Good Morning. Yes, I may still need assistance. Although, I have run FRST, rogue killer and combofix, but I want to make sure I am clear of any malware or viruses. Below I have pasted the logs. Thank you much for your assistance.
FRST Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by emozingo (administrator) on AX110721L01 on 10-11-2014 09:14:38
Running from C:\Users\emozingo\Downloads
Loaded Profile: emozingo (Available profiles: UpdatusUser & Axsium & emozingo)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Streaming Client\RadeObj.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe
() C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Juniper Networks, Inc.) C:\Users\emozingo\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Boingo Wi-Finder] => C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk [2429 2013-09-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Akamai NetSession Interface] => C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Push Client] => C:\Users\emozingo\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-05-12] (AT&T Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19038360 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Mikogo] => C:\Users\emozingo\AppData\Roaming\Mikogo\mikogo-host.exe [6760264 2013-11-29] (Mikogo GmbH)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe [610888 2014-07-28] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://axcess.axsiu...m/default.aspx/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...r=643192177&ir=
SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {0B08207F-A63B-45B9-8396-C340C65A0D5E} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {3F50E95E-EA46-461A-A424-F8C7802D37B3} URL =
SearchScopes: HKCU - {92E4A532-F059-4F76-8A41-EE0B1DD9B34B} URL = http://search.yahoo....39,19890,0,25,0
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/...tupClient64.cab
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://158.228.91.6/...raUpdaterAx.cab
DPF: HKLM-x32 {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://usdatapqr01.g...lpl.top/qp2.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://webvpn.acade...ries/vpnweb.cab
DPF: HKLM-x32 {7A162288-DE78-473C-A6BA-23FF17F768E9} https://connect9.uc....ebInstaller.cab
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://epcvpn.elpas...COL /cscopf.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://contractor.v...SetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1083
DPF: HKLM-x32 {FDF86141-BB1C-465B-93F2-80F04E0B5EE0} https://microstrateg...Activex.x86.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: @citrixonline.com/appdetectorplugin -> C:\Users\emozingo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: LWAPlugin15.8 -> C:\Users\emozingo\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\emozingo\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-11-06]
Chrome:
=======
CHR Profile: C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-31]
CHR Extension: (Google Drive) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-31]
CHR Extension: (Google Search) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-31]
CHR Extension: (Google Wallet) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-31]
CHR Extension: (Gmail) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 CdfSvc; C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe [180224 2007-05-24] (Citrix Systems, Inc.) [File not signed]
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2013-12-09] (Lenovo.)
S2 FlexLicenseServer; C:\Kronos\wfc\bin\Lmgrd.exe [909312 2007-06-07] (Macrovision Corporation) [File not signed]
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-24] (Citrix Online, LLC)
R2 Mikogo-Service; C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe [1116512 2013-11-29] (Mikogo GmbH)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 RadeSvc; C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe [237568 2007-07-05] (Citrix Systems, Inc.) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-13] (IBM Corp.)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 cdfdrv; C:\Windows\System32\Drivers\cdfdrv.sys [28696 2007-05-24] (Citrix Systems, Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\ENG64.SYS [129752 2014-11-05] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\EX64.SYS [2137304 2014-11-05] (Symantec Corporation)
R1 PCC_DSCP; C:\Windows\System32\DRIVERS\PCC_DSCP_x64.sys [21600 2011-09-14] (Nortel)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-01] ()
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-09] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-13] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-13] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-13] (IBM Corp.)
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-05] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 09:14 - 2014-11-10 09:14 - 02116096 _____ (Farbar) C:\Users\emozingo\Downloads\FRST64.exe
2014-11-10 09:13 - 2014-11-10 09:13 - 01107968 _____ (Farbar) C:\Users\emozingo\Downloads\FRST.exe
2014-11-07 10:04 - 2014-11-07 10:04 - 00000000 ____D () C:\Program Files (x86)\Arkadin
2014-11-07 10:02 - 2014-11-07 11:21 - 00000000 __SHD () C:\Users\emozingo\Documents\cache
2014-11-07 10:02 - 2014-11-07 10:02 - 00000000 ____D () C:\Users\emozingo\AppData\Local\WebEx
2014-11-06 12:46 - 2014-11-06 12:46 - 01429686 _____ () C:\Users\emozingo\Desktop\DARTBundle_1106_1241.zip
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\TechSmith
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-11-05 16:27 - 2014-11-05 16:27 - 00000000 ____D () C:\Users\emozingo\Documents\Snagit Stamps
2014-11-05 14:00 - 2014-11-05 14:00 - 00001548 _____ () C:\Users\emozingo\Desktop\iexplore.exe - Shortcut.lnk
2014-11-05 13:42 - 2014-11-05 13:42 - 00033367 _____ () C:\ComboFix.txt
2014-11-05 13:22 - 2014-11-05 13:42 - 00000000 ____D () C:\ComboFix
2014-11-05 13:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 13:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 13:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 13:12 - 2014-11-05 13:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\emozingo\Desktop\tdsskiller.exe
2014-11-05 13:09 - 2014-11-05 12:49 - 01706359 _____ (Thisisu) C:\Users\emozingo\Desktop\JRT.exe
2014-11-05 12:50 - 2014-11-05 12:50 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-05 10:29 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\R-TT
2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Program Files (x86)\R-Studio
2014-11-05 10:28 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\Documents\R-TT
2014-11-05 06:33 - 2014-11-05 06:33 - 00031859 _____ () C:\Users\emozingo\Downloads\Addition.txt
2014-11-05 06:32 - 2014-11-10 09:14 - 00033441 _____ () C:\Users\emozingo\Downloads\FRST.txt
2014-11-05 06:32 - 2014-11-10 09:14 - 00000000 ____D () C:\FRST
2014-11-05 06:18 - 2014-11-05 06:18 - 00050916 _____ () C:\Users\emozingo\Desktop\JRT.txt
2014-11-05 06:13 - 2014-11-05 06:13 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 06:02 - 2014-11-05 13:00 - 00000000 ____D () C:\AdwCleaner
2014-11-05 05:51 - 2014-11-05 12:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 18:50 - 2014-11-05 13:42 - 00000000 ____D () C:\Qoobox
2014-11-04 18:48 - 2014-11-05 13:40 - 00000000 ____D () C:\Windows\erdnt
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-04 17:49 - 2014-11-04 19:10 - 00000000 ____D () C:\19f7d95
2014-11-04 13:59 - 2014-11-04 13:59 - 00001428 _____ () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-04 13:57 - 2014-11-04 13:58 - 00000000 ____D () C:\NPE
2014-11-04 13:54 - 2014-11-04 14:26 - 00000000 ____D () C:\Users\emozingo\AppData\Local\NPE
2014-11-04 13:22 - 2014-11-04 13:22 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess (2).url
2014-11-04 13:21 - 2014-11-04 13:21 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess.url
2014-11-04 11:04 - 2014-11-05 15:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-29 05:07 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\emozingo\AppData\Local\CrashDumps
2014-10-24 10:35 - 2014-10-24 10:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mozilla
2014-10-22 07:19 - 2014-11-04 18:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Security Best Practices
2014-10-21 05:14 - 2014-11-05 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\Disney - Shanghai
2014-10-16 05:21 - 2014-11-06 12:54 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Enigma Software Group
2014-10-16 05:21 - 2014-10-16 05:21 - 00001093 _____ () C:\Users\emozingo\Desktop\RegHunter.lnk
2014-10-16 05:21 - 2014-10-16 05:21 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter
2014-10-16 05:16 - 2014-10-16 05:16 - 00000000 ____D () C:\Windows\D4EFA08DA1924007987D71BFF23B2F8F.TMP
2014-10-16 01:08 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 01:08 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 01:08 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 01:08 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 01:08 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 01:08 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 01:08 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 01:08 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 01:08 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 01:07 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 01:07 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 01:07 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 01:07 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 01:07 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 01:07 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 01:07 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 01:07 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 01:07 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 01:07 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 01:07 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 01:07 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 01:07 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 01:07 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 01:07 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 01:07 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 01:07 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 01:07 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 01:07 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 01:06 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 01:06 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 01:06 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 01:06 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 01:06 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 01:06 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 01:06 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 01:06 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 01:06 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 01:06 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 01:06 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 01:06 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 01:06 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 01:06 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-16 01:06 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs(5).exe
2014-10-16 01:06 - 2014-09-19 21:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-10 09:10 - 2012-03-30 07:05 - 00000000 ____D () C:\Users\emozingo\Documents\Outlook Files
2014-11-10 07:02 - 2012-01-01 20:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\{E255CA2C-C48D-484D-A010-47BF9D5A8590}
2014-11-10 02:55 - 2011-08-10 07:58 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\webex
2014-11-10 02:03 - 2011-08-10 07:58 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-07 09:35 - 2011-08-11 04:13 - 00000000 ____D () C:\Users\emozingo\Documents\SQL Server Management Studio Express
2014-11-07 09:29 - 2009-07-14 00:13 - 00855058 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-07 05:51 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-07 05:51 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-06 18:03 - 2011-08-11 10:02 - 00002106 ____H () C:\Users\emozingo\Documents\Default.rdp
2014-11-06 13:03 - 2012-04-25 13:16 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Skype
2014-11-06 12:58 - 2013-08-30 08:32 - 00631340 _____ () C:\Windows\PFRO.log
2014-11-06 12:58 - 2013-08-30 07:14 - 00018717 _____ () C:\Windows\setupact.log
2014-11-06 12:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 12:56 - 2013-07-26 12:03 - 01926383 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 12:54 - 2013-07-26 12:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-06 12:41 - 2013-10-28 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-11-06 01:31 - 2013-06-14 13:22 - 00000000 ____D () C:\Users\Ctx_StreamingSvc
2014-11-06 01:31 - 2011-07-21 21:20 - 00000000 ____D () C:\Users\Axsium
2014-11-05 15:11 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mikogo
2014-11-05 15:11 - 2012-01-24 07:50 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\ICAClient
2014-11-05 15:11 - 2011-08-11 07:14 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-11-05 15:11 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-05 15:07 - 2012-09-27 19:55 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Akamai
2014-11-05 15:07 - 2011-06-01 21:30 - 00000000 ____D () C:\root
2014-11-05 15:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 15:05 - 2014-07-22 13:14 - 00000000 ____D () C:\Users\emozingo\Documents\Oakley
2014-11-05 15:05 - 2014-03-07 06:23 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Client
2014-11-05 15:05 - 2013-10-22 10:53 - 00000000 ____D () C:\Users\emozingo\Documents\El Paso County
2014-11-05 15:05 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\Documents\att connect
2014-11-05 15:05 - 2013-07-30 05:18 - 00000000 ____D () C:\Users\emozingo\Documents\OracleODAC
2014-11-05 15:05 - 2013-05-31 10:21 - 00000000 ____D () C:\Users\emozingo\Documents\Harbor Frieght
2014-11-05 15:05 - 2012-11-26 13:15 - 00000000 ____D () C:\Users\emozingo\Documents\Citrus Valley Heath Partners
2014-11-05 15:05 - 2012-08-06 06:33 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Quest Software
2014-11-05 15:05 - 2012-07-16 16:51 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Centra
2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Stuff
2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Interfaces
2014-11-05 15:05 - 2012-06-27 06:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Juniper Networks
2014-11-05 15:05 - 2012-05-11 05:01 - 00000000 ____D () C:\Users\emozingo\Documents\Interfaces and Reports
2014-11-05 15:05 - 2011-08-16 11:25 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Writing & Integrating Adv. SSRS WTK 6.1 Reports - Participation Guides
2014-11-05 15:05 - 2011-07-21 22:50 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Adobe
2014-11-05 14:54 - 2014-08-07 09:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Skype
2014-11-05 14:54 - 2014-03-24 06:20 - 00000000 ____D () C:\SmartDraw CI
2014-11-05 14:54 - 2013-12-07 10:54 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Evernote
2014-11-05 14:54 - 2013-08-28 20:58 - 00000000 ____D () C:\Users\emozingo\.sslvpn
2014-11-05 14:54 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\AppData\Local\ATT Connect
2014-11-05 14:54 - 2012-12-31 12:49 - 00000000 ____D () C:\Users\emozingo\AppData\Local\HP
2014-11-05 14:54 - 2012-01-17 11:48 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Google
2014-11-05 14:54 - 2011-11-15 12:12 - 00000000 ____D () C:\Users\emozingo\AppData\Local\TechSmith
2014-11-05 14:54 - 2011-07-21 21:26 - 00000000 ____D () C:\Users\Axsium\Desktop\Computer Setup
2014-11-05 14:54 - 2011-02-15 04:42 - 00000000 ____D () C:\SWTOOLS
2014-11-05 14:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-11-05 14:53 - 2014-09-16 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 14:53 - 2013-09-25 07:57 - 00000000 ____D () C:\ProgramData\GoBoingo
2014-11-05 14:53 - 2013-06-24 08:16 - 00000000 ____D () C:\ProgramData\Citrix
2014-11-05 14:53 - 2012-12-19 12:11 - 00000000 ____D () C:\ProgramData\HP
2014-11-05 14:53 - 2011-06-01 21:41 - 00000000 ____D () C:\ProgramData\Corel
2014-11-05 14:53 - 2011-06-01 21:12 - 00000000 ____D () C:\ProgramData\Lenovo
2014-11-05 14:52 - 2014-03-07 08:19 - 00000000 ____D () C:\app
2014-11-05 14:52 - 2012-01-26 09:34 - 00000000 ____D () C:\Kronos
2014-11-05 14:52 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-05 14:52 - 2011-07-21 21:49 - 00000000 ___RD () C:\MSOCache
2014-11-05 13:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 13:37 - 2011-07-21 21:33 - 00000000 ____D () C:\Users\emozingo
2014-11-05 11:42 - 2012-12-03 10:28 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-11-05 11:42 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files\Google
2014-11-05 11:41 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-04 19:12 - 2009-07-13 21:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 114819072 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-04 18:38 - 2013-10-24 14:57 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Initialization Parameters
2014-11-04 18:35 - 2012-01-19 07:33 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Time Tracking
2014-11-04 18:34 - 2014-06-18 05:00 - 00000000 ____D () C:\Users\emozingo\Documents\New folder
2014-11-04 18:34 - 2014-01-15 08:41 - 00000000 ____D () C:\Users\emozingo\Documents\Mini Marathon Training Guide
2014-11-04 18:34 - 2013-09-09 09:36 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStrategy Reporting Essentials
2014-11-04 18:34 - 2013-06-07 09:33 - 00000000 ____D () C:\Users\emozingo\Documents\Microstrategy Course Receipts
2014-11-04 18:34 - 2013-05-22 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStategy Course Manuals
2014-11-04 18:34 - 2013-04-01 17:27 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Cabinetry
2014-11-04 18:34 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Stored Procedures
2014-11-04 18:34 - 2012-06-28 05:39 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - FSDs
2014-11-04 18:34 - 2012-06-27 06:50 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Milgard
2014-11-04 18:34 - 2011-09-16 14:04 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Batch Schedule
2014-11-04 18:34 - 2011-09-08 15:53 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report Test Cases
2014-11-04 18:34 - 2011-09-02 14:37 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report FSD and Test Cases
2014-11-04 18:34 - 2011-08-19 08:45 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Project
2014-11-04 18:34 - 2011-08-16 13:29 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Logo
2014-11-04 18:33 - 2014-08-19 12:39 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WIM
2014-11-04 18:33 - 2014-06-12 07:58 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Install Checklist
2014-11-04 18:33 - 2012-11-05 12:46 - 00000000 ____D () C:\Users\emozingo\Documents\La-Z-Boy
2014-11-04 18:33 - 2012-07-17 05:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WTK 63 Rollout Training
2014-11-04 18:33 - 2012-01-10 12:20 - 00000000 ____D () C:\Users\emozingo\Documents\Manager Logon Pic at Clock
2014-11-04 18:32 - 2014-09-03 12:43 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Sizer app
2014-11-04 18:32 - 2014-07-07 05:16 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Ops Planner DB Reference
2014-11-04 18:32 - 2014-06-11 10:42 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM DB Tables Guide
2014-11-04 18:32 - 2014-02-12 16:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos System Settings Reference Guide
2014-11-04 18:32 - 2014-02-03 18:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Mobile
2014-11-04 18:32 - 2013-11-18 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Architecture and Technology Core Concepts
2014-11-04 18:32 - 2013-09-20 08:11 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Database Manual
2014-11-04 18:32 - 2013-09-04 13:51 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Network Security Best Practices
2014-11-04 18:32 - 2013-08-30 07:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Management and Batch Processing
2014-11-04 18:32 - 2013-08-14 06:06 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Manager
2014-11-04 18:32 - 2013-07-22 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Retail Workshop
2014-11-04 18:32 - 2012-10-04 13:36 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos SAT and Policies
2014-11-04 18:32 - 2012-07-17 05:10 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Navigator 63 Rollout Training
2014-11-04 18:32 - 2012-06-28 11:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC 6.3 Navigator Implementation Workshop
2014-11-04 18:32 - 2011-08-18 13:45 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Skills Eval
2014-11-04 18:32 - 2011-08-18 11:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Manuals
2014-11-04 18:31 - 2014-06-10 16:44 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Manuals
2014-11-04 18:31 - 2014-04-21 16:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 63 Technology & Platform Support
2014-11-04 18:31 - 2014-02-03 18:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Feature Summary and Implementation Manual
2014-11-04 18:31 - 2014-01-06 11:53 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos - Change Logon Page
2014-11-04 18:31 - 2013-10-24 14:31 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Compatibility Matrix
2014-11-04 18:31 - 2013-10-15 09:41 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos FAP Worksheet
2014-11-04 18:31 - 2013-09-12 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7.0 Technical Rollout
2014-11-04 18:31 - 2013-08-26 08:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Documentation
2014-11-04 18:31 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Error Codes
2014-11-04 18:31 - 2013-08-14 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Application Settings
2014-11-04 18:31 - 2013-08-08 08:15 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Analytics Web Training
2014-11-04 18:31 - 2013-08-05 08:24 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Analytics
2014-11-04 18:31 - 2013-06-28 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Checklist
2014-11-04 18:31 - 2013-04-12 12:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Custom Report Development Lunch and Learn Outline
2014-11-04 18:31 - 2012-10-05 06:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch
2014-11-04 18:31 - 2012-08-29 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Background Check
2014-11-04 18:31 - 2012-06-26 05:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch Rollout Training
2014-11-04 18:31 - 2011-12-21 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Courses
2014-11-04 18:31 - 2011-08-12 11:52 - 00000000 ____D () C:\Users\emozingo\Documents\Knightsbridge Conference
2014-11-04 18:30 - 2014-08-01 05:09 - 00000000 ____D () C:\Users\emozingo\Documents\Emerging Markets Team
2014-11-04 18:30 - 2014-06-02 15:00 - 00000000 ____D () C:\Users\emozingo\Documents\Health Benefit Forms
2014-11-04 18:30 - 2011-08-11 04:06 - 00000000 ____D () C:\Users\emozingo\Documents\Hours Summary Report
2014-11-04 18:29 - 2014-10-01 03:55 - 00000000 ____D () C:\Users\emozingo\Documents\County of Toronto
2014-11-04 18:29 - 2013-12-30 17:48 - 00000000 ____D () C:\Users\emozingo\Documents\Classic Party Rentals
2014-11-04 18:28 - 2012-07-19 05:03 - 00000000 ____D () C:\Users\emozingo\Documents\Chanel Project
2014-11-04 18:27 - 2013-12-17 07:50 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Anniversary Celebration Expenses
2014-11-04 18:27 - 2013-11-18 05:58 - 00000000 ____D () C:\Users\emozingo\Documents\Amazon
2014-11-04 18:27 - 2013-06-26 16:30 - 00000000 ____D () C:\Users\emozingo\Documents\APE
2014-11-04 18:27 - 2012-01-17 08:40 - 00000000 ____D () C:\Users\emozingo\Documents\Analytics Training
2014-11-04 18:27 - 2011-12-09 14:23 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Bio
2014-11-04 18:25 - 2012-01-11 17:52 - 00000000 ____D () C:\Users\emozingo\Desktop\FSD
2014-11-04 18:23 - 2013-05-15 06:39 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Clip Art Collection
2014-11-04 18:22 - 2014-07-30 13:32 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_35D8
2014-11-04 18:22 - 2013-09-17 05:34 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_26DB
2014-11-04 18:08 - 2013-02-01 06:46 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Apple Computer
2014-11-04 18:05 - 2011-06-01 21:48 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-04 17:59 - 2013-06-06 05:57 - 00000000 ____D () C:\ProgramData\Cisco
2014-11-04 17:59 - 2013-05-28 15:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-04 17:59 - 2011-06-01 21:13 - 00000000 ____D () C:\mfg
2014-11-04 17:51 - 2012-12-03 08:17 - 00000000 ____D () C:\$AVG
2014-11-04 13:56 - 2009-07-14 00:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 13:54 - 2013-09-16 11:16 - 02790860 _____ () C:\Windows\ntbtlog.txt.bak
2014-11-04 11:40 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-04 11:00 - 2014-09-16 07:14 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-04 10:33 - 2011-06-01 21:48 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-04 10:22 - 2011-06-01 21:48 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-04 10:20 - 2012-08-28 05:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 10:18 - 2014-03-24 06:21 - 00000468 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-11-04 10:18 - 2014-03-24 06:21 - 00000460 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-11-04 09:46 - 2014-09-05 13:00 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3117269233-1677071875-1948265523-2731.job
2014-11-04 09:03 - 2014-09-08 12:59 - 00000000 ____D () C:\Users\emozingo\Documents\Martin Marietta
2014-11-03 23:42 - 2012-07-30 15:56 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC5B087D-9D50-44BD-A344-41D6BAFF54E5}
2014-10-31 09:17 - 2014-06-12 08:00 - 00000000 ____D () C:\Users\emozingo\Documents\Academy Sports
2014-10-31 05:01 - 2012-11-13 13:23 - 00000000 ____D () C:\Users\emozingo\Documents\Sodexo
2014-10-28 11:41 - 2011-06-01 21:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-10-27 09:28 - 2013-09-26 07:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 09:26 - 2013-10-23 05:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 09:25 - 2013-04-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-27 02:36 - 2014-09-05 13:00 - 00003586 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3117269233-1677071875-1948265523-2731
2014-10-26 07:44 - 2012-09-08 08:35 - 00000000 ____D () C:\Users\emozingo\Documents\Personal
2014-10-26 07:22 - 2011-07-21 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-26 07:15 - 2014-02-11 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-26 07:14 - 2013-08-28 16:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-16 05:15 - 2013-07-26 12:51 - 00000000 ____D () C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP
2014-10-16 03:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 02:45 - 2014-10-09 14:01 - 00002431 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-10-16 02:45 - 2014-10-09 14:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-10-16 02:45 - 2014-09-16 07:13 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-10-16 02:44 - 2009-07-13 23:45 - 00463560 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 02:39 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 02:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 02:02 - 2011-07-21 22:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 17:02 - 2011-11-30 10:50 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys
Files to move or delete:
====================
C:\ProgramData\wavav0bdtzbtb43b.reg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 10:34
==================== End Of Log ============================
aswMBR.txt
aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-10 09:18:02
-----------------------------
09:18:02.333 OS Version: Windows x64 6.1.7601 Service Pack 1
09:18:02.333 Number of processors: 4 586 0x2A07
09:18:02.333 ComputerName: AX110721L01 UserName: emozingo
09:18:06.342 Initialize success
09:18:06.623 VM: initialized successfully
09:18:06.623 VM: Intel CPU BiosDisabled
09:19:49.162 AVAST engine defs: 14111001
09:19:58.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:19:58.397 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
09:19:58.553 Disk 0 MBR read successfully
09:19:58.553 Disk 0 MBR scan
09:19:58.553 Disk 0 unknown MBR code
09:19:58.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
09:19:58.568 Disk 0 Boot: NTFS code=1
09:19:58.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463737 MB offset 2459648
09:19:58.615 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12000 MB offset 952195072
09:19:58.678 Disk 0 scanning C:\Windows\system32\drivers
09:20:09.832 Service scanning
09:20:12.390 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys **LOCKED** 5
09:20:15.884 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
09:20:16.118 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
09:20:18.240 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys **LOCKED** 5
09:20:23.544 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\ENG64.SYS **LOCKED** 5
09:20:23.669 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\EX64.SYS **LOCKED** 5
09:20:36.274 Modules scanning
09:20:36.274 Disk 0 trace - called modules:
09:20:36.320 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
09:20:36.320 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006645060]
09:20:36.336 3 CLASSPNP.SYS[fffff8800129b43f] -> nt!IofCallDriver -> [0xfffffa800473e630]
09:20:36.336 5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004744050]
09:20:39.893 AVAST engine scan C:\Windows
09:20:44.198 AVAST engine scan C:\Windows\system32
09:26:17.345 AVAST engine scan C:\Windows\system32\drivers
09:27:04.515 AVAST engine scan C:\Users\emozingo
09:43:25.406 AVAST engine scan C:\ProgramData
09:50:14.938 Disk 0 statistics 5472648/0/0 @ 1.99 MB/s
09:50:14.953 Scan finished successfully
09:53:09.299 Disk 0 MBR has been saved successfully to "C:\Users\emozingo\Desktop\MBR.dat"
09:53:09.299 The log file has been saved successfully to "C:\Users\emozingo\Desktop\aswMBR.txt"
Checkup.txt
Results of screen317's Security Check version 0.99.89
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java 8 Update 25
Java version out of Date!
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````