Roaming\221313_1_10_01_13_SP.xml
2014-12-15 11:44 - 2014-12-15 11:45 - 0005131 _____ () C:\Users\LocalUser1\AppData\Roaming\221313_1_10_01_13_SP_selection.xml
2014-12-15 11:45 - 2014-12-15 11:45 - 0005252 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_10_01_13_SP.xml
2014-12-15 11:45 - 2014-12-15 11:47 - 0004382 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_10_01_13_SP_selection.xml
2015-10-06 09:55 - 2015-10-06 09:55 - 0040602 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_FL.xml
2015-10-06 09:55 - 2015-10-06 14:23 - 0032611 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_FL_selection.xml
2014-12-10 10:29 - 2015-05-21 14:56 - 0015089 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_SF.xml
2014-12-10 10:29 - 2015-05-21 14:56 - 0011339 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_SF_selection.xml
2014-12-10 10:30 - 2015-05-21 14:56 - 0032001 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_03_01_13_SF.xml
2014-12-15 11:47 - 2014-12-15 11:47 - 0047525 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_10_01_13_SP.xml
2014-12-15 11:47 - 2014-12-15 11:51 - 0038113 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_10_01_13_SP_selection.xml
2014-12-15 11:52 - 2014-12-15 11:52 - 0010018 _____ () C:\Users\LocalUser1\AppData\Roaming\221353_1_10_01_13_SP.xml
2014-12-15 11:52 - 2014-12-15 11:53 - 0009407 _____ () C:\Users\LocalUser1\AppData\Roaming\221353_1_10_01_13_SP_selection.xml
2014-12-15 11:43 - 2014-12-15 11:43 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_10_01_13_SP.xml
2014-12-15 11:43 - 2014-12-15 11:43 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_10_01_13_SP_selection.xml
2014-12-10 10:44 - 2014-12-10 10:44 - 0012283 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_12_01_12_SF.xml
2014-12-10 10:44 - 2014-12-10 10:44 - 0010442 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_12_01_12_SF_selection.xml
2014-12-15 11:54 - 2014-12-15 11:54 - 0050233 _____ () C:\Users\LocalUser1\AppData\Roaming\221423_1_10_01_13_SP.xml
2014-12-15 11:54 - 2014-12-15 12:08 - 0036993 _____ () C:\Users\LocalUser1\AppData\Roaming\221423_1_10_01_13_SP_selection.xml
2014-12-15 12:09 - 2014-12-15 12:09 - 0016608 _____ () C:\Users\LocalUser1\AppData\Roaming\221429_1_10_01_13_SP.xml
2014-12-15 12:09 - 2014-12-15 12:11 - 0009853 _____ () C:\Users\LocalUser1\AppData\Roaming\221429_1_10_01_13_SP_selection.xml
2014-12-15 12:12 - 2014-12-15 12:12 - 0006736 _____ () C:\Users\LocalUser1\AppData\Roaming\223100_1_10_01_13_SP.xml
2014-12-15 12:12 - 2014-12-15 12:12 - 0004206 _____ () C:\Users\LocalUser1\AppData\Roaming\223100_1_10_01_13_SP_selection.xml
2014-12-15 12:13 - 2014-12-15 12:13 - 0018865 _____ () C:\Users\LocalUser1\AppData\Roaming\223300_1_10_01_13_SP.xml
2014-12-15 12:13 - 2014-12-15 12:14 - 0011830 _____ () C:\Users\LocalUser1\AppData\Roaming\223300_1_10_01_13_SP_selection.xml
2014-12-15 12:15 - 2014-12-15 12:15 - 0028804 _____ () C:\Users\LocalUser1\AppData\Roaming\223400_1_10_01_13_SP.xml
2014-12-15 12:15 - 2014-12-15 12:18 - 0019491 _____ () C:\Users\LocalUser1\AppData\Roaming\223400_1_10_01_13_SP_selection.xml
2014-12-15 12:18 - 2014-12-15 12:18 - 0273126 _____ () C:\Users\LocalUser1\AppData\Roaming\224000_1_10_01_13_SP.xml
2014-12-15 12:18 - 2014-12-15 12:43 - 0192185 _____ () C:\Users\LocalUser1\AppData\Roaming\224000_1_10_01_13_SP_selection.xml
2014-12-15 12:45 - 2014-12-15 12:45 - 0006877 _____ () C:\Users\LocalUser1\AppData\Roaming\224716_1_10_01_13_SP.xml
2014-12-15 12:45 - 2014-12-15 12:46 - 0005196 _____ () C:\Users\LocalUser1\AppData\Roaming\224716_1_10_01_13_SP_selection.xml
2014-12-10 09:31 - 2014-12-10 09:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230130.51_1_03_20_2010_SF.xml
2014-12-10 09:31 - 2014-12-10 10:47 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230130.51_1_03_20_2010_SF_selection.xml
2015-10-29 08:21 - 2015-11-16 10:56 - 0002929 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL.xml
2015-02-21 12:45 - 2015-11-16 10:56 - 0002554 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL_selection.xml
2014-12-10 09:31 - 2014-12-10 09:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_SF.xml
2014-12-10 09:31 - 2014-12-10 10:49 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_SF_selection.xml
2015-02-21 13:44 - 2015-11-05 17:26 - 0022122 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_03_20_2010_FL.xml
2015-02-21 13:44 - 2015-11-05 17:26 - 0017586 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_03_20_2010_FL_selection.xml
2014-12-15 12:47 - 2014-12-15 12:47 - 0004160 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_10_01_13_SP.xml
2014-12-15 12:47 - 2014-12-15 12:47 - 0003867 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_10_01_13_SP_selection.xml
2015-02-21 13:50 - 2015-11-05 17:27 - 0001988 _____ () C:\Users\LocalUser1\AppData\Roaming\230518_1_03_20_2010_FL.xml
2015-02-21 13:50 - 2015-11-05 17:27 - 0003315 _____ () C:\Users\LocalUser1\AppData\Roaming\230518_1_03_20_2010_FL_selection.xml
2014-12-31 10:12 - 2014-12-31 10:12 - 0026451 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.11_1_03_01_13_FL.xml
2014-12-31 10:12 - 2014-12-31 10:12 - 0020546 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.11_1_03_01_13_FL_selection.xml
2015-03-02 13:16 - 2015-03-02 13:16 - 0040897 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.12_1_03_01_13_SF.xml
2015-03-02 13:16 - 2015-03-02 14:07 - 0032154 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.12_1_03_01_13_SF_selection.xml
2014-12-10 09:02 - 2014-12-10 09:02 - 0072779 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_FL.xml
2014-12-10 09:02 - 2014-12-10 09:13 - 0047675 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_FL_selection.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0044662 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_SF.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0027707 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_SF_selection.xml
2014-12-15 12:48 - 2014-12-15 12:48 - 0069653 _____ () C:\Users\LocalUser1\AppData\Roaming\230523_1_10_01_13_SP.xml
2014-12-15 12:48 - 2014-12-15 12:51 - 0045617 _____ () C:\Users\LocalUser1\AppData\Roaming\230523_1_10_01_13_SP_selection.xml
2015-02-25 11:52 - 2015-11-05 17:28 - 0021361 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_09_01_11_FL.xml
2015-02-25 11:52 - 2015-11-05 17:28 - 0019180 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_09_01_11_FL_selection.xml
2014-12-15 12:52 - 2014-12-15 12:52 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_10_01_13_SP.xml
2014-12-15 12:52 - 2014-12-15 12:52 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_10_01_13_SP_selection.xml
2014-12-15 12:53 - 2014-12-15 12:53 - 0003610 _____ () C:\Users\LocalUser1\AppData\Roaming\230533_1_10_01_13_SP.xml
2014-12-15 12:53 - 2014-12-15 12:53 - 0002767 _____ () C:\Users\LocalUser1\AppData\Roaming\230533_1_10_01_13_SP_selection.xml
2015-02-23 08:34 - 2015-11-05 17:29 - 0049604 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_FL.xml
2015-02-23 08:34 - 2015-11-05 17:29 - 0037886 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_FL_selection.xml
2014-12-10 10:50 - 2015-02-23 08:31 - 0039538 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_SF.xml
2014-12-10 10:50 - 2015-02-23 08:31 - 0028682 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_SF_selection.xml
2015-02-21 14:44 - 2015-11-16 11:44 - 0056846 _____ () C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL.xml
2015-02-21 14:44 - 2015-11-16 11:44 - 0040269 _____ () C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL_selection.xml
2015-10-06 10:41 - 2015-10-06 10:41 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_03_20_2010_FL.xml
2015-10-06 10:41 - 2015-10-06 14:23 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_03_20_2010_FL_selection.xml
2015-02-21 14:51 - 2015-11-05 17:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_09_01_13_FL.xml
2015-02-21 14:51 - 2015-11-05 17:31 - 0000068 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_09_01_13_FL_selection.xml
2014-12-15 12:54 - 2014-12-15 12:54 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_10_01_13_SP.xml
2014-12-15 12:54 - 2014-12-15 12:54 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_10_01_13_SP_selection.xml
2014-12-15 12:58 - 2014-12-15 12:58 - 0026446 _____ () C:\Users\LocalUser1\AppData\Roaming\230700_1_10_01_13_SP.xml
2014-12-15 12:58 - 2014-12-15 13:00 - 0023253 _____ () C:\Users\LocalUser1\AppData\Roaming\230700_1_10_01_13_SP_selection.xml
2015-03-02 10:40 - 2015-11-24 10:20 - 0091865 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL.xml
2015-02-21 13:52 - 2015-11-24 10:20 - 0091222 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL_selection.xml
2015-10-06 12:53 - 2015-10-06 12:53 - 0086967 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_20_2010_FL.xml
2015-10-06 12:53 - 2015-10-06 14:24 - 0087041 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_20_2010_FL_selection.xml
2015-02-21 15:05 - 2015-11-11 13:48 - 0099629 _____ () C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL.xml
2015-03-18 21:28 - 2015-11-11 13:48 - 0115403 _____ () C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL_selection.xml
2014-12-15 13:01 - 2014-12-15 13:01 - 0062397 _____ () C:\Users\LocalUser1\AppData\Roaming\231113_1_10_01_13_SP.xml
2014-12-15 13:01 - 2014-12-15 13:04 - 0042012 _____ () C:\Users\LocalUser1\AppData\Roaming\231113_1_10_01_13_SP_selection.xml
2015-04-06 14:56 - 2015-10-06 13:02 - 0066011 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_09_01_11_FL.xml
2015-04-06 14:56 - 2015-10-06 14:24 - 0061759 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_09_01_11_FL_selection.xml
2014-12-15 13:05 - 2014-12-15 13:05 - 0027873 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_10_01_13_SP.xml
2014-12-15 13:05 - 2014-12-15 13:08 - 0023541 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_10_01_13_SP_selection.xml
2014-12-15 13:09 - 2014-12-15 13:09 - 0036160 _____ () C:\Users\LocalUser1\AppData\Roaming\231126_1_10_01_13_SP.xml
2014-12-15 13:09 - 2014-12-15 13:09 - 0034755 _____ () C:\Users\LocalUser1\AppData\Roaming\231126_1_10_01_13_SP_selection.xml
2015-02-25 16:45 - 2014-12-10 09:21 - 0047375 _____ () C:\Users\LocalUser1\AppData\Roaming\232300_1_12_01_13_FL.xml
2015-02-25 16:45 - 2015-11-11 09:59 - 0041832 _____ () C:\Users\LocalUser1\AppData\Roaming\232300_1_12_01_13_FL_selection.xml
2015-10-08 09:06 - 2015-10-08 09:06 - 0019880 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_06_01_15_FL.xml
2015-10-08 09:06 - 2015-10-08 12:52 - 0016380 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_06_01_15_FL_selection.xml
2015-02-05 07:46 - 2015-11-05 17:35 - 0019143 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_09_01_13_FL.xml
2015-02-05 07:46 - 2015-11-11 09:49 - 0015078 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_09_01_13_FL_selection.xml
2015-02-21 14:25 - 2015-03-18 21:50 - 0013385 _____ () C:\Users\LocalUser1\AppData\Roaming\233116_1_03_01_13_FL.xml
2015-03-18 22:04 - 2015-03-18 22:04 - 0012082 _____ () C:\Users\LocalUser1\AppData\Roaming\233116_1_03_01_13_FL_selection.xml
2015-10-08 12:44 - 2015-10-08 12:44 - 0012682 _____ () C:\Users\LocalUser1\AppData\Roaming\233119_1_03_01_15_FL.xml
2015-10-08 12:44 - 2015-10-08 12:44 - 0010248 _____ () C:\Users\LocalUser1\AppData\Roaming\233119_1_03_01_15_FL_selection.xml
2015-05-27 05:53 - 2015-11-05 17:39 - 0114211 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_FL.xml
2015-02-21 14:26 - 2015-11-05 17:39 - 0079498 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_FL_selection.xml
2015-05-27 09:28 - 2015-05-27 09:28 - 0058276 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_SF.xml
2015-05-27 09:28 - 2015-05-27 09:28 - 0040677 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_SF_selection.xml
2015-10-08 12:45 - 2015-11-25 10:49 - 0091120 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL.xml
2015-10-08 12:45 - 2015-11-25 10:49 - 0062583 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL_selection.xml
2015-11-25 10:40 - 2015-11-25 10:40 - 0005302 _____ () C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL.xml
2015-11-25 10:40 - 2015-11-25 11:06 - 0004695 _____ () C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL_selection.xml
2015-02-22 17:33 - 2015-02-22 17:33 - 0034028 _____ () C:\Users\LocalUser1\AppData\Roaming\233413_1_03_01_13_FL.xml
2015-02-22 17:33 - 2015-03-02 10:42 - 0020411 _____ () C:\Users\LocalUser1\AppData\Roaming\233413_1_03_01_13_FL_selection.xml
2015-02-27 08:26 - 2015-03-18 21:51 - 0020880 _____ () C:\Users\LocalUser1\AppData\Roaming\233416_1_03_01_13_FL.xml
2015-02-27 08:26 - 2015-03-18 21:51 - 0015534 _____ () C:\Users\LocalUser1\AppData\Roaming\233416_1_03_01_13_FL_selection.xml
2015-02-27 09:01 - 2015-11-05 17:40 - 0065708 _____ () C:\Users\LocalUser1\AppData\Roaming\233423_1_03_01_13_FL.xml
2015-02-27 09:01 - 2015-11-05 17:40 - 0038417 _____ () C:\Users\LocalUser1\AppData\Roaming\233423_1_03_01_13_FL_selection.xml
2015-02-22 17:46 - 2015-11-05 17:49 - 0063962 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.13_1_09_01_14_FL.xml
2015-02-22 17:46 - 2015-11-05 17:54 - 0040479 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.13_1_09_01_14_FL_selection.xml
2015-05-27 05:56 - 2015-11-05 17:50 - 0037097 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.23_1_09_01_14_FL.xml
2015-02-25 17:37 - 2015-11-05 17:50 - 0019896 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.23_1_09_01_14_FL_selection.xml
2015-10-06 13:57 - 2015-10-06 13:57 - 0125711 _____ () C:\Users\LocalUser1\AppData\Roaming\233713_1_09_01_11_FL.xml
2015-10-06 13:57 - 2015-10-06 14:25 - 0077818 _____ () C:\Users\LocalUser1\AppData\Roaming\233713_1_09_01_11_FL_selection.xml
2015-02-22 17:47 - 2015-02-22 17:47 - 0008025 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_FL.xml
2015-02-22 17:47 - 2015-03-02 10:44 - 0005889 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_FL_selection.xml
2015-05-27 09:25 - 2015-05-27 09:25 - 0008583 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_SF.xml
2015-05-27 09:25 - 2015-05-28 17:40 - 0006184 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_SF_selection.xml
2015-05-27 06:00 - 2015-05-27 06:00 - 0014035 _____ () C:\Users\LocalUser1\AppData\Roaming\233813_1_03_01_14_SF.xml
2015-05-27 06:00 - 2015-05-27 06:00 - 0010094 _____ () C:\Users\LocalUser1\AppData\Roaming\233813_1_03_01_14_SF_selection.xml
2015-10-06 14:07 - 2015-10-06 14:07 - 0038865 _____ () C:\Users\LocalUser1\AppData\Roaming\235100_1_09_01_11_FL.xml
2015-10-06 14:07 - 2015-10-06 14:25 - 0027062 _____ () C:\Users\LocalUser1\AppData\Roaming\235100_1_09_01_11_FL_selection.xml
2015-03-18 21:56 - 2015-10-06 14:12 - 0001347 _____ () C:\Users\LocalUser1\AppData\Roaming\235116_1_09_01_13_FL.xml
2015-03-18 21:56 - 2015-10-06 14:12 - 0001846 _____ () C:\Users\LocalUser1\AppData\Roaming\235116_1_09_01_13_FL_selection.xml
2015-05-27 06:01 - 2015-05-27 06:01 - 0005270 _____ () C:\Users\LocalUser1\AppData\Roaming\235413_1_03_01_13_SF.xml
2015-05-27 06:01 - 2015-05-27 08:39 - 0004885 _____ () C:\Users\LocalUser1\AppData\Roaming\235413_1_03_01_13_SF_selection.xml
2015-02-27 11:57 - 2015-02-27 11:57 - 0010613 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_FL.xml
2015-02-27 11:57 - 2015-02-27 11:58 - 0008624 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_FL_selection.xml
2015-05-27 06:02 - 2015-05-27 06:02 - 0008805 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_SF.xml
2015-05-27 06:02 - 2015-05-27 06:02 - 0006576 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_SF_selection.xml
2015-02-27 11:58 - 2015-02-27 11:58 - 0005156 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_FL.xml
2015-02-27 11:58 - 2015-02-27 11:58 - 0003609 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_FL_selection.xml
2014-12-10 09:30 - 2014-12-10 09:30 - 0005684 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_SF.xml
2014-12-10 09:30 - 2014-12-12 12:59 - 0003724 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_SF_selection.xml
2015-02-22 17:58 - 2015-02-22 17:58 - 0020268 _____ () C:\Users\LocalUser1\AppData\Roaming\237200_1_09_01_13_FL.xml
2015-02-22 17:58 - 2015-02-22 17:58 - 0015209 _____ () C:\Users\LocalUser1\AppData\Roaming\237200_1_09_01_13_FL_selection.xml
2014-12-10 09:45 - 2014-12-10 09:45 - 0007284 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_03_01_13_SF.xml
2014-12-10 09:45 - 2014-12-12 13:01 - 0004509 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_03_01_13_SF_selection.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 0012904 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 0009503 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL_selection.xml
2015-03-18 22:03 - 2015-04-06 07:25 - 0019535 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_FL.xml
2015-03-18 22:03 - 2015-04-06 07:25 - 0012292 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_FL_selection.xml
2014-12-10 09:25 - 2014-12-10 09:25 - 0004618 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_SF.xml
2014-12-10 09:25 - 2014-12-12 14:43 - 0003193 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_SF_selection.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 0005626 _____ () C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 0003834 _____ () C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL_selection.xml
2015-02-22 18:00 - 2015-11-05 17:44 - 0012332 _____ () C:\Users\LocalUser1\AppData\Roaming\237433_1_03_01_13_FL.xml
2015-02-22 18:00 - 2015-11-05 17:44 - 0008135 _____ () C:\Users\LocalUser1\AppData\Roaming\237433_1_03_01_13_FL_selection.xml
2015-03-18 23:07 - 2015-09-25 07:00 - 0005319 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_FL.xml
2015-03-18 23:07 - 2015-09-25 07:00 - 0003683 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_FL_selection.xml
2015-03-15 18:26 - 2015-03-15 18:41 - 0005848 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_SF.xml
2015-03-15 18:26 - 2015-03-15 18:41 - 0004282 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_SF_selection.xml
2015-09-25 06:50 - 2015-11-16 10:34 - 0003095 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL.xml
2015-09-25 06:50 - 2015-11-16 14:36 - 0002433 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL_selection.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 0002439 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 0002398 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL_selection.xml
2015-05-27 06:03 - 2015-05-27 08:44 - 0007390 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_03_01_13_SF.xml
2015-05-27 06:03 - 2015-05-28 17:44 - 0004789 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_03_01_13_SF_selection.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 0007423 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 0004557 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL_selection.xml
2014-12-15 14:15 - 2015-11-16 10:48 - 0006417 _____ () C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL.xml
2014-12-15 14:15 - 2015-11-16 10:48 - 0004742 _____ () C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL_selection.xml
2015-02-27 08:30 - 2015-05-17 10:27 - 0003468 _____ () C:\Users\LocalUser1\AppData\Roaming\238216.14_1_03_01_13_FL.xml
2015-02-27 08:30 - 2015-05-17 10:27 - 0002695 _____ () C:\Users\LocalUser1\AppData\Roaming\238216.14_1_03_01_13_FL_selection.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 0017669 _____ () C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 0010569 _____ () C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL_selection.xml
2015-02-27 09:32 - 2015-11-05 17:47 - 0006921 _____ () C:\Users\LocalUser1\AppData\Roaming\238233_1_03_01_13_FL.xml
2015-02-27 09:32 - 2015-11-05 17:47 - 0005240 _____ () C:\Users\LocalUser1\AppData\Roaming\238233_1_03_01_13_FL_selection.xml
2015-05-27 09:08 - 2015-05-27 09:08 - 0015088 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.13_1_03_01_13_FL.xml
2015-05-27 09:08 - 2015-05-27 09:10 - 0009403 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.13_1_03_01_13_FL_selection.xml
2015-05-27 09:11 - 2015-05-27 09:11 - 0007396 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_FL.xml
2015-05-27 09:11 - 2015-05-27 09:11 - 0005799 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_FL_selection.xml
2015-05-27 09:12 - 2015-05-27 09:12 - 0002957 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_SF.xml
2015-05-27 09:12 - 2015-05-28 17:46 - 0002579 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_SF_selection.xml
2015-02-27 08:28 - 2015-05-27 09:09 - 0004586 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_FL.xml
2015-02-27 08:28 - 2015-05-27 09:09 - 0003002 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_FL_selection.xml
2015-05-28 17:49 - 2015-05-28 17:49 - 0004586 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_SF.xml
2015-05-28 17:49 - 2015-05-29 07:35 - 0003161 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_SF_selection.xml
2015-02-22 16:17 - 2015-02-22 16:17 - 0019216 _____ () C:\Users\LocalUser1\AppData\Roaming\238316_1_03_01_13_FL.xml
2015-02-22 16:17 - 2015-02-22 16:17 - 0013408 _____ () C:\Users\LocalUser1\AppData\Roaming\238316_1_03_01_13_FL_selection.xml
2014-12-15 14:13 - 2014-12-15 14:13 - 0001938 _____ () C:\Users\LocalUser1\AppData\Roaming\238323_1_03_01_13_FL.xml
2014-12-15 14:13 - 2014-12-15 14:13 - 0001891 _____ () C:\Users\LocalUser1\AppData\Roaming\238323_1_03_01_13_FL_selection.xml
2015-03-19 10:56 - 2015-12-06 17:38 - 0005171 _____ () C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL.xml
2015-03-19 10:56 - 2015-12-06 17:38 - 0003478 _____ () C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL_selection.xml
2014-11-17 00:06 - 2014-11-17 00:06 - 0325960 _____ () C:\Users\LocalUser1\AppData\Roaming\lua5.1.dll
2014-11-17 00:06 - 2014-11-17 00:06 - 0090200 _____ () C:\Users\LocalUser1\AppData\Roaming\uninstall.dat
2014-11-17 00:06 - 2014-11-17 00:06 - 1344512 _____ (Indigo Rose Corporation) C:\Users\LocalUser1\AppData\Roaming\uninstall.exe
2014-11-17 00:06 - 2014-11-17 00:06 - 0005898 _____ () C:\Users\LocalUser1\AppData\Roaming\uninstall.xml
2015-11-05 12:10 - 2015-11-05 12:22 - 0007600 _____ () C:\Users\LocalUser1\AppData\Local\Resmon.ResmonCfg
2014-11-16 21:52 - 2014-11-16 21:52 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

Some files in TEMP:
====================
C:\Users\LocalUser1\AppData\Local\Temp\AcDeltree.exe
C:\Users\LocalUser1\AppData\Local\Temp\ECATENB2.DLL
C:\Users\LocalUser1\AppData\Local\Temp\EDDUVHS.exe
C:\Users\LocalUser1\AppData\Local\Temp\FWRunning.exe
C:\Users\LocalUser1\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\LocalUser1\AppData\Local\Temp\nvStInst.exe
C:\Users\LocalUser1\AppData\Local\Temp\Quarantine.exe
C:\Users\LocalUser1\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-10 14:35

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-12-2015
Ran by LocalSystem (2015-12-11 13:42:15)
Running from E:\
Windows 7 Professional Service Pack 1 (X64) (2014-11-10 06:13:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2625442063-1423468092-266333482-500 - Administrator - Disabled)
Guest (S-1-5-21-2625442063-1423468092-266333482-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-2625442063-1423468092-266333482-1001 - Administrator - Enabled) => C:\Users\LocalAdmin
UpdatusUser (S-1-5-21-2625442063-1423468092-266333482-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2006 ICC Complete Collection® (HKLM-x32\...\{0BD61108-0F51-49AD-B7E0-EF6F531421F5}) (Version: 1.00.0000 - International Code Council®)
AAONECat32 (HKLM-x32\...\AAONECat32) (Version:  - )
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AutoCAD 2014 - English (Version: 19.1.108.0 - Autodesk) Hidden
AutoCAD 2014 - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - English (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 VBA Enabler (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD Architecture-MEP 2014 Object Enabler on AutoCAD 2014 - English - English (United States) (HKLM\...\{0D4428F8-B5B2-4CC2-8AE6-3C646B397CAF}) (Version: 7.5.106.0 - Autodesk, Inc.)
AutoCAD Architecture-MEP 2014 Object Enabler on Autodesk 360 - Language Neutral (HKLM\...\{55184BCA-AF4D-45F5-B89A-743F69E178B2}) (Version: 7.5.106.0 - Autodesk, Inc.)
AutoCAD Architecture-MEP 2014 Object Enabler on DWG TrueView 2014 - Language Neutral (HKLM\...\{206C7D5F-F8AA-4E9C-9728-E19F8FE4AF2E}) (Version: 7.5.106.0 - Autodesk, Inc.)
AutoCAD Architecture-MEP 2014 Object Enabler on Revit 2014 - Language Neutral (HKLM\...\{83D3C040-0424-4A1A-9AB0-896E617A7E0B}) (Version: 7.5.106.0 - Autodesk, Inc.)
Autodesk 360 (HKLM\...\{556966D9-F7F6-421B-9707-D07901604DDF}) (Version: 5.2.3.1000 - Autodesk)
Autodesk AutoCAD 2014 - English (HKLM\...\AutoCAD 2014 - English) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2014 - English SP1 (HKLM\...\AutoCAD 2014 - English SP1) (Version: 1 - Autodesk)
Autodesk AutoCAD 2014 VBA Enabler (HKLM\...\AutoCAD 2014 VBA Enabler) (Version: 19.1.18.0 - Autodesk)
Autodesk Buzzsaw 2013.1.30.6840 (HKLM-x32\...\Autodesk Buzzsaw 2013) (Version: 2013.1.30.6840 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk DWG TrueView 2014 (HKLM\...\DWG TrueView 2014) (Version: 19.1.18.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2014 (HKLM-x32\...\{5C29CC1F-218F-4C30-948A-11066CAC59FB}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2014 (HKLM-x32\...\{A0633D4E-5AF2-4E3E-A70A-FE9C2BD8A958}) (Version: 4.0.19.0 - Autodesk)
Autodesk Revit 2014 (HKLM\...\Autodesk Revit 2014) (Version: 13.07.09211 - Autodesk)
Autodesk Revit 2014 UR1 (HKLM\...\Autodesk Revit 2014 UR1) (Version: 1 - Autodesk)
Autodesk Revit MEP 2014 Space Naming Utility (HKLM-x32\...\{132EDC23-273B-4F14-9BCC-39CE7B729B01}) (Version: 13.03.26211 - Autodesk)
Autodesk Revit Model Review 2014 (HKLM-x32\...\{1216C7BA-E538-4489-86BB-3C547EC55420}) (Version: 13.03.26211 - Autodesk)
Autodesk Workflows 2014 (HKLM\...\{11672AB2-3D48-4D38-9123-719E5FF93333}) (Version: 4.0.19.0 - Autodesk, Inc.)
Batch Print for Autodesk Revit 2014 (HKLM-x32\...\{25C372DC-D8F2-4BFA-936C-0712BE1BE18A}) (Version: 13.03.26211 - Autodesk)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BSD SpecLink-E (HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\649c1d24e211fed9) (Version: 7.0.3.0 - Building Systems Design, Inc.)
CAPS (Engineer) (HKLM-x32\...\CAPS Engineer) (Version:  - Greenheck Fan Corporation)
CAPS Reporting Library (HKLM-x32\...\{B101EBB9-5188-4084-B53C-660C210EBEF7}) (Version: 5.1.5.0 - Greenheck Fan Corporation)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{C1D35D06-E60A-4834-9B52-F1F3E65D03C9}) (Version: 1.0.239 - Citrix)
COMcheck 4.0.2.3 (Current User) (HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\COMcheck 4.0.2.3) (Version:  - )
Compute-A-Fan 9.5 (HKLM-x32\...\{4AB60737-FEFF-45C5-8428-7E23C418BD51}) (Version: 9.5 - Loren Cook Company)
CostWorks 2015 (HKLM-x32\...\{0F88D3C1-B103-416A-9269-5CAE4EF05632}) (Version: 15.19 - RSMeans)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell Data Vault (Version: 1.1.0.6 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Precision Performance Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 01.08.00 - Dell Inc.)
Dell Printer Software (HKLM-x32\...\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}) (Version: 1.00.000 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DWG TrueView 2014 (Version: 19.1.18.0 - Autodesk) Hidden
E-CAT / E20-II Configuration Services 2.21 (HKLM-x32\...\E-CAT / E20-II Configuration Services 2.21) (Version:  - )
E-CAT Enable 2.11 (HKLM-x32\...\E-CAT Enable 2.11) (Version:  - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eTransmit for Autodesk Revit 2014 (HKLM-x32\...\{B77BF93A-B62B-4956-A0BE-FAC61F413F2A}) (Version: 13.05.21155 - Autodesk)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
Global VPN Client (HKLM\...\{88C972E7-D7FC-40F3-9FE5-180957F37B45}) (Version: 4.9.0 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToMeeting 7.4.1.3770 (HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
Hourly Analysis Program 4.90 (HKLM-x32\...\Hourly Analysis Program 4.90) (Version:  - Carrier Corporation)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
Image Rescue 5 (2.0.2) (HKLM-x32\...\Image Rescue 5_is1) (Version: 2.0.2 - Lexar)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 19.0.27.1 (HKLM\...\PROSetDX) (Version: 19.0.27.1 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.7.1000 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
LocalAdmin Windows Fonts (HKLM-x32\...\LocalAdmin Windows Fonts2.2) (Version: 2.2 - Law/Kingdon, Inc.)
Malwarebytes' Managed Client (HKLM-x32\...\{26DC12C3-A2EE-4A57-9458-3029EF8DC315}) (Version: 1.3.1936 - Malwarebytes Corporation)
Masterworks (HKLM-x32\...\Masterworks) (Version: 7.4.0.3 - ARCOM)
Masterworks Paragraph Builder (HKLM-x32\...\{B68DC6A6-09EC-449E-A4F7-1351D997585F}) (Version: 1.2.8 - Arcom)
McAfee Agent (HKLM-x32\...\{1FDB8EC6-BAF1-42F9-8E09-4D9AB369F1B5}) (Version: 4.8.0.887 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access 2010 Runtime Service Pack 1 (SP1) (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}) (Version:  - Microsoft)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM-x32\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 312.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 312.32 - NVIDIA Corporation)
NVIDIA Graphics Driver 312.32 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 312.32 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
OfficeStatus Windows Client (HKLM\...\{B90AEC8E-E797-4A17-B701-1790198DF12D}) (Version: 4.6.271.0 - Key Metric Software)
PostgreSQL 9.2  (x86) (HKLM-x32\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
Request (HKLM-x32\...\{ED1F7EFD-D195-470E-9B04-3F17A5ACABBF}) (Version: 7.003.0106 - )
Revit 2014 (Version: 13.07.09211 - Autodesk) Hidden
Revit 2014 Language Pack - English (Version: 13.03.08151 - Autodesk) Hidden
Revit Extensions for Autodesk Revit 2014 (HKLM\...\{FA266F69-5373-4127-8825-268D22E3F435}) (Version: 1.0.0.0 - Autodesk)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
SpecBuilder Desktop (HKLM-x32\...\SpecBuilder Desktop) (Version: 1.5.571.8260 - ARCOM)
SSN Librarian (HKLM-x32\...\{8EA724D7-5FE2-44E8-9E63-CA69355258AF}) (Version: 2.3.3 - Carrier Corporation)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
Titus Revit 2010 Content Browser 32-bit (HKLM-x32\...\{6D397FB0-6296-4DBA-849B-78F5A2A9F7DF}) (Version: 2.10.1000 - CADWorks)
TRACE 700 (HKLM-x32\...\{D83309BB-4323-4689-9786-D86D735650C3}) (Version: 6.3.2.2 - Trane)
TRACE 700 (x32 Version: 6.3.1.0 - Trane) Hidden
TRACE 700 (x32 Version: 6.3.1.2 - Trane) Hidden
Trane Report Framework (HKLM-x32\...\{224C717E-8EC1-4DA5-8C9A-76A17955E81D}) (Version: 2.0.0 - Trane)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Worksharing Monitor for Autodesk Revit 2014 (HKLM-x32\...\{F6962134-5795-48E2-85A4-F312AA300A4C}) (Version: 13.03.26211 - Autodesk)
X Builder Framework 1.05s (HKLM-x32\...\X Builder Framework 1.05s) (Version:  - )
XBuilder Tag Grid 1.0 (HKLM-x32\...\{8814F01A-66A3-4A5F-899A-FFEA12633963}) (Version: 1.0.18 - Carrier Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2014\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\ADesk2k14\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> C:\ADesk2k14\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\LocalSystem\AppData\Local\Citrix\GoToMeeting\2759\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\ADesk2k14\AutoCAD 2014\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2857191529-4038278520-3241676031-3670_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\ADesk2k14\AutoCAD 2014\en-US\acadficn.dll (Autodesk, Inc.)

==================== Restore Points =========================

09-11-2015 11:18:52 Installed Microsoft Visual C++ 2005 Redistributable
09-11-2015 11:53:39 Installed TRACE 700
30-11-2015 08:47:57 Scheduled Checkpoint
10-12-2015 14:42:08 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-16 19:27 - 00000989 ____A C:\Windows\system32\Drivers\etc\hosts

192.168.100.251 LocalAdmin2
192.168.100.151 LocalAdmin-web
192.168.100.149 acct3
192.168.100.241 LocalAdminweb
192.168.100.242 LocalAdminexch2
192.168.101.25 fs2
192.168.100.66 LocalAdminstrg1

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3EE4AC14-308F-40C2-B81C-AADBDFFF9E95} - System32\Tasks\G2MUpdateTask-S-1-5-21-2857191529-4038278520-3241676031-3670 => C:\Users\LocalSystem\AppData\Local\Citrix\GoToMeeting\3770\g2mupdate.exe [2015-10-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {50351E38-562C-4456-8744-58F3D650005F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {602BC6B9-C6C5-45F4-963A-33513E61D127} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {6D36B691-8A58-4A04-84A4-DF97BBD8A99D} - System32\Tasks\G2MUploadTask-S-1-5-21-2857191529-4038278520-3241676031-3670 => C:\Users\LocalSystem\AppData\Local\Citrix\GoToMeeting\3770\g2mupload.exe [2015-10-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {72885428-6922-4941-AA5E-A31C6A29F2EB} - System32\Tasks\{3FD55BB7-CAFF-47E2-B3A2-38666D297968} => pcalua.exe -a C:\Users\LocalSystem\Downloads\vstor_redist.exe -d C:\Users\LocalSystem\Downloads
Task: {807504F9-93F2-4E23-8C93-66C07C9EC498} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {AAC58C91-A721-4432-9BE9-257DCE2D9DC8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {FD67E8C1-0DF0-46FE-A860-98877F304FB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job => C:\Users\LocalSystem\AppData\Local\Citrix\GoToMeeting\3770\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job => C:\Users\LocalSystem\AppData\Local\Citrix\GoToMeeting\3770\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-11-17 12:06 - 2013-08-07 12:05 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-22 09:28 - 2012-08-07 07:18 - 00002560 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLT-2.XRS
2014-10-22 09:28 - 2012-08-07 07:18 - 00205824 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\DLHLSZLS-2.XRS
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-17 11:04 - 2013-08-08 04:37 - 00004096 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-10-22 07:55 - 2014-03-12 11:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-22 07:55 - 2014-03-12 11:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-10-22 07:55 - 2014-03-12 11:22 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-11-17 12:06 - 2013-08-08 04:37 - 00496928 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2014-08-28 04:09 - 2014-08-28 04:09 - 00232328 _____ () C:\Program Files\Autodesk\Autodesk Sync\qjson_Ad_0.dll
2014-08-28 04:09 - 2014-08-28 04:09 - 00059784 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2014-08-28 04:09 - 2014-08-28 04:09 - 00922504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2014-08-28 04:09 - 2014-08-28 04:09 - 00048520 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2014-05-21 11:14 - 2014-05-21 11:14 - 00466944 _____ () C:\Program Files\Key Metric Software\OfficeStatus Windows Client\OfficeStatus.WinClient.XmlSerializers.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3266
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3318
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3419
AlternateDataStreams: C:\Users\LocalSystem\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\LocalSystem\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\LocalSystem\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2857191529-4038278520-3241676031-3670\Control Panel\Desktop\\Wallpaper -> C:\Users\LocalSystem\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.16 - 68.105.29.16
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FDB3D806-720C-487B-A2A6-1DFBAB1650E8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{9665EA54-DC56-4FA2-8994-81F9277A268E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{64668891-CA5D-4D09-8249-76AB0914989E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{08347F43-C1B6-4CDA-9872-ECC30E84C1C8}] => (Allow) LPort=50248
FirewallRules: [{E246AD9E-5581-426A-9FE4-D7014411FD7D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{13F90867-E0BD-42D0-8AFB-633FA1BD74CF}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{2F5CD9B5-1019-43E2-8D6B-492C3F47EA0C}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{DDB7421D-59CE-4D0F-9FA5-9DA2145FFF73}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{3E0BFE0C-8896-4CBA-B039-1C3F82449F1D}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{62DDE016-1A68-4C1D-90DA-D8661E3622E4}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{0072D922-D29F-4442-87E5-848F6F24F61F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{176EF245-30C7-48AE-B6EC-C0BB07C72A89}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{9DE625AE-BC8F-41E0-B6A0-41343151E712}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [UDP Query User{46E09671-B355-40AF-8931-BFAC128A576A}C:\program files\dell sonicwall\global vpn client\swgvc.exe] => (Allow) C:\program files\dell sonicwall\global vpn client\swgvc.exe
FirewallRules: [{1A2A38E1-74AC-4BF7-9B51-540B725DB6E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A42E58FA-BED3-48F6-8A02-EC8C7332B85E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C6DF9070-0705-4CB7-B47D-05EF5972EBCB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{534C5C17-C1D4-4674-80C1-5E920A913A8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{15D8DBC6-9796-4F21-8ED8-F610CA59F34A}C:\program files (x86)\common files\ips\exe\kawpdft.exe] => (Allow) C:\program files (x86)\common files\ips\exe\kawpdft.exe
FirewallRules: [UDP Query User{D80B3E7A-D633-420D-8E6B-D63CE1610B1E}C:\program files (x86)\common files\ips\exe\kawpdft.exe] => (Allow) C:\program files (x86)\common files\ips\exe\kawpdft.exe
FirewallRules: [{DC6ECF52-B3DB-41CF-826A-CB12995CE578}] => (Allow) C:\Program Files (x86)\Trane\System Analyzer\Calculation Engine\rteng7.exe
FirewallRules: [{ECF24D9E-01B6-428A-9077-E2B48AB66D2F}] => (Allow) C:\Program Files (x86)\Trane\System Analyzer\Calculation Engine\rteng7.exe
FirewallRules: [{980CA4C7-D9DA-4996-8864-3D14C2E9EA0B}] => (Allow) C:\Program Files (x86)\Trane\System Analyzer\Calculation Engine\dbeng7.exe
FirewallRules: [{7E164AC4-82EF-4B0A-B156-37B7C120BC37}] => (Allow) C:\Program Files (x86)\Trane\System Analyzer\Calculation Engine\dbeng7.exe
FirewallRules: [{BA5C9C6E-9621-4E47-B624-A3282807AE0F}] => (Allow) C:\Program Files (x86)\Trane\TRACE 700\rteng7.exe
FirewallRules: [{AA3FF1EE-273D-48C4-8D58-E572CD452AD8}] => (Allow) C:\Program Files (x86)\Trane\TRACE 700\rteng7.exe
FirewallRules: [{DC67E399-109A-42A3-8639-14C0545F2449}] => (Allow) C:\Program Files (x86)\Trane\TRACE 700\dbeng7.exe
FirewallRules: [{B46018A3-A6F7-4AD9-B109-BEF20CE3CC21}] => (Allow) C:\Program Files (x86)\Trane\TRACE 700\dbeng7.exe
FirewallRules: [TCP Query User{77C236C4-9F0B-4D62-B776-F6CDB9AEA553}C:\program files (x86)\trane\trace 700\rteng7.exe] => (Allow) C:\program files (x86)\trane\trace 700\rteng7.exe
FirewallRules: [UDP Query User{5971C190-22F3-4D29-AE03-72B8ACB6E173}C:\program files (x86)\trane\trace 700\rteng7.exe] => (Allow) C:\program files (x86)\trane\trace 700\rteng7.exe
FirewallRules: [{B08A1B39-1907-4D27-8BAC-2D28029DB2C5}] => (Allow) LPort=24158
FirewallRules: [{F68198F8-440E-4194-9E7B-634934AB1AF2}] => (Allow) C:\Users\LocalSystem\AppData\Local\Temp\nsx18D9.tmp\Installer-10701264.exe
FirewallRules: [{7341C047-A431-4FF3-A6E9-F92637B448C5}] => (Allow) C:\Users\LocalSystem\AppData\Local\Temp\nsx18D9.tmp\Installer-10701264.exe
FirewallRules: [{A1EBF56B-D93F-4624-8A3D-280A04B8AC99}] => (Allow) LPort=5432
FirewallRules: [{11439538-CA02-4E55-84DD-E86E54E6D447}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3BE16CD-8687-49BF-8C4F-A546940C5CA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DE56F915-0802-44F5-8658-54A54A884CB3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62480781-FF68-4461-805F-3E25E6CFD103}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EEF775E0-323F-4E10-B89B-7C2E29C3A347}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C14E15B8-376A-4D94-BCB9-775C2989A0E9}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\Shadow Copy Optimization Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {069877e5-ea8d-4ae8-b6f4-9af2c678c93b}

Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\ASR Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {dbd99b09-dca4-4b76-b0aa-b2f9568d6d60}

Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator

Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\COM+ REGDB Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
   Writer Name: COM+ REGDB Writer
   Writer Instance ID: {9472e847-fc4b-43f6-ae60-e45bb495ec6d}

Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\Registry Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {5c6559a2-d868-4532-b386-03d250fff3a2}

Error: (12/11/2015 01:42:18 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssapiPublisher,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initialize For Backup

Error: (12/11/2015 10:34:12 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\BITS Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {4969d978-be47-48b0-b100-f328f07ac1e0}
   Writer Name: BITS Writer
   Writer Instance ID: {22830dab-6a34-409e-aa45-e66c17535ec6}

Error: (12/11/2015 10:33:33 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegCreateKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag\MSSearch Service Writer,...).  hr = 0x80070002, The system cannot find the file specified.
.

Operation:
   Initializing Writer

Context:
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {bd57f0e7-c09a-4f2a-991e-e79932cd5522}

Error: (12/11/2015 10:33:31 AM) (Source: SCComm) (EventID: 0) (User: )
Description: System.UnauthorizedAccessException: Access to the temp directory is denied.  Identity 'NT AUTHORITY\SYSTEM' under which XmlSerializer is running does not have sufficient permission to access the temp directory.  CodeDom will use the user account the process is using to do the compilation, so if the user doesnt have access to system temp directory, you will not be able to compile.  Use Path.GetTempPath() API to find out the temp directory location.
   at System.Xml.Serialization.Compiler.Compile(Assembly parent, String ns, XmlSerializerCompilerParameters xmlParameters, Evidence evidence)
   at System.Xml.Serialization.TempAssembly.GenerateAssembly(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, Evidence evidence, XmlSerializerCompilerParameters parameters, Assembly assembly, Hashtable assemblies)
   at System.Xml.Serialization.TempAssembly..ctor(XmlMapping[] xmlMappings, Type[] types, String defaultNamespace, String location, Evidence evidence)
   at System.Xml.Serialization.XmlSerializer.GetSerializersFromCache(XmlMapping[] mappings, Type type)
   at System.Xml.Serialization.XmlSerializer.FromMappings(XmlMapping[] mappings, Type type)
   at System.Web.Services.Protocols.SoapClientType..ctor(Type type)
   at System.Web.Services.Protocols.SoapHttpClientProtocol..ctor()
   at Microsoft.Web.Services3.WebServicesClientProtocol..ctor()
   at SC.Client.SCComm.SCClientService..ctor()
   at SC.Client.SCComm.ClientCommunicator..ctor()
   at SC.Client.SCComm.ClientCommunicator.get_Instance()
   at SC.Client.SCComm.ClientCommService.StartCommService()
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (12/11/2015 10:32:07 AM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

System errors:
=============
Error: (12/11/2015 01:27:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/11/2015 10:47:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/11/2015 10:47:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\LocalSystem\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/11/2015 10:47:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/11/2015 10:47:10 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\LocalSystem\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/11/2015 10:47:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/11/2015 10:47:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\LocalSystem\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/11/2015 10:47:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/11/2015 10:47:09 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\LocalSystem\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/11/2015 10:47:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

==================== Memory info ===========================

Processor: Intel® Core™ i7-4910MQ CPU @ 2.90GHz
Percentage of memory in use: 19%
Total physical RAM: 16289.21 MB
Available physical RAM: 13039.44 MB
Total Virtual: 32576.61 MB
Available Virtual: 28267.69 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:686.19 GB) NTFS
Drive e: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: C372B3FE)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 965 MB) (Disk ID: 3F15EBB2)
Partition 1: (Active) - (Size=962 MB) - (Type=06)

==================== End of Addition.txt ============================



#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 11 December 2015 - 03:07 PM

Hello A P Bustraan,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.

  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware

With some infections, you may see two messages boxes.

  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Do you know what this is:

==================== Files in the root of some directories =======

2014-12-10 09:10 - 2014-12-10 09:10 - 0008734 _____ () C:\Users\LocalUser1\AppData\Roaming\071800_1_06_01_14_FL.xml
2014-12-10 09:10 - 2014-12-10 09:11 - 0005136 _____ () C:\Users\LocalUser1\AppData\Roaming\071800_1_06_01_14_FL_selection.xml
2015-11-16 15:29 - 2015-12-06 17:29 - 0070411 _____ () C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL.xml
2015-11-16 15:29 - 2015-12-06 17:33 - 0049309 _____ () C:\Users\LocalUser1\AppData\Roaming\077200_1_06_01_13_FL_selection.xml
2015-11-24 10:39 - 2015-12-07 09:08 - 0094526 _____ () C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL.xml
2015-11-24 10:39 - 2015-12-07 09:08 - 0055446 _____ () C:\Users\LocalUser1\AppData\Roaming\089119_1_03_20_2010_FL_selection.xml
2015-05-27 09:30 - 2015-05-27 09:30 - 0012410 _____ () C:\Users\LocalUser1\AppData\Roaming\089516_1_03_20_2010_SF.xml
2015-05-27 09:30 - 2015-05-28 17:04 - 0007911 _____ () C:\Users\LocalUser1\AppData\Roaming\089516_1_03_20_2010_SF_selection.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\210518_1_03_20_2010_SF.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\210518_1_03_20_2010_SF_selection.xml
2015-04-06 16:26 - 2015-04-06 16:26 - 0057544 _____ () C:\Users\LocalUser1\AppData\Roaming\211313_1_09_01_13_FL.xml
2015-04-06 16:26 - 2015-04-07 08:26 - 0050790 _____ () C:\Users\LocalUser1\AppData\Roaming\211313_1_09_01_13_FL_selection.xml
2014-12-10 10:21 - 2014-12-10 10:21 - 0002986 _____ () C:\Users\LocalUser1\AppData\Roaming\220517_1_03_20_2010_SF.xml
2014-12-10 10:21 - 2014-12-10 10:26 - 0002377 _____ () C:\Users\LocalUser1\AppData\Roaming\220517_1_03_20_2010_SF_selection.xml
2015-10-06 08:49 - 2015-10-06 08:49 - 0368966 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_03_20_2010_FL.xml
2015-10-06 08:49 - 2015-10-06 08:57 - 0285060 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_03_20_2010_FL_selection.xml
2014-12-15 10:48 - 2014-12-15 10:48 - 0059797 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_10_01_13_SP.xml
2014-12-15 10:48 - 2014-12-15 12:49 - 0040345 _____ () C:\Users\LocalUser1\AppData\Roaming\220523_1_10_01_13_SP_selection.xml
2015-10-06 08:56 - 2015-10-06 08:56 - 0057731 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_03_20_2010_FL.xml
2015-10-06 08:56 - 2015-10-06 14:22 - 0044591 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_03_20_2010_FL_selection.xml
2014-12-15 11:02 - 2014-12-15 11:02 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_10_01_13_SP.xml
2014-12-15 11:02 - 2014-12-15 11:02 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\220529_1_10_01_13_SP_selection.xml
2014-12-15 11:04 - 2014-12-15 11:04 - 0004148 _____ () C:\Users\LocalUser1\AppData\Roaming\220533_1_10_01_13_SP.xml
2014-12-15 11:04 - 2014-12-15 11:05 - 0003025 _____ () C:\Users\LocalUser1\AppData\Roaming\220533_1_10_01_13_SP_selection.xml
2014-12-30 09:13 - 2014-12-30 09:13 - 0052398 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_09_01_11_FL.xml
2014-12-30 09:13 - 2014-12-30 09:13 - 0042009 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_09_01_11_FL_selection.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0039428 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_10_01_13_SP.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0031448 _____ () C:\Users\LocalUser1\AppData\Roaming\220548_1_10_01_13_SP_selection.xml
2014-12-15 11:06 - 2014-12-15 11:06 - 0017638 _____ () C:\Users\LocalUser1\AppData\Roaming\220553_1_10_01_13_SP.xml
2014-12-15 11:06 - 2014-12-15 11:07 - 0011168 _____ () C:\Users\LocalUser1\AppData\Roaming\220553_1_10_01_13_SP_selection.xml
2014-12-15 11:08 - 2014-12-15 11:08 - 0031866 _____ () C:\Users\LocalUser1\AppData\Roaming\220700_1_10_01_13_SP.xml
2014-12-15 11:08 - 2014-12-15 11:11 - 0028812 _____ () C:\Users\LocalUser1\AppData\Roaming\220700_1_10_01_13_SP_selection.xml
2015-10-06 09:03 - 2015-10-06 09:03 - 0072138 _____ () C:\Users\LocalUser1\AppData\Roaming\220719_1_03_20_2010_FL.xml
2015-10-06 09:03 - 2015-10-06 14:22 - 0073300 _____ () C:\Users\LocalUser1\AppData\Roaming\220719_1_03_20_2010_FL_selection.xml
2014-12-15 11:11 - 2014-12-15 11:11 - 0035094 _____ () C:\Users\LocalUser1\AppData\Roaming\221113_1_10_01_13_SP.xml
2014-12-15 11:11 - 2014-12-15 11:19 - 0025381 _____ () C:\Users\LocalUser1\AppData\Roaming\221113_1_10_01_13_SP_selection.xml
2014-12-15 11:20 - 2014-12-15 11:20 - 0003661 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_10_01_13_SP.xml
2014-12-15 11:20 - 2014-12-15 11:20 - 0003838 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_10_01_13_SP_selection.xml
2015-10-06 09:40 - 2015-10-06 09:40 - 0035319 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_12_01_12_FL.xml
2015-10-06 09:40 - 2015-10-06 14:22 - 0032643 _____ () C:\Users\LocalUser1\AppData\Roaming\221116_1_12_01_12_FL_selection.xml
2014-12-15 11:21 - 2014-12-15 11:29 - 0060461 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_10_01_13_SP.xml
2014-12-15 11:21 - 2014-12-15 11:38 - 0041744 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_10_01_13_SP_selection.xml
2015-10-06 09:51 - 2015-10-06 09:51 - 0204571 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_12_01_12_FL.xml
2015-10-06 09:51 - 2015-10-06 14:23 - 0158902 _____ () C:\Users\LocalUser1\AppData\Roaming\221119_1_12_01_12_FL_selection.xml
2014-12-15 11:41 - 2014-12-15 11:41 - 0005852 _____ () C:\Users\LocalUser1\AppData\Roaming\221123_1_10_01_13_SP.xml
2014-12-15 11:41 - 2014-12-15 11:42 - 0004733 _____ () C:\Users\LocalUser1\AppData\Roaming\221123_1_10_01_13_SP_selection.xml
2014-12-15 11:44 - 2014-12-15 11:44 - 0006827 _____ () C:\Users\LocalUser1\AppData\Roaming\221313_1_10_01_13_SP.xml
2014-12-15 11:44 - 2014-12-15 11:45 - 0005131 _____ () C:\Users\LocalUser1\AppData\Roaming\221313_1_10_01_13_SP_selection.xml
2014-12-15 11:45 - 2014-12-15 11:45 - 0005252 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_10_01_13_SP.xml
2014-12-15 11:45 - 2014-12-15 11:47 - 0004382 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_10_01_13_SP_selection.xml
2015-10-06 09:55 - 2015-10-06 09:55 - 0040602 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_FL.xml
2015-10-06 09:55 - 2015-10-06 14:23 - 0032611 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_FL_selection.xml
2014-12-10 10:29 - 2015-05-21 14:56 - 0015089 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_SF.xml
2014-12-10 10:29 - 2015-05-21 14:56 - 0011339 _____ () C:\Users\LocalUser1\AppData\Roaming\221316_1_12_01_12_SF_selection.xml
2014-12-10 10:30 - 2015-05-21 14:56 - 0032001 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_03_01_13_SF.xml
2014-12-15 11:47 - 2014-12-15 11:47 - 0047525 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_10_01_13_SP.xml
2014-12-15 11:47 - 2014-12-15 11:51 - 0038113 _____ () C:\Users\LocalUser1\AppData\Roaming\221319_1_10_01_13_SP_selection.xml
2014-12-15 11:52 - 2014-12-15 11:52 - 0010018 _____ () C:\Users\LocalUser1\AppData\Roaming\221353_1_10_01_13_SP.xml
2014-12-15 11:52 - 2014-12-15 11:53 - 0009407 _____ () C:\Users\LocalUser1\AppData\Roaming\221353_1_10_01_13_SP_selection.xml
2014-12-15 11:43 - 2014-12-15 11:43 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_10_01_13_SP.xml
2014-12-15 11:43 - 2014-12-15 11:43 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_10_01_13_SP_selection.xml
2014-12-10 10:44 - 2014-12-10 10:44 - 0012283 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_12_01_12_SF.xml
2014-12-10 10:44 - 2014-12-10 10:44 - 0010442 _____ () C:\Users\LocalUser1\AppData\Roaming\221413_1_12_01_12_SF_selection.xml
2014-12-15 11:54 - 2014-12-15 11:54 - 0050233 _____ () C:\Users\LocalUser1\AppData\Roaming\221423_1_10_01_13_SP.xml
2014-12-15 11:54 - 2014-12-15 12:08 - 0036993 _____ () C:\Users\LocalUser1\AppData\Roaming\221423_1_10_01_13_SP_selection.xml
2014-12-15 12:09 - 2014-12-15 12:09 - 0016608 _____ () C:\Users\LocalUser1\AppData\Roaming\221429_1_10_01_13_SP.xml
2014-12-15 12:09 - 2014-12-15 12:11 - 0009853 _____ () C:\Users\LocalUser1\AppData\Roaming\221429_1_10_01_13_SP_selection.xml
2014-12-15 12:12 - 2014-12-15 12:12 - 0006736 _____ () C:\Users\LocalUser1\AppData\Roaming\223100_1_10_01_13_SP.xml
2014-12-15 12:12 - 2014-12-15 12:12 - 0004206 _____ () C:\Users\LocalUser1\AppData\Roaming\223100_1_10_01_13_SP_selection.xml
2014-12-15 12:13 - 2014-12-15 12:13 - 0018865 _____ () C:\Users\LocalUser1\AppData\Roaming\223300_1_10_01_13_SP.xml
2014-12-15 12:13 - 2014-12-15 12:14 - 0011830 _____ () C:\Users\LocalUser1\AppData\Roaming\223300_1_10_01_13_SP_selection.xml
2014-12-15 12:15 - 2014-12-15 12:15 - 0028804 _____ () C:\Users\LocalUser1\AppData\Roaming\223400_1_10_01_13_SP.xml
2014-12-15 12:15 - 2014-12-15 12:18 - 0019491 _____ () C:\Users\LocalUser1\AppData\Roaming\223400_1_10_01_13_SP_selection.xml
2014-12-15 12:18 - 2014-12-15 12:18 - 0273126 _____ () C:\Users\LocalUser1\AppData\Roaming\224000_1_10_01_13_SP.xml
2014-12-15 12:18 - 2014-12-15 12:43 - 0192185 _____ () C:\Users\LocalUser1\AppData\Roaming\224000_1_10_01_13_SP_selection.xml
2014-12-15 12:45 - 2014-12-15 12:45 - 0006877 _____ () C:\Users\LocalUser1\AppData\Roaming\224716_1_10_01_13_SP.xml
2014-12-15 12:45 - 2014-12-15 12:46 - 0005196 _____ () C:\Users\LocalUser1\AppData\Roaming\224716_1_10_01_13_SP_selection.xml
2014-12-10 09:31 - 2014-12-10 09:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230130.51_1_03_20_2010_SF.xml
2014-12-10 09:31 - 2014-12-10 10:47 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230130.51_1_03_20_2010_SF_selection.xml
2015-10-29 08:21 - 2015-11-16 10:56 - 0002929 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL.xml
2015-02-21 12:45 - 2015-11-16 10:56 - 0002554 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_FL_selection.xml
2014-12-10 09:31 - 2014-12-10 09:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_SF.xml
2014-12-10 09:31 - 2014-12-10 10:49 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230513_1_09_01_11_SF_selection.xml
2015-02-21 13:44 - 2015-11-05 17:26 - 0022122 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_03_20_2010_FL.xml
2015-02-21 13:44 - 2015-11-05 17:26 - 0017586 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_03_20_2010_FL_selection.xml
2014-12-15 12:47 - 2014-12-15 12:47 - 0004160 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_10_01_13_SP.xml
2014-12-15 12:47 - 2014-12-15 12:47 - 0003867 _____ () C:\Users\LocalUser1\AppData\Roaming\230517_1_10_01_13_SP_selection.xml
2015-02-21 13:50 - 2015-11-05 17:27 - 0001988 _____ () C:\Users\LocalUser1\AppData\Roaming\230518_1_03_20_2010_FL.xml
2015-02-21 13:50 - 2015-11-05 17:27 - 0003315 _____ () C:\Users\LocalUser1\AppData\Roaming\230518_1_03_20_2010_FL_selection.xml
2014-12-31 10:12 - 2014-12-31 10:12 - 0026451 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.11_1_03_01_13_FL.xml
2014-12-31 10:12 - 2014-12-31 10:12 - 0020546 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.11_1_03_01_13_FL_selection.xml
2015-03-02 13:16 - 2015-03-02 13:16 - 0040897 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.12_1_03_01_13_SF.xml
2015-03-02 13:16 - 2015-03-02 14:07 - 0032154 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.12_1_03_01_13_SF_selection.xml
2014-12-10 09:02 - 2014-12-10 09:02 - 0072779 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_FL.xml
2014-12-10 09:02 - 2014-12-10 09:13 - 0047675 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_FL_selection.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0044662 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_SF.xml
2014-12-10 09:22 - 2014-12-10 09:22 - 0027707 _____ () C:\Users\LocalUser1\AppData\Roaming\230523.13_1_03_01_13_SF_selection.xml
2014-12-15 12:48 - 2014-12-15 12:48 - 0069653 _____ () C:\Users\LocalUser1\AppData\Roaming\230523_1_10_01_13_SP.xml
2014-12-15 12:48 - 2014-12-15 12:51 - 0045617 _____ () C:\Users\LocalUser1\AppData\Roaming\230523_1_10_01_13_SP_selection.xml
2015-02-25 11:52 - 2015-11-05 17:28 - 0021361 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_09_01_11_FL.xml
2015-02-25 11:52 - 2015-11-05 17:28 - 0019180 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_09_01_11_FL_selection.xml
2014-12-15 12:52 - 2014-12-15 12:52 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_10_01_13_SP.xml
2014-12-15 12:52 - 2014-12-15 12:52 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230529_1_10_01_13_SP_selection.xml
2014-12-15 12:53 - 2014-12-15 12:53 - 0003610 _____ () C:\Users\LocalUser1\AppData\Roaming\230533_1_10_01_13_SP.xml
2014-12-15 12:53 - 2014-12-15 12:53 - 0002767 _____ () C:\Users\LocalUser1\AppData\Roaming\230533_1_10_01_13_SP_selection.xml
2015-02-23 08:34 - 2015-11-05 17:29 - 0049604 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_FL.xml
2015-02-23 08:34 - 2015-11-05 17:29 - 0037886 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_FL_selection.xml
2014-12-10 10:50 - 2015-02-23 08:31 - 0039538 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_SF.xml
2014-12-10 10:50 - 2015-02-23 08:31 - 0028682 _____ () C:\Users\LocalUser1\AppData\Roaming\230548.13_1_09_01_11_SF_selection.xml
2015-02-21 14:44 - 2015-11-16 11:44 - 0056846 _____ () C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL.xml
2015-02-21 14:44 - 2015-11-16 11:44 - 0040269 _____ () C:\Users\LocalUser1\AppData\Roaming\230553_1_03_01_13_FL_selection.xml
2015-10-06 10:41 - 2015-10-06 10:41 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_03_20_2010_FL.xml
2015-10-06 10:41 - 2015-10-06 14:23 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_03_20_2010_FL_selection.xml
2015-02-21 14:51 - 2015-11-05 17:31 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_09_01_13_FL.xml
2015-02-21 14:51 - 2015-11-05 17:31 - 0000068 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_09_01_13_FL_selection.xml
2014-12-15 12:54 - 2014-12-15 12:54 - 0000101 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_10_01_13_SP.xml
2014-12-15 12:54 - 2014-12-15 12:54 - 0000112 _____ () C:\Users\LocalUser1\AppData\Roaming\230593_1_10_01_13_SP_selection.xml
2014-12-15 12:58 - 2014-12-15 12:58 - 0026446 _____ () C:\Users\LocalUser1\AppData\Roaming\230700_1_10_01_13_SP.xml
2014-12-15 12:58 - 2014-12-15 13:00 - 0023253 _____ () C:\Users\LocalUser1\AppData\Roaming\230700_1_10_01_13_SP_selection.xml
2015-03-02 10:40 - 2015-11-24 10:20 - 0091865 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL.xml
2015-02-21 13:52 - 2015-11-24 10:20 - 0091222 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_01_11_FL_selection.xml
2015-10-06 12:53 - 2015-10-06 12:53 - 0086967 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_20_2010_FL.xml
2015-10-06 12:53 - 2015-10-06 14:24 - 0087041 _____ () C:\Users\LocalUser1\AppData\Roaming\230713_1_03_20_2010_FL_selection.xml
2015-02-21 15:05 - 2015-11-11 13:48 - 0099629 _____ () C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL.xml
2015-03-18 21:28 - 2015-11-11 13:48 - 0115403 _____ () C:\Users\LocalUser1\AppData\Roaming\230719_1_03_20_2010_FL_selection.xml
2014-12-15 13:01 - 2014-12-15 13:01 - 0062397 _____ () C:\Users\LocalUser1\AppData\Roaming\231113_1_10_01_13_SP.xml
2014-12-15 13:01 - 2014-12-15 13:04 - 0042012 _____ () C:\Users\LocalUser1\AppData\Roaming\231113_1_10_01_13_SP_selection.xml
2015-04-06 14:56 - 2015-10-06 13:02 - 0066011 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_09_01_11_FL.xml
2015-04-06 14:56 - 2015-10-06 14:24 - 0061759 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_09_01_11_FL_selection.xml
2014-12-15 13:05 - 2014-12-15 13:05 - 0027873 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_10_01_13_SP.xml
2014-12-15 13:05 - 2014-12-15 13:08 - 0023541 _____ () C:\Users\LocalUser1\AppData\Roaming\231123_1_10_01_13_SP_selection.xml
2014-12-15 13:09 - 2014-12-15 13:09 - 0036160 _____ () C:\Users\LocalUser1\AppData\Roaming\231126_1_10_01_13_SP.xml
2014-12-15 13:09 - 2014-12-15 13:09 - 0034755 _____ () C:\Users\LocalUser1\AppData\Roaming\231126_1_10_01_13_SP_selection.xml
2015-02-25 16:45 - 2014-12-10 09:21 - 0047375 _____ () C:\Users\LocalUser1\AppData\Roaming\232300_1_12_01_13_FL.xml
2015-02-25 16:45 - 2015-11-11 09:59 - 0041832 _____ () C:\Users\LocalUser1\AppData\Roaming\232300_1_12_01_13_FL_selection.xml
2015-10-08 09:06 - 2015-10-08 09:06 - 0019880 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_06_01_15_FL.xml
2015-10-08 09:06 - 2015-10-08 12:52 - 0016380 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_06_01_15_FL_selection.xml
2015-02-05 07:46 - 2015-11-05 17:35 - 0019143 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_09_01_13_FL.xml
2015-02-05 07:46 - 2015-11-11 09:49 - 0015078 _____ () C:\Users\LocalUser1\AppData\Roaming\233113_1_09_01_13_FL_selection.xml
2015-02-21 14:25 - 2015-03-18 21:50 - 0013385 _____ () C:\Users\LocalUser1\AppData\Roaming\233116_1_03_01_13_FL.xml
2015-03-18 22:04 - 2015-03-18 22:04 - 0012082 _____ () C:\Users\LocalUser1\AppData\Roaming\233116_1_03_01_13_FL_selection.xml
2015-10-08 12:44 - 2015-10-08 12:44 - 0012682 _____ () C:\Users\LocalUser1\AppData\Roaming\233119_1_03_01_15_FL.xml
2015-10-08 12:44 - 2015-10-08 12:44 - 0010248 _____ () C:\Users\LocalUser1\AppData\Roaming\233119_1_03_01_15_FL_selection.xml
2015-05-27 05:53 - 2015-11-05 17:39 - 0114211 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_FL.xml
2015-02-21 14:26 - 2015-11-05 17:39 - 0079498 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_FL_selection.xml
2015-05-27 09:28 - 2015-05-27 09:28 - 0058276 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_SF.xml
2015-05-27 09:28 - 2015-05-27 09:28 - 0040677 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_13_SF_selection.xml
2015-10-08 12:45 - 2015-11-25 10:49 - 0091120 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL.xml
2015-10-08 12:45 - 2015-11-25 10:49 - 0062583 _____ () C:\Users\LocalUser1\AppData\Roaming\233300_1_03_01_15_FL_selection.xml
2015-11-25 10:40 - 2015-11-25 10:40 - 0005302 _____ () C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL.xml
2015-11-25 10:40 - 2015-11-25 11:06 - 0004695 _____ () C:\Users\LocalUser1\AppData\Roaming\233346_1_09_01_15_FL_selection.xml
2015-02-22 17:33 - 2015-02-22 17:33 - 0034028 _____ () C:\Users\LocalUser1\AppData\Roaming\233413_1_03_01_13_FL.xml
2015-02-22 17:33 - 2015-03-02 10:42 - 0020411 _____ () C:\Users\LocalUser1\AppData\Roaming\233413_1_03_01_13_FL_selection.xml
2015-02-27 08:26 - 2015-03-18 21:51 - 0020880 _____ () C:\Users\LocalUser1\AppData\Roaming\233416_1_03_01_13_FL.xml
2015-02-27 08:26 - 2015-03-18 21:51 - 0015534 _____ () C:\Users\LocalUser1\AppData\Roaming\233416_1_03_01_13_FL_selection.xml
2015-02-27 09:01 - 2015-11-05 17:40 - 0065708 _____ () C:\Users\LocalUser1\AppData\Roaming\233423_1_03_01_13_FL.xml
2015-02-27 09:01 - 2015-11-05 17:40 - 0038417 _____ () C:\Users\LocalUser1\AppData\Roaming\233423_1_03_01_13_FL_selection.xml
2015-02-22 17:46 - 2015-11-05 17:49 - 0063962 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.13_1_09_01_14_FL.xml
2015-02-22 17:46 - 2015-11-05 17:54 - 0040479 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.13_1_09_01_14_FL_selection.xml
2015-05-27 05:56 - 2015-11-05 17:50 - 0037097 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.23_1_09_01_14_FL.xml
2015-02-25 17:37 - 2015-11-05 17:50 - 0019896 _____ () C:\Users\LocalUser1\AppData\Roaming\233713.23_1_09_01_14_FL_selection.xml
2015-10-06 13:57 - 2015-10-06 13:57 - 0125711 _____ () C:\Users\LocalUser1\AppData\Roaming\233713_1_09_01_11_FL.xml
2015-10-06 13:57 - 2015-10-06 14:25 - 0077818 _____ () C:\Users\LocalUser1\AppData\Roaming\233713_1_09_01_11_FL_selection.xml
2015-02-22 17:47 - 2015-02-22 17:47 - 0008025 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_FL.xml
2015-02-22 17:47 - 2015-03-02 10:44 - 0005889 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_FL_selection.xml
2015-05-27 09:25 - 2015-05-27 09:25 - 0008583 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_SF.xml
2015-05-27 09:25 - 2015-05-28 17:40 - 0006184 _____ () C:\Users\LocalUser1\AppData\Roaming\233723_1_03_01_13_SF_selection.xml
2015-05-27 06:00 - 2015-05-27 06:00 - 0014035 _____ () C:\Users\LocalUser1\AppData\Roaming\233813_1_03_01_14_SF.xml
2015-05-27 06:00 - 2015-05-27 06:00 - 0010094 _____ () C:\Users\LocalUser1\AppData\Roaming\233813_1_03_01_14_SF_selection.xml
2015-10-06 14:07 - 2015-10-06 14:07 - 0038865 _____ () C:\Users\LocalUser1\AppData\Roaming\235100_1_09_01_11_FL.xml
2015-10-06 14:07 - 2015-10-06 14:25 - 0027062 _____ () C:\Users\LocalUser1\AppData\Roaming\235100_1_09_01_11_FL_selection.xml
2015-03-18 21:56 - 2015-10-06 14:12 - 0001347 _____ () C:\Users\LocalUser1\AppData\Roaming\235116_1_09_01_13_FL.xml
2015-03-18 21:56 - 2015-10-06 14:12 - 0001846 _____ () C:\Users\LocalUser1\AppData\Roaming\235116_1_09_01_13_FL_selection.xml
2015-05-27 06:01 - 2015-05-27 06:01 - 0005270 _____ () C:\Users\LocalUser1\AppData\Roaming\235413_1_03_01_13_SF.xml
2015-05-27 06:01 - 2015-05-27 08:39 - 0004885 _____ () C:\Users\LocalUser1\AppData\Roaming\235413_1_03_01_13_SF_selection.xml
2015-02-27 11:57 - 2015-02-27 11:57 - 0010613 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_FL.xml
2015-02-27 11:57 - 2015-02-27 11:58 - 0008624 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_FL_selection.xml
2015-05-27 06:02 - 2015-05-27 06:02 - 0008805 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_SF.xml
2015-05-27 06:02 - 2015-05-27 06:02 - 0006576 _____ () C:\Users\LocalUser1\AppData\Roaming\236200_1_03_01_13_SF_selection.xml
2015-02-27 11:58 - 2015-02-27 11:58 - 0005156 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_FL.xml
2015-02-27 11:58 - 2015-02-27 11:58 - 0003609 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_FL_selection.xml
2014-12-10 09:30 - 2014-12-10 09:30 - 0005684 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_SF.xml
2014-12-10 09:30 - 2014-12-12 12:59 - 0003724 _____ () C:\Users\LocalUser1\AppData\Roaming\236313_1_03_01_13_SF_selection.xml
2015-02-22 17:58 - 2015-02-22 17:58 - 0020268 _____ () C:\Users\LocalUser1\AppData\Roaming\237200_1_09_01_13_FL.xml
2015-02-22 17:58 - 2015-02-22 17:58 - 0015209 _____ () C:\Users\LocalUser1\AppData\Roaming\237200_1_09_01_13_FL_selection.xml
2014-12-10 09:45 - 2014-12-10 09:45 - 0007284 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_03_01_13_SF.xml
2014-12-10 09:45 - 2014-12-12 13:01 - 0004509 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_03_01_13_SF_selection.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 0012904 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL.xml
2015-11-16 14:33 - 2015-11-16 14:33 - 0009503 _____ () C:\Users\LocalUser1\AppData\Roaming\237313_1_06_01_15_FL_selection.xml
2015-03-18 22:03 - 2015-04-06 07:25 - 0019535 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_FL.xml
2015-03-18 22:03 - 2015-04-06 07:25 - 0012292 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_FL_selection.xml
2014-12-10 09:25 - 2014-12-10 09:25 - 0004618 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_SF.xml
2014-12-10 09:25 - 2014-12-12 14:43 - 0003193 _____ () C:\Users\LocalUser1\AppData\Roaming\237413_1_03_01_13_SF_selection.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 0005626 _____ () C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL.xml
2015-11-16 10:53 - 2015-11-16 10:53 - 0003834 _____ () C:\Users\LocalUser1\AppData\Roaming\237416.11_1_06_01_15_FL_selection.xml
2015-02-22 18:00 - 2015-11-05 17:44 - 0012332 _____ () C:\Users\LocalUser1\AppData\Roaming\237433_1_03_01_13_FL.xml
2015-02-22 18:00 - 2015-11-05 17:44 - 0008135 _____ () C:\Users\LocalUser1\AppData\Roaming\237433_1_03_01_13_FL_selection.xml
2015-03-18 23:07 - 2015-09-25 07:00 - 0005319 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_FL.xml
2015-03-18 23:07 - 2015-09-25 07:00 - 0003683 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_FL_selection.xml
2015-03-15 18:26 - 2015-03-15 18:41 - 0005848 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_SF.xml
2015-03-15 18:26 - 2015-03-15 18:41 - 0004282 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.11_1_09_01_13_SF_selection.xml
2015-09-25 06:50 - 2015-11-16 10:34 - 0003095 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL.xml
2015-09-25 06:50 - 2015-11-16 14:36 - 0002433 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.12_1_03_01_15_FL_selection.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 0002439 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL.xml
2015-11-16 10:42 - 2015-11-16 10:42 - 0002398 _____ () C:\Users\LocalUser1\AppData\Roaming\238113.13_1_03_01_15_FL_selection.xml
2015-05-27 06:03 - 2015-05-27 08:44 - 0007390 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_03_01_13_SF.xml
2015-05-27 06:03 - 2015-05-28 17:44 - 0004789 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_03_01_13_SF_selection.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 0007423 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL.xml
2015-11-16 10:43 - 2015-12-06 17:38 - 0004557 _____ () C:\Users\LocalUser1\AppData\Roaming\238126_1_06_01_15_FL_selection.xml
2014-12-15 14:15 - 2015-11-16 10:48 - 0006417 _____ () C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL.xml
2014-12-15 14:15 - 2015-11-16 10:48 - 0004742 _____ () C:\Users\LocalUser1\AppData\Roaming\238213_1_03_01_13_FL_selection.xml
2015-02-27 08:30 - 2015-05-17 10:27 - 0003468 _____ () C:\Users\LocalUser1\AppData\Roaming\238216.14_1_03_01_13_FL.xml
2015-02-27 08:30 - 2015-05-17 10:27 - 0002695 _____ () C:\Users\LocalUser1\AppData\Roaming\238216.14_1_03_01_13_FL_selection.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 0017669 _____ () C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL.xml
2015-11-16 15:02 - 2015-11-16 15:02 - 0010569 _____ () C:\Users\LocalUser1\AppData\Roaming\238219_1_03_01_15_FL_selection.xml
2015-02-27 09:32 - 2015-11-05 17:47 - 0006921 _____ () C:\Users\LocalUser1\AppData\Roaming\238233_1_03_01_13_FL.xml
2015-02-27 09:32 - 2015-11-05 17:47 - 0005240 _____ () C:\Users\LocalUser1\AppData\Roaming\238233_1_03_01_13_FL_selection.xml
2015-05-27 09:08 - 2015-05-27 09:08 - 0015088 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.13_1_03_01_13_FL.xml
2015-05-27 09:08 - 2015-05-27 09:10 - 0009403 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.13_1_03_01_13_FL_selection.xml
2015-05-27 09:11 - 2015-05-27 09:11 - 0007396 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_FL.xml
2015-05-27 09:11 - 2015-05-27 09:11 - 0005799 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_FL_selection.xml
2015-05-27 09:12 - 2015-05-27 09:12 - 0002957 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_SF.xml
2015-05-27 09:12 - 2015-05-28 17:46 - 0002579 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.16_1_03_01_13_SF_selection.xml
2015-02-27 08:28 - 2015-05-27 09:09 - 0004586 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_FL.xml
2015-02-27 08:28 - 2015-05-27 09:09 - 0003002 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_FL_selection.xml
2015-05-28 17:49 - 2015-05-28 17:49 - 0004586 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_SF.xml
2015-05-28 17:49 - 2015-05-29 07:35 - 0003161 _____ () C:\Users\LocalUser1\AppData\Roaming\238239.19_1_03_01_15_SF_selection.xml
2015-02-22 16:17 - 2015-02-22 16:17 - 0019216 _____ () C:\Users\LocalUser1\AppData\Roaming\238316_1_03_01_13_FL.xml
2015-02-22 16:17 - 2015-02-22 16:17 - 0013408 _____ () C:\Users\LocalUser1\AppData\Roaming\238316_1_03_01_13_FL_selection.xml
2014-12-15 14:13 - 2014-12-15 14:13 - 0001938 _____ () C:\Users\LocalUser1\AppData\Roaming\238323_1_03_01_13_FL.xml
2014-12-15 14:13 - 2014-12-15 14:13 - 0001891 _____ () C:\Users\LocalUser1\AppData\Roaming\238323_1_03_01_13_FL_selection.xml
2015-03-19 10:56 - 2015-12-06 17:38 - 0005171 _____ () C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL.xml
2015-03-19 10:56 - 2015-12-06 17:38 - 0003478 _____ () C:\Users\LocalUser1\AppData\Roaming\238416_1_03_01_13_FL_selection.xml


Edited by Jo*, 11 December 2015 - 03:08 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 03:46 PM

Well, the listed XML files appear to be tied to an Application for HVAC piping and or specification. However, I checked another computer with the same software and I don't see those XML files.

 

Here's the log:

 

# AdwCleaner v5.024 - Logfile created 11/12/2015 at 14:20:18
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : LocalUser - LocalComputer
# Running from : C:\Users\LocalUser\Downloads\adwcleaner_5.024.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\LocalUser\AppData\Local\PackageAware

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKU\S-1-5-21-2625442063-1423468092-266333482-1002\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S0]txt - [828 bytes] ##########



#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 11 December 2015 - 03:50 PM

Did Malwarebytes Anti-Rootkit find nothing?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 03:57 PM

Just saw the reference to run that.... running it now. 



#8 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 05:17 PM

MalwareBytes Anti-Root Kit did not find anything :(



#9 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 11 December 2015 - 05:26 PM

Hello A P Bustraan,

perhaps your problem is a false alarm of SonicWALL?

The logs show one problem with SonicWALL:

==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 06:23 PM

The SonicWall Interface is tied to its VPN program. It remains disabled until the VPN program is started and then the Interface is enabled.

 

 

ComboFix 15-12-07.01 - LocalUser 12/11/2015  17:09:36.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16289.12915 [GMT -6:00]
Running from: c:\users\LocalUser\Downloads\C1.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\programdata\Roaming
c:\users\LocalUser\AppData\Local\assembly\tmp
c:\users\LocalUser\AppData\Roaming\071800_1_06_01_14_FL.xml
c:\users\LocalUser\AppData\Roaming\071800_1_06_01_14_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\077200_1_06_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\077200_1_06_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\089119_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\089119_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\089516_1_03_20_2010_SF.xml
c:\users\LocalUser\AppData\Roaming\089516_1_03_20_2010_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\210518_1_03_20_2010_SF.xml
c:\users\LocalUser\AppData\Roaming\210518_1_03_20_2010_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\211313_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\211313_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\220517_1_03_20_2010_SF.xml
c:\users\LocalUser\AppData\Roaming\220517_1_03_20_2010_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\220523_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\220523_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\220523_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220523_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220529_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\220529_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\220529_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220529_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220533_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220533_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220548_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\220548_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\220548_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220548_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220553_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220553_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220700_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\220700_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\220719_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\220719_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\221113_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221113_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221116_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221116_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221116_1_12_01_12_FL.xml
c:\users\LocalUser\AppData\Roaming\221116_1_12_01_12_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\221119_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221119_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221119_1_12_01_12_FL.xml
c:\users\LocalUser\AppData\Roaming\221119_1_12_01_12_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\221123_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221123_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221313_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221313_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221316_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221316_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221316_1_12_01_12_FL.xml
c:\users\LocalUser\AppData\Roaming\221316_1_12_01_12_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\221316_1_12_01_12_SF.xml
c:\users\LocalUser\AppData\Roaming\221316_1_12_01_12_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\221319_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\221319_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221319_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221353_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221353_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221413_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221413_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221413_1_12_01_12_SF.xml
c:\users\LocalUser\AppData\Roaming\221413_1_12_01_12_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\221423_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221423_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\221429_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\221429_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\223100_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\223100_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\223300_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\223300_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\223400_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\223400_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\224000_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\224000_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\224716_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\224716_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230130.51_1_03_20_2010_SF.xml
c:\users\LocalUser\AppData\Roaming\230130.51_1_03_20_2010_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\230513_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\230513_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230513_1_09_01_11_SF.xml
c:\users\LocalUser\AppData\Roaming\230513_1_09_01_11_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\230517_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\230517_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230517_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230517_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230518_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\230518_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230523.11_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\230523.11_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230523.12_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\230523.12_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\230523.13_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\230523.13_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230523.13_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\230523.13_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\230523_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230523_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230529_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\230529_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230529_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230529_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230533_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230533_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230548.13_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\230548.13_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230548.13_1_09_01_11_SF.xml
c:\users\LocalUser\AppData\Roaming\230548.13_1_09_01_11_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\230553_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\230553_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230593_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\230593_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230593_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\230593_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230593_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230593_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230700_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\230700_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\230713_1_03_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\230713_1_03_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230713_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\230713_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\230719_1_03_20_2010_FL.xml
c:\users\LocalUser\AppData\Roaming\230719_1_03_20_2010_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\231113_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\231113_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\231123_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\231123_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\231123_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\231123_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\231126_1_10_01_13_SP.xml
c:\users\LocalUser\AppData\Roaming\231126_1_10_01_13_SP_selection.xml
c:\users\LocalUser\AppData\Roaming\232300_1_12_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\232300_1_12_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233113_1_06_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\233113_1_06_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233113_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233113_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233116_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233116_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233119_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\233119_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\233300_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233346_1_09_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\233346_1_09_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233413_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233413_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233416_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233416_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233423_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233423_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233713.13_1_09_01_14_FL.xml
c:\users\LocalUser\AppData\Roaming\233713.13_1_09_01_14_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233713.23_1_09_01_14_FL.xml
c:\users\LocalUser\AppData\Roaming\233713.23_1_09_01_14_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233713_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\233713_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233723_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\233723_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\233723_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\233723_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\233813_1_03_01_14_SF.xml
c:\users\LocalUser\AppData\Roaming\233813_1_03_01_14_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\235100_1_09_01_11_FL.xml
c:\users\LocalUser\AppData\Roaming\235100_1_09_01_11_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\235116_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\235116_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\235413_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\235413_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\236200_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\236200_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\236200_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\236200_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\236313_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\236313_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\236313_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\236313_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\237200_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\237200_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\237313_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\237313_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\237313_1_06_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\237313_1_06_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\237413_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\237413_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\237413_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\237413_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\237416.11_1_06_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\237416.11_1_06_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\237433_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\237433_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238113.11_1_09_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238113.11_1_09_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238113.11_1_09_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\238113.11_1_09_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\238113.12_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\238113.12_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238113.13_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\238113.13_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238126_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\238126_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\238126_1_06_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\238126_1_06_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238213_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238213_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238216.14_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238216.14_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238219_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\238219_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238233_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238233_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238239.13_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238239.13_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238239.16_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238239.16_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238239.16_1_03_01_13_SF.xml
c:\users\LocalUser\AppData\Roaming\238239.16_1_03_01_13_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\238239.19_1_03_01_15_FL.xml
c:\users\LocalUser\AppData\Roaming\238239.19_1_03_01_15_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238239.19_1_03_01_15_SF.xml
c:\users\LocalUser\AppData\Roaming\238239.19_1_03_01_15_SF_selection.xml
c:\users\LocalUser\AppData\Roaming\238316_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238316_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238323_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238323_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\238416_1_03_01_13_FL.xml
c:\users\LocalUser\AppData\Roaming\238416_1_03_01_13_FL_selection.xml
c:\users\LocalUser\AppData\Roaming\lua5.1.dll
c:\users\LocalUser\AppData\Roaming\Uninstall.dat
c:\users\LocalUser\AppData\Roaming\uninstall.exe
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
c:\windows\SysWow64\~GLH02d0.TMP
c:\windows\SysWow64\~GLH02d2.TMP
c:\windows\SysWow64\~GLH02d5.TMP
c:\windows\SysWow64\~GLH02d8.TMP
c:\windows\SysWow64\~GLH02da.TMP
c:\windows\SysWow64\~GLH02dd.TMP
c:\windows\SysWow64\~GLH02df.TMP
c:\windows\SysWow64\~GLH02e3.TMP
c:\windows\SysWow64\~GLH02e5.TMP
c:\windows\SysWow64\~GLH02e7.TMP
c:\windows\SysWow64\~GLH02e9.TMP
c:\windows\SysWow64\~GLH02eb.TMP
c:\windows\SysWow64\~GLH02ed.TMP
c:\windows\SysWow64\~GLH02ef.TMP
c:\windows\SysWow64\~GLH02f1.TMP
c:\windows\SysWow64\~GLH02f3.TMP
c:\windows\SysWow64\~GLH02f5.TMP
c:\windows\SysWow64\~GLH02f7.TMP
c:\windows\SysWow64\~GLH02f9.TMP
c:\windows\SysWow64\~GLH02fb.TMP
c:\windows\SysWow64\~GLH02fd.TMP
c:\windows\SysWow64\~GLH02ff.TMP
c:\windows\SysWow64\~GLH0301.TMP
c:\windows\SysWow64\~GLH0303.TMP
c:\windows\SysWow64\~GLH0305.TMP
c:\windows\SysWow64\~GLH0307.TMP
c:\windows\SysWow64\~GLH0309.TMP
c:\windows\SysWow64\~GLH030b.TMP
c:\windows\SysWow64\~GLH030d.TMP
c:\windows\SysWow64\~GLH030f.TMP
c:\windows\SysWow64\~GLH0311.TMP
c:\windows\SysWow64\~GLH0313.TMP
c:\windows\SysWow64\~GLH0317.TMP
c:\windows\SysWow64\~GLH0334.TMP
c:\windows\SysWow64\~GLH0336.TMP
c:\windows\SysWow64\~GLH0338.TMP
c:\windows\SysWow64\~GLH033a.TMP
c:\windows\SysWow64\~GLH033c.TMP
.
.
(((((((((((((((((((((((((   Files Created from 2015-11-11 to 2015-12-11  )))))))))))))))))))))))))))))))
.
.
2015-12-11 20:50 . 2015-12-11 21:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-12-11 20:50 . 2015-12-11 20:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-12-11 19:41 . 2015-12-11 19:43 -------- d-----w- C:\FRST
2015-12-11 18:58 . 2015-12-11 19:06 -------- d-----w- c:\program files\WinRAR
2015-12-11 16:39 . 2015-12-11 16:39 -------- d-----w- c:\program files (x86)\ESET
2015-12-06 23:42 . 2015-12-06 23:42 -------- d-----w- c:\users\LocalUser\AppData\Roaming\COMcheck
2015-12-06 23:42 . 2015-12-06 23:42 -------- d-----w- c:\programdata\COMcheck
2015-12-06 23:41 . 2015-12-06 23:41 -------- d-----w- c:\users\LocalUser\AppData\Local\Check
2015-11-29 18:54 . 2015-11-29 18:54 -------- d-----w- c:\program files\iTunes
2015-11-29 18:54 . 2015-11-29 18:54 -------- d-----w- c:\program files (x86)\iTunes
2015-11-29 18:54 . 2015-11-29 18:54 -------- d-----w- c:\program files\iPod
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2015-09-24 1104288]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-12-17 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-04-26 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-04-26 43816]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2015-04-26 1079592]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2015-04-26 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2013-11-13 134616]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-09-05 292848]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2015-09-24 41360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2015-09-24 840592]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2013-06-25 337440]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2014-01-16 243560]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2014-08-28 1235336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Librarian Controller.lnk - c:\windows\Installer\{8EA724D7-5FE2-44E8-9E63-CA69355258AF}\_39854616A73D6E358E5C8F.exe [2014-12-3 10134]
OfficeStatus Windows Client.lnk - c:\program files\Key Metric Software\OfficeStatus Windows Client\OfficeStatus.WinClient.exe /startup [2014-5-21 2679808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service;c:\windows\SysWOW64\dllhost.exe;c:\windows\SysWOW64\dllhost.exe [x]
R3 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe  [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
R3 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvkflt.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 CarrierLibrarianService;Carrier Librarian Service;c:\e20-ii\ENVIRO\Library\Librarian\LibrarianService.exe;c:\e20-ii\ENVIRO\Library\Librarian\LibrarianService.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iBtSiva;Intel Bluetooth Service;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 poaService;Dell PPO Service;c:\program files\Dell\PPO\poaService.exe;c:\program files\Dell\PPO\poaService.exe [x]
S2 PoaSMSrv;Dell PPO System Maintenance Service;c:\program files\Dell\PPO\poaSmSrv.exe;c:\program files\Dell\PPO\poaSmSrv.exe [x]
S2 poaTaServ;Dell PPO Track & Analyze Service;c:\program files\Dell\PPO\poaTaServ.exe;c:\program files\Dell\PPO\poaTaServ.exe [x]
S2 postgresql-9.2;postgresql-9.2 - PostgreSQL Server 9.2;C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-9.2 -D C:/ProgramData/pgsql/data -w;C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-9.2 -D C:/ProgramData/pgsql/data -w [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SCCommService;MEEClientService;c:\program files (x86)\Malwarebytes' Managed Client\SCComm.exe;c:\program files (x86)\Malwarebytes' Managed Client\SCComm.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SWGVCSvc;Dell SonicWALL Global VPN Client Service;c:\program files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe;c:\program files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [x]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys;c:\windows\SYSNATIVE\Drivers\SWIPsec.sys [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
S3 POADrvr;POADrvr;c:\windows\system32\drivers\POADrvr.sys;c:\windows\SYSNATIVE\drivers\POADrvr.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
*Deregistered* - mfeavfk01
*Deregistered* - NAL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-25 14:38 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-22 15:56]
.
2015-12-11 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job
- c:\program files (x86)\Citrix\GoToMeeting\4062\g2mupdate.exe [2015-12-11 20:37]
.
2015-12-11 c:\windows\Tasks\G2MUploadTask-S-1-5-21-2857191529-4038278520-3241676031-3670.job
- c:\program files (x86)\Citrix\GoToMeeting\4062\g2mupload.exe [2015-12-11 20:37]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 13:26]
.
2015-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-25 13:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-08-20 7202520]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-29 1321688]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-31 391152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-31 771568]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-31 770544]
"DellPoaEvents"="c:\program files\Dell\PPO\DellPoaEvents.exe" [2013-12-18 274936]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-10-28 36352]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-05-30 4876528]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-03-26 7825720]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-08-08 2722080]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2012-04-19 942400]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2012-04-11 1241408]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-10-16 170256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.yahoo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{DF41CF14-99C6-4F07-9A97-142ED7483A0F}: NameServer = 192.168.100.251,192.168.100.90
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-LK Windows Fonts2.2 - c:\users\LocalUser\AppData\Roaming\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.2]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-9.2\" -D \"C:/ProgramData/pgsql/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-9.2]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-9.2\" -D \"C:/ProgramData/pgsql/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sagekey Software\ *{9086-1188}]
"E-Code"="270211208002"
"V-Code"="420602622171"
"R-Code"="67649935905463"
"U-Code"="0560035707841"
"D-Code"="0000000000"
"S-Code"="0000000000"
"Internet Password Validation"="64JQ1YX1"
@=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-12-11  17:15:11
ComboFix-quarantined-files.txt  2015-12-11 23:15
.
Pre-Run: 744,404,119,552 bytes free
Post-Run: 746,408,398,848 bytes free
.
- - End Of File - - 6E21F4402F23B2EC3901FFB2FD7B1807
5C616939100B85E558DA92B899A0FC36
 



#11 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 11 December 2015 - 06:39 PM

Hello A P Bustraan,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 07:04 PM

Here's the latest ADWCleaner Log:

 

# AdwCleaner v5.024 - Logfile created 11/12/2015 at 17:49:32
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : LocalUser - LK-WIN-LocalComputer
# Running from : E:\adwcleaner_5.024.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

Folder Found : C:\Users\LocalUser\AppData\Local\PackageAware

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKU\S-1-5-21-2625442063-1423468092-266333482-1002\Software\Headlight
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [805 bytes] ##########

 

And the JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Professional x64
Ran by LocalUser (Administrator) on Fri 12/11/2015 at 17:52:29.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 5

Successfully deleted: C:\Users\LocalUser\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\sLocalUserAppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARMANAGER_32479C6A-17CA4CFD.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File)
Successfully deleted: C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-66EEE4D2.pf (File)

 

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F65D403C-5D9C-4DDD-AA70-66CCC63A4667} (Registry Key)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/11/2015 at 17:53:26.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

After all of this, I connected it back to the network, and restarted. So far there's no alerts from the firewall!

 

With the items that combofix removed, can those be retrieved and submitted to MacAfee and MalwareBytes for analysis and perhaps determine what's infected, and their definitions updated?


Edited by A P Bustraan, 11 December 2015 - 07:10 PM.


#13 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 07:06 PM

Thanks for all the prompt responses and great tools!!!!
 

Can I use the same steps for the other (2) computers? Or should I open new topics for each one?

 

Thanks again!!

 



#14 A P Bustraan

A P Bustraan
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 11 December 2015 - 09:28 PM

Premature Celebration :( It started again about 30 min after I restarted it, and reconnected.....



#15 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:11 PM

Posted 12 December 2015 - 02:53 AM

Hi again,

please start a new topic for the other 2 pc, which have a problem too.
 

Premature Celebration It started again about 30 min after I restarted it, and reconnected.....

Can you post the complete error message you get now?

---

Emsisoft Emergency Kit Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.
---

Run Combofix again and post the log!
Perhaps then we can see which file(s) could be the problem.

---

Combofix stores backups located at C:\Qoobox\Quarantine\...
I think it renames files to file extension *.vir

You can go to one of the below sites if you want to scan file(s):
Virus Total (Recommended)
jotti.org
VirScan
click on Browse, and upload the file(s) for analysis.

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Edited by Jo*, 12 December 2015 - 03:39 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users