Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

DLLHOST.exe *32 Comm Surrogate spawning/Powershell has stopped working


  • This topic is locked This topic is locked
19 replies to this topic

#1 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 04 November 2014 - 03:24 PM

Hello,

 

This morning I noticed my laptop had become very sluggish on my work laptop. I checked the processes and noticed 20+ and growing instances of "dllhost.exe *32" that were using up my CPU. I tried ending them, and running SpyHunter, RegHunter and Norton Anti-Virus, but with no effect. I restarted my laptop, and upon restarting, the dllhost replications started almost immediately and I was also given the error message "powershell has stopped working.  I have been able to work from safe mode for the time being.  Your assistance in removing this would be greatly appreciated.  Thank you in advance for you help!

 

 


    Advertisements

Register to Remove


#2 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 06 November 2014 - 11:18 AM

Hello and welcome, emozingo.

My name is fbfbfb. I will gladly assist you with your concerns.

While working to resolve the issues with your machine, please follow these guidelines:

  • Please be patient. Logs are lengthy and can take time to analyze.
  • Read and follow my directions carefully, in the sequence they are posted.
  • If you are unsure about anything, please ask for clarification before continuing.
  • Use only those tools that you have been directed to use.
  • Do not install or uninstall any applications or run any other scans without being directed to do so.
  • Copy and Paste the log files inside your post. Do not send them as attachments unless otherwise instructed.
  • Stay with me until your machine has been deemed all clear.
  • Please reply within 3 days of each posting to avoid closing this topic. If you need more time to complete tasks, or if you will be away, please let me know in advance.

Please run the following scans

 

1.  Farbar Recovery Scan Tool (FRST)

 

Please download Farbar Recovery Scan Tool from HERE, and save it to your desktop.

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to the disclaimer.
  • Press Scan.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

2.  aswMBR

 

Please download aswMBR from HERE.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions, please select Yes.
  • Click the Scan button to start the scan.

2pn88.png


  • On completion of the scan, click save log, save it to your desktop, and post in your next reply.

7Khfh.png

 

 

3.  Security Check

  • Download Security Check from HERE.
  • Save it to your desktop.
  • Double-click SecurityCheck.exe > Follow the onscreen instructions inside the black box.
  • In the event you get the message Unsupported operating system. Aborting now., reboot and try again.
  • A Notepad document should open automatically called checkup.txt.  This may take a few minutes.  Please copy and paste the contents of that document into your next reply.

 

CHECKLIST : In your next reply, please post the following:

  • FRST.txt
  • Addition.txt
  • aswMBR log
  • checkup.txt


#3 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 09 November 2014 - 07:23 PM

Hello, emozingo.

 

Do you still need help?  Please reply within the next 24 hours to avoid closing this thread.

 

Thank you.



#4 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 10 November 2014 - 09:09 AM

Good Morning.  Yes, I may still need assistance.  Although, I have run FRST, rogue killer and combofix, but I want to make sure I am clear of any malware or viruses.  Below I have pasted the logs.  Thank you much for your assistance. 

 

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01

Ran by emozingo (administrator) on AX110721L01 on 10-11-2014 09:14:38

Running from C:\Users\emozingo\Downloads

Loaded Profile: emozingo (Available profiles: UpdatusUser & Axsium & emozingo)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe

(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe

(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_comm_customer.exe

(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_system_customer.exe

(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

(Citrix Online, LLC) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_user_customer.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe

(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Streaming Client\RadeObj.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ucmapi.exe

() C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconv.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Juniper Networks, Inc.) C:\Users\emozingo\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe

(The Eraser Project) C:\Program Files\Eraser\Eraser.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-06-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-06-14] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Boingo Wi-Finder] => C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk [2429 2013-09-25] ()

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION

Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_winlogonx64.dll (Citrix Online, LLC)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Akamai NetSession Interface] => C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Push Client] => C:\Users\emozingo\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-05-12] (AT&T Inc.)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19038360 2014-09-25] (Microsoft Corporation)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Mikogo] => C:\Users\emozingo\AppData\Roaming\Mikogo\mikogo-host.exe [6760264 2013-11-29] (Mikogo GmbH)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\715\g2ax_start.exe [610888 2014-07-28] (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.)

Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk

ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)

Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk

ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://axcess.axsiu...m/default.aspx/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...r=643192177&ir=

SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKCU - {0B08207F-A63B-45B9-8396-C340C65A0D5E} URL = http://www.search.as...archTerms}&psv=

SearchScopes: HKCU - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKCU - {3F50E95E-EA46-461A-A424-F8C7802D37B3} URL =

SearchScopes: HKCU - {92E4A532-F059-4F76-8A41-EE0B1DD9B34B} URL = http://search.yahoo....39,19890,0,25,0

BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/...tupClient64.cab

DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://158.228.91.6/...raUpdaterAx.cab

DPF: HKLM-x32 {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://usdatapqr01.g...lpl.top/qp2.cab

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://webvpn.acade...ries/vpnweb.cab

DPF: HKLM-x32 {7A162288-DE78-473C-A6BA-23FF17F768E9} https://connect9.uc....ebInstaller.cab

DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://epcvpn.elpas...COL /cscopf.cab

DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://contractor.v...SetupClient.cab

DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1083

DPF: HKLM-x32 {FDF86141-BB1C-465B-93F2-80F04E0B5EE0} https://microstrateg...Activex.x86.cab

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: @citrixonline.com/appdetectorplugin -> C:\Users\emozingo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: LWAPlugin15.8 -> C:\Users\emozingo\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\emozingo\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension

FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-31]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-10-09]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-11-06]

Chrome:

=======

CHR Profile: C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-31]

CHR Extension: (Google Drive) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-31]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]

CHR Extension: (YouTube) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-31]

CHR Extension: (Google Search) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-31]

CHR Extension: (Google Wallet) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-31]

CHR Extension: (Gmail) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 CdfSvc; C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe [180224 2007-05-24] (Citrix Systems, Inc.) [File not signed]

R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2013-12-09] (Lenovo.)

S2 FlexLicenseServer; C:\Kronos\wfc\bin\Lmgrd.exe [909312 2007-06-07] (Macrovision Corporation) [File not signed]

R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\758\g2ax_service.exe [610888 2014-09-24] (Citrix Online, LLC)

R2 Mikogo-Service; C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe [1116512 2013-11-29] (Mikogo GmbH)

R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)

S3 RadeSvc; C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe [237568 2007-07-05] (Citrix Systems, Inc.) [File not signed]

R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-13] (IBM Corp.)

S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]

S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]

R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

R1 cdfdrv; C:\Windows\System32\Drivers\cdfdrv.sys [28696 2007-05-24] (Citrix Systems, Inc.)

R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-05] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-05] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)

R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\ENG64.SYS [129752 2014-11-05] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\EX64.SYS [2137304 2014-11-05] (Symantec Corporation)

R1 PCC_DSCP; C:\Windows\System32\DRIVERS\PCC_DSCP_x64.sys [21600 2011-09-14] (Nortel)

S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-01] ()

R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-09] ()

R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-13] (IBM Corp.)

S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-13] (IBM Corp.)

R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-13] (IBM Corp.)

R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)

R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-09] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-05] ()

R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)

S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:14 - 2014-11-10 09:14 - 02116096 _____ (Farbar) C:\Users\emozingo\Downloads\FRST64.exe

2014-11-10 09:13 - 2014-11-10 09:13 - 01107968 _____ (Farbar) C:\Users\emozingo\Downloads\FRST.exe

2014-11-07 10:04 - 2014-11-07 10:04 - 00000000 ____D () C:\Program Files (x86)\Arkadin

2014-11-07 10:02 - 2014-11-07 11:21 - 00000000 __SHD () C:\Users\emozingo\Documents\cache

2014-11-07 10:02 - 2014-11-07 10:02 - 00000000 ____D () C:\Users\emozingo\AppData\Local\WebEx

2014-11-06 12:46 - 2014-11-06 12:46 - 01429686 _____ () C:\Users\emozingo\Desktop\DARTBundle_1106_1241.zip

2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\TechSmith

2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10

2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\Program Files (x86)\TechSmith

2014-11-05 16:27 - 2014-11-05 16:27 - 00000000 ____D () C:\Users\emozingo\Documents\Snagit Stamps

2014-11-05 14:00 - 2014-11-05 14:00 - 00001548 _____ () C:\Users\emozingo\Desktop\iexplore.exe - Shortcut.lnk

2014-11-05 13:42 - 2014-11-05 13:42 - 00033367 _____ () C:\ComboFix.txt

2014-11-05 13:22 - 2014-11-05 13:42 - 00000000 ____D () C:\ComboFix

2014-11-05 13:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-05 13:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-05 13:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-05 13:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-05 13:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-05 13:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-05 13:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-05 13:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-05 13:12 - 2014-11-05 13:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\emozingo\Desktop\tdsskiller.exe

2014-11-05 13:09 - 2014-11-05 12:49 - 01706359 _____ (Thisisu) C:\Users\emozingo\Desktop\JRT.exe

2014-11-05 12:50 - 2014-11-05 12:50 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-11-05 10:29 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\R-TT

2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio

2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Program Files (x86)\R-Studio

2014-11-05 10:28 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\Documents\R-TT

2014-11-05 06:33 - 2014-11-05 06:33 - 00031859 _____ () C:\Users\emozingo\Downloads\Addition.txt

2014-11-05 06:32 - 2014-11-10 09:14 - 00033441 _____ () C:\Users\emozingo\Downloads\FRST.txt

2014-11-05 06:32 - 2014-11-10 09:14 - 00000000 ____D () C:\FRST

2014-11-05 06:18 - 2014-11-05 06:18 - 00050916 _____ () C:\Users\emozingo\Desktop\JRT.txt

2014-11-05 06:13 - 2014-11-05 06:13 - 00000000 ____D () C:\Windows\ERUNT

2014-11-05 06:02 - 2014-11-05 13:00 - 00000000 ____D () C:\AdwCleaner

2014-11-05 05:51 - 2014-11-05 12:50 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-11-04 18:50 - 2014-11-05 13:42 - 00000000 ____D () C:\Qoobox

2014-11-04 18:48 - 2014-11-05 13:40 - 00000000 ____D () C:\Windows\erdnt

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

2014-11-04 17:49 - 2014-11-04 19:10 - 00000000 ____D () C:\19f7d95

2014-11-04 13:59 - 2014-11-04 13:59 - 00001428 _____ () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-11-04 13:57 - 2014-11-04 13:58 - 00000000 ____D () C:\NPE

2014-11-04 13:54 - 2014-11-04 14:26 - 00000000 ____D () C:\Users\emozingo\AppData\Local\NPE

2014-11-04 13:22 - 2014-11-04 13:22 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess (2).url

2014-11-04 13:21 - 2014-11-04 13:21 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess.url

2014-11-04 11:04 - 2014-11-05 15:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-10-29 05:07 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\emozingo\AppData\Local\CrashDumps

2014-10-24 10:35 - 2014-10-24 10:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mozilla

2014-10-22 07:19 - 2014-11-04 18:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Security Best Practices

2014-10-21 05:14 - 2014-11-05 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\Disney - Shanghai

2014-10-16 05:21 - 2014-11-06 12:54 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Enigma Software Group

2014-10-16 05:21 - 2014-10-16 05:21 - 00001093 _____ () C:\Users\emozingo\Desktop\RegHunter.lnk

2014-10-16 05:21 - 2014-10-16 05:21 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegHunter

2014-10-16 05:16 - 2014-10-16 05:16 - 00000000 ____D () C:\Windows\D4EFA08DA1924007987D71BFF23B2F8F.TMP

2014-10-16 01:08 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 01:08 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 01:08 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 01:08 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 01:08 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 01:08 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 01:08 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 01:08 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 01:08 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 01:07 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 01:07 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 01:07 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 01:07 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 01:07 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 01:07 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 01:07 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 01:07 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-16 01:07 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 01:07 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 01:07 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 01:07 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 01:07 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 01:07 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-16 01:07 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-16 01:07 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 01:07 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 01:07 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 01:07 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-16 01:06 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 01:06 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 01:06 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 01:06 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 01:06 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 01:06 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 01:06 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 01:06 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 01:06 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 01:06 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 01:06 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 01:06 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 01:06 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 01:06 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2014-10-16 01:06 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs(5).exe

2014-10-16 01:06 - 2014-09-19 21:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:10 - 2012-03-30 07:05 - 00000000 ____D () C:\Users\emozingo\Documents\Outlook Files

2014-11-10 07:02 - 2012-01-01 20:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\{E255CA2C-C48D-484D-A010-47BF9D5A8590}

2014-11-10 02:55 - 2011-08-10 07:58 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\webex

2014-11-10 02:03 - 2011-08-10 07:58 - 00000000 ____D () C:\ProgramData\WebEx

2014-11-07 09:35 - 2011-08-11 04:13 - 00000000 ____D () C:\Users\emozingo\Documents\SQL Server Management Studio Express

2014-11-07 09:29 - 2009-07-14 00:13 - 00855058 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-07 05:51 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-07 05:51 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-06 18:03 - 2011-08-11 10:02 - 00002106 ____H () C:\Users\emozingo\Documents\Default.rdp

2014-11-06 13:03 - 2012-04-25 13:16 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Skype

2014-11-06 12:58 - 2013-08-30 08:32 - 00631340 _____ () C:\Windows\PFRO.log

2014-11-06 12:58 - 2013-08-30 07:14 - 00018717 _____ () C:\Windows\setupact.log

2014-11-06 12:58 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-06 12:56 - 2013-07-26 12:03 - 01926383 _____ () C:\Windows\WindowsUpdate.log

2014-11-06 12:54 - 2013-07-26 12:52 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-11-06 12:41 - 2013-10-28 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

2014-11-06 01:31 - 2013-06-14 13:22 - 00000000 ____D () C:\Users\Ctx_StreamingSvc

2014-11-06 01:31 - 2011-07-21 21:20 - 00000000 ____D () C:\Users\Axsium

2014-11-05 15:11 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mikogo

2014-11-05 15:11 - 2012-01-24 07:50 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\ICAClient

2014-11-05 15:11 - 2011-08-11 07:14 - 00000000 ____D () C:\Windows\SysWOW64\1033

2014-11-05 15:11 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD

2014-11-05 15:07 - 2012-09-27 19:55 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Akamai

2014-11-05 15:07 - 2011-06-01 21:30 - 00000000 ____D () C:\root

2014-11-05 15:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration

2014-11-05 15:05 - 2014-07-22 13:14 - 00000000 ____D () C:\Users\emozingo\Documents\Oakley

2014-11-05 15:05 - 2014-03-07 06:23 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Client

2014-11-05 15:05 - 2013-10-22 10:53 - 00000000 ____D () C:\Users\emozingo\Documents\El Paso County

2014-11-05 15:05 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\Documents\att connect

2014-11-05 15:05 - 2013-07-30 05:18 - 00000000 ____D () C:\Users\emozingo\Documents\OracleODAC

2014-11-05 15:05 - 2013-05-31 10:21 - 00000000 ____D () C:\Users\emozingo\Documents\Harbor Frieght

2014-11-05 15:05 - 2012-11-26 13:15 - 00000000 ____D () C:\Users\emozingo\Documents\Citrus Valley Heath Partners

2014-11-05 15:05 - 2012-08-06 06:33 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Quest Software

2014-11-05 15:05 - 2012-07-16 16:51 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Centra

2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Stuff

2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Interfaces

2014-11-05 15:05 - 2012-06-27 06:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Juniper Networks

2014-11-05 15:05 - 2012-05-11 05:01 - 00000000 ____D () C:\Users\emozingo\Documents\Interfaces and Reports

2014-11-05 15:05 - 2011-08-16 11:25 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Writing & Integrating Adv. SSRS WTK 6.1 Reports - Participation Guides

2014-11-05 15:05 - 2011-07-21 22:50 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Adobe

2014-11-05 14:54 - 2014-08-07 09:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Skype

2014-11-05 14:54 - 2014-03-24 06:20 - 00000000 ____D () C:\SmartDraw CI

2014-11-05 14:54 - 2013-12-07 10:54 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Evernote

2014-11-05 14:54 - 2013-08-28 20:58 - 00000000 ____D () C:\Users\emozingo\.sslvpn

2014-11-05 14:54 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\AppData\Local\ATT Connect

2014-11-05 14:54 - 2012-12-31 12:49 - 00000000 ____D () C:\Users\emozingo\AppData\Local\HP

2014-11-05 14:54 - 2012-01-17 11:48 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Google

2014-11-05 14:54 - 2011-11-15 12:12 - 00000000 ____D () C:\Users\emozingo\AppData\Local\TechSmith

2014-11-05 14:54 - 2011-07-21 21:26 - 00000000 ____D () C:\Users\Axsium\Desktop\Computer Setup

2014-11-05 14:54 - 2011-02-15 04:42 - 00000000 ____D () C:\SWTOOLS

2014-11-05 14:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-11-05 14:53 - 2014-09-16 07:09 - 00000000 ____D () C:\ProgramData\Norton

2014-11-05 14:53 - 2013-09-25 07:57 - 00000000 ____D () C:\ProgramData\GoBoingo

2014-11-05 14:53 - 2013-06-24 08:16 - 00000000 ____D () C:\ProgramData\Citrix

2014-11-05 14:53 - 2012-12-19 12:11 - 00000000 ____D () C:\ProgramData\HP

2014-11-05 14:53 - 2011-06-01 21:41 - 00000000 ____D () C:\ProgramData\Corel

2014-11-05 14:53 - 2011-06-01 21:12 - 00000000 ____D () C:\ProgramData\Lenovo

2014-11-05 14:52 - 2014-03-07 08:19 - 00000000 ____D () C:\app

2014-11-05 14:52 - 2012-01-26 09:34 - 00000000 ____D () C:\Kronos

2014-11-05 14:52 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files (x86)\Google

2014-11-05 14:52 - 2011-07-21 21:49 - 00000000 ___RD () C:\MSOCache

2014-11-05 13:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini

2014-11-05 13:37 - 2011-07-21 21:33 - 00000000 ____D () C:\Users\emozingo

2014-11-05 11:42 - 2012-12-03 10:28 - 00000000 ____D () C:\Program Files (x86)\SparkTrust

2014-11-05 11:42 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files\Google

2014-11-05 11:41 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-11-04 19:12 - 2009-07-13 21:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-11-04 19:12 - 2009-07-13 21:34 - 114819072 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-11-04 19:12 - 2009-07-13 21:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-11-04 19:12 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-11-04 18:38 - 2013-10-24 14:57 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Initialization Parameters

2014-11-04 18:35 - 2012-01-19 07:33 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Time Tracking

2014-11-04 18:34 - 2014-06-18 05:00 - 00000000 ____D () C:\Users\emozingo\Documents\New folder

2014-11-04 18:34 - 2014-01-15 08:41 - 00000000 ____D () C:\Users\emozingo\Documents\Mini Marathon Training Guide

2014-11-04 18:34 - 2013-09-09 09:36 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStrategy Reporting Essentials

2014-11-04 18:34 - 2013-06-07 09:33 - 00000000 ____D () C:\Users\emozingo\Documents\Microstrategy Course Receipts

2014-11-04 18:34 - 2013-05-22 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStategy Course Manuals

2014-11-04 18:34 - 2013-04-01 17:27 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Cabinetry

2014-11-04 18:34 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Stored Procedures

2014-11-04 18:34 - 2012-06-28 05:39 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - FSDs

2014-11-04 18:34 - 2012-06-27 06:50 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Milgard

2014-11-04 18:34 - 2011-09-16 14:04 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Batch Schedule

2014-11-04 18:34 - 2011-09-08 15:53 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report Test Cases

2014-11-04 18:34 - 2011-09-02 14:37 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report FSD and Test Cases

2014-11-04 18:34 - 2011-08-19 08:45 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Project

2014-11-04 18:34 - 2011-08-16 13:29 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Logo

2014-11-04 18:33 - 2014-08-19 12:39 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WIM

2014-11-04 18:33 - 2014-06-12 07:58 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Install Checklist

2014-11-04 18:33 - 2012-11-05 12:46 - 00000000 ____D () C:\Users\emozingo\Documents\La-Z-Boy

2014-11-04 18:33 - 2012-07-17 05:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WTK 63 Rollout Training

2014-11-04 18:33 - 2012-01-10 12:20 - 00000000 ____D () C:\Users\emozingo\Documents\Manager Logon Pic at Clock

2014-11-04 18:32 - 2014-09-03 12:43 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Sizer app

2014-11-04 18:32 - 2014-07-07 05:16 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Ops Planner DB Reference

2014-11-04 18:32 - 2014-06-11 10:42 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM DB Tables Guide

2014-11-04 18:32 - 2014-02-12 16:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos System Settings Reference Guide

2014-11-04 18:32 - 2014-02-03 18:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Mobile

2014-11-04 18:32 - 2013-11-18 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Architecture and Technology Core Concepts

2014-11-04 18:32 - 2013-09-20 08:11 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Database Manual

2014-11-04 18:32 - 2013-09-04 13:51 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Network Security Best Practices

2014-11-04 18:32 - 2013-08-30 07:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Management and Batch Processing

2014-11-04 18:32 - 2013-08-14 06:06 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Manager

2014-11-04 18:32 - 2013-07-22 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Retail Workshop

2014-11-04 18:32 - 2012-10-04 13:36 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos SAT and Policies

2014-11-04 18:32 - 2012-07-17 05:10 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Navigator 63 Rollout Training

2014-11-04 18:32 - 2012-06-28 11:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC 6.3 Navigator Implementation Workshop

2014-11-04 18:32 - 2011-08-18 13:45 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Skills Eval

2014-11-04 18:32 - 2011-08-18 11:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Manuals

2014-11-04 18:31 - 2014-06-10 16:44 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Manuals

2014-11-04 18:31 - 2014-04-21 16:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 63 Technology & Platform Support

2014-11-04 18:31 - 2014-02-03 18:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Feature Summary and Implementation Manual

2014-11-04 18:31 - 2014-01-06 11:53 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos - Change Logon Page

2014-11-04 18:31 - 2013-10-24 14:31 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Compatibility Matrix

2014-11-04 18:31 - 2013-10-15 09:41 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos FAP Worksheet

2014-11-04 18:31 - 2013-09-12 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7.0 Technical Rollout

2014-11-04 18:31 - 2013-08-26 08:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Documentation

2014-11-04 18:31 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Error Codes

2014-11-04 18:31 - 2013-08-14 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Application Settings

2014-11-04 18:31 - 2013-08-08 08:15 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Analytics Web Training

2014-11-04 18:31 - 2013-08-05 08:24 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Analytics

2014-11-04 18:31 - 2013-06-28 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Checklist

2014-11-04 18:31 - 2013-04-12 12:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Custom Report Development Lunch and Learn Outline

2014-11-04 18:31 - 2012-10-05 06:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch

2014-11-04 18:31 - 2012-08-29 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Background Check

2014-11-04 18:31 - 2012-06-26 05:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch Rollout Training

2014-11-04 18:31 - 2011-12-21 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Courses

2014-11-04 18:31 - 2011-08-12 11:52 - 00000000 ____D () C:\Users\emozingo\Documents\Knightsbridge Conference

2014-11-04 18:30 - 2014-08-01 05:09 - 00000000 ____D () C:\Users\emozingo\Documents\Emerging Markets Team

2014-11-04 18:30 - 2014-06-02 15:00 - 00000000 ____D () C:\Users\emozingo\Documents\Health Benefit Forms

2014-11-04 18:30 - 2011-08-11 04:06 - 00000000 ____D () C:\Users\emozingo\Documents\Hours Summary Report

2014-11-04 18:29 - 2014-10-01 03:55 - 00000000 ____D () C:\Users\emozingo\Documents\County of Toronto

2014-11-04 18:29 - 2013-12-30 17:48 - 00000000 ____D () C:\Users\emozingo\Documents\Classic Party Rentals

2014-11-04 18:28 - 2012-07-19 05:03 - 00000000 ____D () C:\Users\emozingo\Documents\Chanel Project

2014-11-04 18:27 - 2013-12-17 07:50 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Anniversary Celebration Expenses

2014-11-04 18:27 - 2013-11-18 05:58 - 00000000 ____D () C:\Users\emozingo\Documents\Amazon

2014-11-04 18:27 - 2013-06-26 16:30 - 00000000 ____D () C:\Users\emozingo\Documents\APE

2014-11-04 18:27 - 2012-01-17 08:40 - 00000000 ____D () C:\Users\emozingo\Documents\Analytics Training

2014-11-04 18:27 - 2011-12-09 14:23 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Bio

2014-11-04 18:25 - 2012-01-11 17:52 - 00000000 ____D () C:\Users\emozingo\Desktop\FSD

2014-11-04 18:23 - 2013-05-15 06:39 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Clip Art Collection

2014-11-04 18:22 - 2014-07-30 13:32 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_35D8

2014-11-04 18:22 - 2013-09-17 05:34 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_26DB

2014-11-04 18:08 - 2013-02-01 06:46 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Apple Computer

2014-11-04 18:05 - 2011-06-01 21:48 - 00000000 ____D () C:\ProgramData\PCDr

2014-11-04 17:59 - 2013-06-06 05:57 - 00000000 ____D () C:\ProgramData\Cisco

2014-11-04 17:59 - 2013-05-28 15:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-11-04 17:59 - 2011-06-01 21:13 - 00000000 ____D () C:\mfg

2014-11-04 17:51 - 2012-12-03 08:17 - 00000000 ____D () C:\$AVG

2014-11-04 13:56 - 2009-07-14 00:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-04 13:54 - 2013-09-16 11:16 - 02790860 _____ () C:\Windows\ntbtlog.txt.bak

2014-11-04 11:40 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-11-04 11:00 - 2014-09-16 07:14 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-11-04 10:33 - 2011-06-01 21:48 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2014-11-04 10:22 - 2011-06-01 21:48 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job

2014-11-04 10:20 - 2012-08-28 05:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-04 10:18 - 2014-03-24 06:21 - 00000468 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job

2014-11-04 10:18 - 2014-03-24 06:21 - 00000460 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job

2014-11-04 09:46 - 2014-09-05 13:00 - 00000544 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3117269233-1677071875-1948265523-2731.job

2014-11-04 09:03 - 2014-09-08 12:59 - 00000000 ____D () C:\Users\emozingo\Documents\Martin Marietta

2014-11-03 23:42 - 2012-07-30 15:56 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC5B087D-9D50-44BD-A344-41D6BAFF54E5}

2014-10-31 09:17 - 2014-06-12 08:00 - 00000000 ____D () C:\Users\emozingo\Documents\Academy Sports

2014-10-31 05:01 - 2012-11-13 13:23 - 00000000 ____D () C:\Users\emozingo\Documents\Sodexo

2014-10-28 11:41 - 2011-06-01 21:29 - 00000000 ____D () C:\Program Files (x86)\Cisco

2014-10-27 09:28 - 2013-09-26 07:07 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-27 09:26 - 2013-10-23 05:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-27 09:25 - 2013-04-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-27 02:36 - 2014-09-05 13:00 - 00003586 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3117269233-1677071875-1948265523-2731

2014-10-26 07:44 - 2012-09-08 08:35 - 00000000 ____D () C:\Users\emozingo\Documents\Personal

2014-10-26 07:22 - 2011-07-21 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-26 07:15 - 2014-02-11 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection

2014-10-26 07:14 - 2013-08-28 16:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-16 05:15 - 2013-07-26 12:51 - 00000000 ____D () C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2014-10-16 03:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 02:45 - 2014-10-09 14:01 - 00002431 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-10-16 02:45 - 2014-10-09 14:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-10-16 02:45 - 2014-09-16 07:13 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-10-16 02:44 - 2009-07-13 23:45 - 00463560 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 02:39 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 02:13 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 02:02 - 2011-07-21 22:38 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-13 17:02 - 2011-11-30 10:50 - 00534104 _____ (IBM Corp.) C:\Windows\system32\Drivers\RapportKE64.sys

Files to move or delete:

====================

C:\ProgramData\wavav0bdtzbtb43b.reg

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2014-10-26 10:34

==================== End Of Log ============================

 

aswMBR.txt

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software

Run date: 2014-11-10 09:18:02

-----------------------------

09:18:02.333 OS Version: Windows x64 6.1.7601 Service Pack 1

09:18:02.333 Number of processors: 4 586 0x2A07

09:18:02.333 ComputerName: AX110721L01 UserName: emozingo

09:18:06.342 Initialize success

09:18:06.623 VM: initialized successfully

09:18:06.623 VM: Intel CPU BiosDisabled

09:19:49.162 AVAST engine defs: 14111001

09:19:58.397 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

09:19:58.397 Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3

09:19:58.553 Disk 0 MBR read successfully

09:19:58.553 Disk 0 MBR scan

09:19:58.553 Disk 0 unknown MBR code

09:19:58.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048

09:19:58.568 Disk 0 Boot: NTFS code=1

09:19:58.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463737 MB offset 2459648

09:19:58.615 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12000 MB offset 952195072

09:19:58.678 Disk 0 scanning C:\Windows\system32\drivers

09:20:09.832 Service scanning

09:20:12.390 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141030.001\BHDrvx64.sys **LOCKED** 5

09:20:15.884 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5

09:20:16.118 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5

09:20:18.240 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141107.001\IDSvia64.sys **LOCKED** 5

09:20:23.544 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\ENG64.SYS **LOCKED** 5

09:20:23.669 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141109.023\EX64.SYS **LOCKED** 5

09:20:36.274 Modules scanning

09:20:36.274 Disk 0 trace - called modules:

09:20:36.320 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll

09:20:36.320 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006645060]

09:20:36.336 3 CLASSPNP.SYS[fffff8800129b43f] -> nt!IofCallDriver -> [0xfffffa800473e630]

09:20:36.336 5 ACPI.sys[fffff88000f9a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004744050]

09:20:39.893 AVAST engine scan C:\Windows

09:20:44.198 AVAST engine scan C:\Windows\system32

09:26:17.345 AVAST engine scan C:\Windows\system32\drivers

09:27:04.515 AVAST engine scan C:\Users\emozingo

09:43:25.406 AVAST engine scan C:\ProgramData

09:50:14.938 Disk 0 statistics 5472648/0/0 @ 1.99 MB/s

09:50:14.953 Scan finished successfully

09:53:09.299 Disk 0 MBR has been saved successfully to "C:\Users\emozingo\Desktop\MBR.dat"

09:53:09.299 The log file has been saved successfully to "C:\Users\emozingo\Desktop\aswMBR.txt"

 

Checkup.txt

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Internet Security  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 45 
 Java 8 Update 25 
 Java version out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````
 

 

 

Attached Files



#5 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 10 November 2014 - 07:14 PM

Hello, emozingo.  Thank you for your reply. 

 

I am not clear as to whether you have run other tools (Rogue Killer, ComboFix) previous to your posting at Whatthetech or since posting here.  Please run only those tools that I request and nothing more.

 

There are many entries that need to me removed including viruses.

 

Please run the following Fix

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.

Start
CloseProcesses: 

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...r=643192177&ir=
SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {0B08207F-A63B-45B9-8396-C340C65A0D5E} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}
SearchScopes: HKCU - {3F50E95E-EA46-461A-A424-F8C7802D37B3} URL =
SearchScopes: HKCU - {92E4A532-F059-4F76-8A41-EE0B1DD9B34B} URL = http://search.yahoo....39,19890,0,25,0
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL
2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
C:\ProgramData\wavav0bdtzbtb43b.reg
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0001}) (Version: 12.0.1.100 - Ask Partner Network) <==== ATTENTION
QuickShare (HKLM-x32\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION 

Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.


  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

 

CHECKLIST : In your next reply, please post the following:

  • Fixlog.txt
  • Did you buy SparkTrust software, or did you download the free version?
  • How is your computer running now?

 



#6 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 11 November 2014 - 05:34 AM

Hello fbfbfb. 

Pasted below is the fixlog.txt. 

 

To answer a couple of your questions:

 

  I ran rogue killer and combofix before contacting you.  I have only run what you have recommended since we started communicating.

 

I purchased the SparkTrust software over a year ago, but have not used it within the last year.  I uninstalled that software recently.  I use SpyHunter and RegHunter, both purchased, for malware protection, and Norton anti-virus.

 

My computer is running better, yes, except that I got attacked by the malware the encrypts files (but I will have to live with that it looks like).  Other than that it has been running fine.

 

Question:  I have similar symptoms on my home PC similar to what I am seeing on this, my work laptop.  Should I open another incident to address my other PC or can I work with you in this incident to clear that up? 

 

Thanks again for your help. 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01

Ran by emozingo at 2014-11-11 06:03:36 Run:1

Running from C:\FRST

Loaded Profile: emozingo (Available profiles: UpdatusUser & Axsium & emozingo)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

HKLM-x32\...\Winlogon: [Shell] [0 ] () <=== ATTENTION

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...r=643192177&ir=

SearchScopes: HKLM-x32 - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKCU - {0B08207F-A63B-45B9-8396-C340C65A0D5E} URL = http://www.search.as...archTerms}&psv=

SearchScopes: HKCU - {34e26447-bf30-4c78-a5b9-61dfa8a55e67} URL = http://search.mywebs...r={searchTerms}

SearchScopes: HKCU - {3F50E95E-EA46-461A-A424-F8C7802D37B3} URL =

SearchScopes: HKCU - {92E4A532-F059-4F76-8A41-EE0B1DD9B34B} URL = http://search.yahoo....39,19890,0,25,0

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00008562 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00004224 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL

2014-11-04 18:25 - 2014-11-04 18:25 - 00000276 _____ () C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:21 - 2014-11-04 18:21 - 00008562 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:21 - 2014-11-04 18:21 - 00004224 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:21 - 2014-11-04 18:21 - 00000276 _____ () C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:11 - 2014-11-04 22:08 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Upkiime

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00008562 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00004224 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL

2014-11-04 18:07 - 2014-11-04 18:07 - 00000276 _____ () C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL

2014-11-04 18:05 - 2014-11-04 18:05 - 00008562 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML

2014-11-04 18:05 - 2014-11-04 18:05 - 00004224 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT

2014-11-04 18:05 - 2014-11-04 18:05 - 00000276 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL

C:\ProgramData\wavav0bdtzbtb43b.reg

Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0001}) (Version: 12.0.1.100 - Ask Partner Network) <==== ATTENTION

QuickShare (HKLM-x32\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION

Hosts:

EmptyTemp:

End

*****************

Processes closed successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.

"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B08207F-A63B-45B9-8396-C340C65A0D5E}" => Key deleted successfully.

"HKCR\CLSID\{0B08207F-A63B-45B9-8396-C340C65A0D5E}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}" => Key deleted successfully.

"HKCR\CLSID\{34e26447-bf30-4c78-a5b9-61dfa8a55e67}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F50E95E-EA46-461A-A424-F8C7802D37B3}" => Key deleted successfully.

"HKCR\CLSID\{3F50E95E-EA46-461A-A424-F8C7802D37B3}" => Key not found.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92E4A532-F059-4F76-8A41-EE0B1DD9B34B}" => Key deleted successfully.

"HKCR\CLSID\{92E4A532-F059-4F76-8A41-EE0B1DD9B34B}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\Users\emozingo\AppData\Roaming\Upkiime => Moved successfully.

C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\Users\Axsium\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL => Moved successfully.

C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.

C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.

C:\ProgramData\DECRYPT_INSTRUCTION.URL => Moved successfully.

"C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\emozingo\AppData\Roaming\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\Users\emozingo\AppData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\emozingo\AppData\Local\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\Users\emozingo\AppData\Roaming\Upkiime" => File/Directory not found.

"C:\Users\Axsium\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\Users\Axsium\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\Users\Axsium\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\Users\Axsium\AppData\Local\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\Users\Axsium\AppData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

"C:\ProgramData\DECRYPT_INSTRUCTION.HTML" => File/Directory not found.

"C:\ProgramData\DECRYPT_INSTRUCTION.TXT" => File/Directory not found.

"C:\ProgramData\DECRYPT_INSTRUCTION.URL" => File/Directory not found.

C:\ProgramData\wavav0bdtzbtb43b.reg => Moved successfully.

Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-006A-76A7-A758B70C0001}) (Version: 12.0.1.100 - Ask Partner Network) <==== ATTENTION => Error: No automatic fix found for this entry.

QuickShare (HKLM-x32\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION => Error: No automatic fix found for this entry.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 432.3 MB temporary data.

 

The system needed a reboot.

==== End of Fixlog ====



#7 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 11 November 2014 - 09:39 PM

Hello, emozingo.
 
Good to hear your computer is running better.  Can you specifically tell me what issues you are still experiencing at this stage?
 
In answer to your home PC -- I will be glad to help you with that, but you will need to start a new topic.  Let me know when you are ready to post, and I will try to pick up your thread.
 
Remove Toolbars and Programs

Please remove the following applications via your Control Panel if they are there: Ask Toolbar, QuickShare.

To uninstall:

  • Open the Control Panel.
  • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
  • Begin with the first program (Ask Toolbar) > Left-click on it once to highlight it.
  • Click on the Uninstall button.
  • When asked if you are sure you want to uninstall, click Yes.
  • The program will uninstall, and when completed you will be back at the list of programs installed on your computer.
  • Continue to delete the remaining program(s) (QuickShare) the same way.
  • When finished, close the Programs and Features screen.

Remove Programs from Browser

 

If Ask Toolbar and/or QuickShare appear in any of  your browsers, continue as follows:

 

For Internet Explorer:

  • Open Internet Explorer.
  • Click Tools > Manage Add-ons.
  • In the Manage Add-ons window, under Add-on Types (found on left side) highlight Toolbars and Extensions.
  • Under the Show: drop-down menu (found on left side) make sure All add-ons is selected.
  • Highlight the extension you wish to remove (Ask Toolbar, QuickShare), and select Disable.
  • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
  • Click Close to exit the Manage Add-ons window.

For Firefox:

  • Open Firefox.
  • Click Tools > Add-ons.
  • In the Add-ons window, under Add-on Types select Extensions.
  • Click to highlight the extension you wish to remove (Ask Toolbar, QuickShare) and select Disable.  If you want to delete an extension entirely, click Remove.
  • The Disable add-on window may pop up to warn you that related services and add-ons will also be disabled. Click Disable.
  • Exit the Add-ons Manager window, and restart Firefox to complete the process.

For Google Chrome

  • Open Google Chrome.
  • Click the wrench icon at the top right of the browser window.
  • Click Tools > Select Extensions to open the Options tab.
  • Uncheck Enabled to disable the extension (Ask Toolbar, QuickShare), or click Remove to delete it completely.

Reset Your Home Page and Default Search Engine

 

Removing the toolbars may have changed your browser settings (homepage, default search engines). If so, please follow the instructions found HERE.

 

Please update the following

 

Disabled UAC

 

The User Account Control is an important security feature in the latest versions of Windows, and it should be activated.  To turn UAC on, please go the Microsoft  website HERE.

 

Browser Updates

 

You are presently running Internet Explorer 10.  Please update to Internet Explorer 11.  Running older versions of a browser pose serious security vulnerabilities.  Updates increase the stability, security, speed, and functionality of your web browsers.  Download the latest version any browser you use:

Internet Explorer:  HERE  
Mozilla Firefox:  HERE  
Google Chrome:  HERE

 

Java Update

 

To improve your software's performance and stability, please update Java to the latest version and remove any older versions.

  • Click Start > Control Panel.
  • Click on the Java icon (coffee cup symbol) > Update > Update Now .
  • Follow the prompts to install the latest version of Java.

To remove older versions:  Win7

  • Click Start and select Control Panel.
  • When the Control Panel window opens, click on Uninstall a program found under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.
  • Look through the list of programs for any old versions of Java, and then left-click on it once to highlight it.
  • Click on the Uninstall button.
  • When finished, close the Programs and Features screen.

 

Question

 

You have run ComboFix, TDSS Killer, and Rogue Killer on your laptop.  Did you run these tools yourself, or were you helped on a malware forum?  Was this the time that your computer was infected with the encryption malware?  If you were helped on a malware forum, could you please provide me the link?

 

CHECKLIST : In your next reply, please post the following:

  • Let me know of any specific issues you are still experiencing at this stage.

 

 



#8 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 13 November 2014 - 05:46 AM

Hello fbfbfb. 

 

Thank you for your help.  My system seems to be performing much better.  I removed Ask toolbar, but the uninstall of Quickshare said DLL is missing and was unable to uninstall.  Is there way around this?  I updated to IE 11 and verified my java was the most recent.  Also enabled UAC.  Thanks again for recommendations.

 

I ran ComboFix, TDSS Killer and Rogue Killer on my own when I first noticed issues.  I did not work with another site to resolve.  You are only one I have been communicating with. 

 

I noticed the encryption malware the first part of last week (week of 11/2/2014).  But I think I was probably attacked at some point over the weekend previous to that or sometime in latter part of the previous week.  Although, I was able to access my files on 11/3, so I take that back.  I first noticed the encryption on 11/4, and that is when I noticed the DLLHOST issue.  I understand I can pay to get decrypted, but Im not going to do that.  I was ignorant for letting it happen, but I am not going to pay these scum bags to decrypt my files.  I had some backed up and lost some.  My understanding, from what I have read, is the only way to recover is to pay, is that correct? 

 

Thank you again for your help.  One last question.  What do you recommend for the best protection against these attacks going forward?  I currently have Norton anti-virus and firewall, I also use SpyHunter and RegHunter.  These didn't seem to block what I recently experienced though. 

 

Thank you again. 



#9 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 13 November 2014 - 07:12 PM

Hello, emozingo.
 
In reply to some of your questions:
 
Malware Protection:   Recent reports indicate that new malware is being created at an alarming rate, and therefore, there is no single program, free or purchased, that can possibly block out all malware.  Knowledge and prevention is your best defense.  The following articles are worth reading:
 

How to boost your malware defense and protect your PC by Microsoft found HERE.

How to Prevent Malware by Miekiemoes HERE.

 
Anti-Virus:  If you find that Norton AntiVirus slows down your computer, there are several, excellent free antivirus programs worth considering;

 

Avira Free Antivirus found HERE.

Avast found HERE.

AVG AntiVirus FREE 2015 found HERE.

 

If you choose to select one of these, set the program to automatically update to protect your system from the latest threats.

IMPORTANT:  Having more than one anti-virus program installed and enabled can cause conflicts, crashes, and slowdowns.

 

Preventing Encryption Malware:  Download CryptoPrevent from HERE.  Scroll to bottom of page and click the blue bar marked Download "CryptoPrevent Installer."

 

This is a a tiny utility to lock down any Windows OS (XP, Vista, 7, 8, 8.1, and 10) to prevent infection by the Cryptolocker malware or ransomware, which encrypts personal files and then offers decryption for a paid ransom.  It also protects against a wide variety of other malware.

 

Please run the following scan

 

Farbar Recovery Scan Tool (FRST)

 

Please rerun FRST and send me a fresh log.  Before beginning the scan, please remember to check mark Additions.txt.



#10 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 15 November 2014 - 07:06 PM

Hello, emozingo.

 

Have you re-run FRST yet?  Please reply to avoid closing this topic.

 

Thank you.


    Advertisements

Register to Remove


#11 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 16 November 2014 - 09:19 PM

Hello fbfbfb,

 

Please see FRST log pasted below.  Thank you,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-11-2014 03
Ran by emozingo (administrator) on AX110721L01 on 16-11-2014 22:14:55
Running from C:\Users\emozingo\Downloads
Loaded Profile: emozingo (Available profiles: UpdatusUser & Axsium & emozingo)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Mikogo GmbH) C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Screen-Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(RealVNC Ltd.) C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\VS90SP1-KB2938806-x86.exe
(Microsoft Corporation) C:\1212012246ba6ff984dfe5\HotFixInstaller.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Akamai Technologies, Inc.) C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Boingo Wi-Finder] => C:\Program Files (x86)\Boingo\Boingo Wi-Finder\Boingo.lnk [2429 2013-09-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Akamai NetSession Interface] => C:\Users\emozingo\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Push Client] => C:\Users\emozingo\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-05-12] (AT&T Inc.)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Lync] => C:\Program Files\Microsoft Office 15\root\office15\lync.exe [19038360 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Mikogo] => C:\Users\emozingo\AppData\Roaming\Mikogo\mikogo-host.exe [6760264 2013-11-29] (Mikogo GmbH)
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21645408 2014-07-24] (Skype Technologies S.A.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6700 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 6700 (Network).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\Software\Microsoft\Internet Explorer\Main,Start Page = https://axcess.axsiu...m/default.aspx/
HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec....&pvid=21.5.0.19
SearchScopes: HKCU - {A22623A1-B70E-4C2C-AC0E-93B7281CA455} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2A942AB7-2073-49BC-A7E1-77E93835889A} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3117269233-1677071875-1948265523-2731 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/...tupClient64.cab
DPF: HKLM-x32 {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://158.228.91.6/...raUpdaterAx.cab
DPF: HKLM-x32 {05D96F71-87C6-11D3-9BE4-00902742D6E0} http://usdatapqr01.g...lpl.top/qp2.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} https://webvpn.acade...ries/vpnweb.cab
DPF: HKLM-x32 {7A162288-DE78-473C-A6BA-23FF17F768E9} https://connect9.uc....ebInstaller.cab
DPF: HKLM-x32 {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://epcvpn.elpas...COL /cscopf.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://contractor.v...SetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1083
DPF: HKLM-x32 {FDF86141-BB1C-465B-93F2-80F04E0B5EE0} https://microstrateg...Activex.x86.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: @citrixonline.com/appdetectorplugin -> C:\Users\emozingo\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-3117269233-1677071875-1948265523-2731: LWAPlugin15.8 -> C:\Users\emozingo\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\emozingo\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-11-16]

Chrome:
=======
CHR Profile: C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-31]
CHR Extension: (Google Drive) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-18]
CHR Extension: (YouTube) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-31]
CHR Extension: (Google Search) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-31]
CHR Extension: (Google Wallet) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-31]
CHR Extension: (Gmail) - C:\Users\emozingo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2013-12-09] (Lenovo.)
S2 FlexLicenseServer; C:\Kronos\wfc\bin\Lmgrd.exe [909312 2007-06-07] (Macrovision Corporation) [File not signed]
R2 Mikogo-Service; C:\Users\emozingo\AppData\Roaming\Mikogo\Mikogo-Service.exe [1116512 2013-11-29] (Mikogo GmbH)
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1919256 2014-10-13] (IBM Corp.)
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-12-14] (Lenovo Group Limited) [File not signed]
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 WinVNC4; C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe [439632 2008-10-15] (RealVNC Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-05] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-05] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141114.001\IDSvia64.sys [633560 2014-10-08] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141116.002\ENG64.SYS [129752 2014-11-05] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141116.002\EX64.SYS [2137304 2014-11-05] (Symantec Corporation)
R1 PCC_DSCP; C:\Windows\System32\DRIVERS\PCC_DSCP_x64.sys [21600 2011-09-14] (Nortel)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-01] ()
R1 RapportCerberus_80055; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80055.sys [761720 2014-10-09] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [445880 2014-10-13] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [534104 2014-10-13] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [557656 2014-10-13] (IBM Corp.)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-05] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 22:14 - 2014-11-16 22:14 - 00000000 ____D () C:\Users\emozingo\Downloads\FRST-OlderVersion
2014-11-16 10:56 - 2014-11-16 10:56 - 00000000 ____D () C:\1212012246ba6ff984dfe5
2014-11-15 03:04 - 2014-11-15 03:04 - 00000000 ____D () C:\984462e7a4c1945d0a
2014-11-14 03:02 - 2014-11-14 19:02 - 00000000 ____D () C:\166df1ff5ec30d1b8d52e612850db5
2014-11-13 22:17 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-13 17:41 - 2014-11-13 17:45 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\ICAClient
2014-11-13 17:36 - 2014-11-13 17:39 - 00000000 ____D () C:\Citrix Cleanup tool
2014-11-13 17:35 - 2014-11-13 17:35 - 00251915 _____ () C:\Users\emozingo\Downloads\ReceiverCleanupUtility.zip
2014-11-13 17:14 - 2014-11-13 17:12 - 00001649 _____ () C:\launch.ica
2014-11-13 17:12 - 2014-11-13 17:12 - 00001649 _____ () C:\Users\emozingo\Downloads\launch.ica
2014-11-13 16:51 - 2014-11-13 16:51 - 00000093 _____ () C:\Users\emozingo\AppData\Roaming\ARCompanion.log
2014-11-13 16:49 - 2014-11-13 16:49 - 14194632 _____ (Citrix Systems, Inc.) C:\Users\emozingo\Downloads\CitrixOnlinePluginWeb (2).exe
2014-11-13 16:20 - 2014-11-13 16:20 - 17143752 _____ (Citrix Systems, Inc.) C:\Users\emozingo\Downloads\CitrixOnlinePluginFull.exe
2014-11-13 07:26 - 2014-11-13 07:26 - 11230592 _____ (Enigma Software Group USA, LLC.) C:\Users\emozingo\Downloads\RegHunter-Installer_exe
2014-11-13 07:23 - 2014-11-13 07:26 - 55846784 _____ (Enigma Software Group USA, LLC.) C:\Users\emozingo\Downloads\SpyHunter-Installer.exe
2014-11-13 06:28 - 2014-11-13 06:28 - 00000000 __SHD () C:\Users\emozingo\AppData\Local\EmieUserList
2014-11-13 06:28 - 2014-11-13 06:28 - 00000000 __SHD () C:\Users\emozingo\AppData\Local\EmieSiteList
2014-11-13 06:28 - 2014-11-13 06:28 - 00000000 __SHD () C:\Users\emozingo\AppData\Local\EmieBrowserModeList
2014-11-13 06:14 - 2014-11-13 06:14 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-13 06:14 - 2014-11-13 06:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-13 06:14 - 2014-11-13 06:14 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 06:14 - 2014-11-13 06:14 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 06:14 - 2014-11-13 06:14 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-11-13 06:14 - 2014-11-13 06:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-11-13 06:14 - 2014-11-13 06:14 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-13 06:14 - 2014-11-13 06:14 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-13 06:14 - 2014-11-13 06:14 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-13 06:14 - 2014-11-13 06:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-13 06:14 - 2014-11-13 06:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-13 06:14 - 2014-11-13 06:14 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 06:14 - 2014-11-13 06:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-13 06:10 - 2014-11-13 06:10 - 02077392 _____ (Microsoft Corporation) C:\Users\emozingo\Downloads\IE11-Windows6.1.exe
2014-11-12 06:00 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 06:00 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 06:00 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 06:00 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:00 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 06:00 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 06:00 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 06:00 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 06:00 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 06:00 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 06:00 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 06:00 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 06:00 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 06:00 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 06:00 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 06:00 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 06:00 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 06:00 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:00 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 06:00 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 06:00 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 06:00 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 06:00 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 06:00 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 06:00 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 06:00 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 05:59 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 05:59 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 05:59 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 05:59 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 05:59 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 05:59 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 05:59 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 05:59 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 05:59 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 05:59 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 03:00 - 2014-11-12 19:00 - 00000000 ____D () C:\38c600d600f1c75096
2014-11-11 10:49 - 2014-11-14 13:36 - 00000000 ____D () C:\Files
2014-11-10 15:22 - 2014-11-10 15:22 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Microsoft_Corporation
2014-11-10 15:21 - 2014-11-10 15:21 - 00000000 ____D () C:\Users\emozingo\Documents\Integration Services Script Task
2014-11-10 15:21 - 2014-11-10 15:21 - 00000000 ____D () C:\Users\emozingo\Documents\Integration Services Script Component
2014-11-10 15:18 - 2014-11-10 15:18 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-11-10 15:16 - 2014-11-16 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008
2014-11-10 15:13 - 2014-11-10 15:55 - 00000000 ____D () C:\Users\emozingo\Documents\Visual Studio 2008
2014-11-10 15:10 - 2014-11-10 15:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 9.0
2014-11-10 15:10 - 2014-11-10 15:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2014-11-10 15:09 - 2014-11-10 15:09 - 00000000 ____D () C:\Windows\system32\1033
2014-11-10 15:05 - 2014-11-10 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2014-11-10 14:27 - 2014-11-10 14:28 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_3350
2014-11-10 09:55 - 2014-11-10 09:55 - 00854448 _____ () C:\Users\emozingo\Downloads\SecurityCheck.exe
2014-11-10 09:53 - 2014-11-10 09:53 - 00003107 _____ () C:\Users\emozingo\Desktop\aswMBR.txt
2014-11-10 09:53 - 2014-11-10 09:53 - 00000512 _____ () C:\Users\emozingo\Desktop\MBR.dat
2014-11-10 09:17 - 2014-11-10 09:18 - 05194752 _____ (AVAST Software) C:\Users\emozingo\Downloads\aswMBR.exe
2014-11-10 09:14 - 2014-11-16 22:14 - 02117120 _____ (Farbar) C:\Users\emozingo\Downloads\FRST64.exe
2014-11-07 10:04 - 2014-11-07 10:04 - 00000000 ____D () C:\Program Files (x86)\Arkadin
2014-11-07 10:02 - 2014-11-07 11:21 - 00000000 __SHD () C:\Users\emozingo\Documents\cache
2014-11-07 10:02 - 2014-11-07 10:02 - 00000000 ____D () C:\Users\emozingo\AppData\Local\WebEx
2014-11-06 12:46 - 2014-11-06 12:46 - 01429686 _____ () C:\Users\emozingo\Desktop\DARTBundle_1106_1241.zip
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\TechSmith
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snagit 10
2014-11-05 16:32 - 2014-11-05 16:32 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-11-05 16:27 - 2014-11-05 16:27 - 00000000 ____D () C:\Users\emozingo\Documents\Snagit Stamps
2014-11-05 14:00 - 2014-11-05 14:00 - 00001548 _____ () C:\Users\emozingo\Desktop\iexplore.exe - Shortcut.lnk
2014-11-05 13:42 - 2014-11-05 13:42 - 00033367 _____ () C:\ComboFix.txt
2014-11-05 13:22 - 2014-11-05 13:42 - 00000000 ____D () C:\ComboFix
2014-11-05 13:22 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-05 13:22 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-05 13:22 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-05 13:22 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-05 13:12 - 2014-11-05 13:11 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\emozingo\Desktop\tdsskiller.exe
2014-11-05 13:09 - 2014-11-05 12:49 - 01706359 _____ (Thisisu) C:\Users\emozingo\Desktop\JRT.exe
2014-11-05 12:50 - 2014-11-05 12:50 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-05 10:29 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\R-TT
2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
2014-11-05 10:28 - 2014-11-05 11:41 - 00000000 ____D () C:\Program Files (x86)\R-Studio
2014-11-05 10:28 - 2014-11-05 10:29 - 00000000 ____D () C:\Users\emozingo\Documents\R-TT
2014-11-05 06:33 - 2014-11-05 06:33 - 00031859 _____ () C:\Users\emozingo\Downloads\Addition.txt
2014-11-05 06:32 - 2014-11-16 22:14 - 00031288 _____ () C:\Users\emozingo\Downloads\FRST.txt
2014-11-05 06:32 - 2014-11-16 22:14 - 00000000 ____D () C:\FRST
2014-11-05 06:18 - 2014-11-05 06:18 - 00050916 _____ () C:\Users\emozingo\Desktop\JRT.txt
2014-11-05 06:13 - 2014-11-05 06:13 - 00000000 ____D () C:\Windows\ERUNT
2014-11-05 06:02 - 2014-11-05 13:00 - 00000000 ____D () C:\AdwCleaner
2014-11-05 05:51 - 2014-11-05 12:50 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-04 18:50 - 2014-11-05 13:42 - 00000000 ____D () C:\Qoobox
2014-11-04 18:48 - 2014-11-05 13:40 - 00000000 ____D () C:\Windows\erdnt
2014-11-04 17:49 - 2014-11-04 19:10 - 00000000 ____D () C:\19f7d95
2014-11-04 13:59 - 2014-11-13 06:26 - 00001428 _____ () C:\Users\emozingo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-04 13:57 - 2014-11-04 13:58 - 00000000 ____D () C:\NPE
2014-11-04 13:54 - 2014-11-04 14:26 - 00000000 ____D () C:\Users\emozingo\AppData\Local\NPE
2014-11-04 13:22 - 2014-11-04 13:22 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess (2).url
2014-11-04 13:21 - 2014-11-04 13:21 - 00000476 _____ () C:\Users\emozingo\Desktop\Home - Axcess.url
2014-11-04 11:04 - 2014-11-05 15:11 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-10-29 05:07 - 2014-11-04 19:25 - 00000000 ____D () C:\Users\emozingo\AppData\Local\CrashDumps
2014-10-24 10:35 - 2014-10-24 10:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mozilla
2014-10-22 07:19 - 2014-11-04 18:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Security Best Practices
2014-10-21 05:14 - 2014-11-05 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\Disney - Shanghai

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 22:11 - 2012-03-30 07:05 - 00000000 ____D () C:\Users\emozingo\Documents\Outlook Files
2014-11-16 22:10 - 2012-04-25 13:16 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Skype
2014-11-16 22:08 - 2013-07-26 12:03 - 01663942 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 10:59 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-16 10:59 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-16 10:58 - 2009-07-14 00:13 - 00855058 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-16 10:51 - 2013-08-30 07:14 - 00019277 _____ () C:\Windows\setupact.log
2014-11-16 10:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 10:42 - 2009-07-13 23:45 - 00463568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-15 09:30 - 2011-07-21 21:34 - 00124992 _____ () C:\Users\emozingo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-15 03:04 - 2011-07-21 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-14 15:57 - 2011-08-11 04:13 - 00000000 ____D () C:\Users\emozingo\Documents\SQL Server Management Studio Express
2014-11-14 01:06 - 2012-09-27 19:55 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Akamai
2014-11-13 17:41 - 2013-06-24 08:16 - 00000000 ____D () C:\ProgramData\Citrix
2014-11-13 17:41 - 2012-02-22 15:28 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Citrix
2014-11-13 17:41 - 2012-01-24 07:50 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-11-13 17:38 - 2013-07-22 07:58 - 00000000 ____D () C:\Users\Axsium\AppData\Local\Citrix
2014-11-13 17:38 - 2013-06-26 08:34 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Citrix
2014-11-13 17:00 - 2014-02-24 12:22 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Mikogo
2014-11-13 15:02 - 2013-08-30 08:32 - 00632680 _____ () C:\Windows\PFRO.log
2014-11-13 14:57 - 2014-10-16 05:21 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Enigma Software Group
2014-11-13 14:57 - 2013-07-26 12:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-11-13 06:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-11-13 06:17 - 2013-11-26 03:01 - 00016102 _____ () C:\Windows\IE11_main.log
2014-11-13 03:40 - 2014-05-06 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:10 - 2013-08-15 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:04 - 2011-07-21 22:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-12 14:57 - 2011-08-11 10:02 - 00002106 ____H () C:\Users\emozingo\Documents\Default.rdp
2014-11-12 06:18 - 2011-07-21 21:30 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2014-11-11 14:16 - 2011-07-21 11:00 - 00008250 __RSH () C:\ProgramData\ntuser.pol
2014-11-11 06:06 - 2011-07-21 21:20 - 00000000 ____D () C:\Users\Axsium
2014-11-10 15:14 - 2011-08-11 07:14 - 00000000 ____D () C:\Windows\SysWOW64\1033
2014-11-10 15:09 - 2011-08-09 07:22 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-11-10 15:09 - 2011-08-09 07:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-11-10 07:02 - 2012-01-01 20:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\{E255CA2C-C48D-484D-A010-47BF9D5A8590}
2014-11-10 02:55 - 2011-08-10 07:58 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\webex
2014-11-10 02:03 - 2011-08-10 07:58 - 00000000 ____D () C:\ProgramData\WebEx
2014-11-06 12:41 - 2013-10-28 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2014-11-06 01:31 - 2013-06-14 13:22 - 00000000 ____D () C:\Users\Ctx_StreamingSvc
2014-11-05 15:11 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-11-05 15:07 - 2011-06-01 21:30 - 00000000 ____D () C:\root
2014-11-05 15:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-11-05 15:05 - 2014-07-22 13:14 - 00000000 ____D () C:\Users\emozingo\Documents\Oakley
2014-11-05 15:05 - 2014-03-07 06:23 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Client
2014-11-05 15:05 - 2013-10-22 10:53 - 00000000 ____D () C:\Users\emozingo\Documents\El Paso County
2014-11-05 15:05 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\Documents\att connect
2014-11-05 15:05 - 2013-07-30 05:18 - 00000000 ____D () C:\Users\emozingo\Documents\OracleODAC
2014-11-05 15:05 - 2013-05-31 10:21 - 00000000 ____D () C:\Users\emozingo\Documents\Harbor Frieght
2014-11-05 15:05 - 2012-11-26 13:15 - 00000000 ____D () C:\Users\emozingo\Documents\Citrus Valley Heath Partners
2014-11-05 15:05 - 2012-08-06 06:33 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Quest Software
2014-11-05 15:05 - 2012-07-16 16:51 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Centra
2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Stuff
2014-11-05 15:05 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Interfaces
2014-11-05 15:05 - 2012-06-27 06:35 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Juniper Networks
2014-11-05 15:05 - 2012-05-11 05:01 - 00000000 ____D () C:\Users\emozingo\Documents\Interfaces and Reports
2014-11-05 15:05 - 2011-08-16 11:25 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Writing & Integrating Adv. SSRS WTK 6.1 Reports - Participation Guides
2014-11-05 15:05 - 2011-07-21 22:50 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Adobe
2014-11-05 14:54 - 2014-08-07 09:23 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Skype
2014-11-05 14:54 - 2014-03-24 06:20 - 00000000 ____D () C:\SmartDraw CI
2014-11-05 14:54 - 2013-12-07 10:54 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Evernote
2014-11-05 14:54 - 2013-08-28 20:58 - 00000000 ____D () C:\Users\emozingo\.sslvpn
2014-11-05 14:54 - 2013-08-13 17:29 - 00000000 ____D () C:\Users\emozingo\AppData\Local\ATT Connect
2014-11-05 14:54 - 2012-12-31 12:49 - 00000000 ____D () C:\Users\emozingo\AppData\Local\HP
2014-11-05 14:54 - 2012-01-17 11:48 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Google
2014-11-05 14:54 - 2011-11-15 12:12 - 00000000 ____D () C:\Users\emozingo\AppData\Local\TechSmith
2014-11-05 14:54 - 2011-07-21 21:26 - 00000000 ____D () C:\Users\Axsium\Desktop\Computer Setup
2014-11-05 14:54 - 2011-02-15 04:42 - 00000000 ____D () C:\SWTOOLS
2014-11-05 14:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-11-05 14:53 - 2014-09-16 07:09 - 00000000 ____D () C:\ProgramData\Norton
2014-11-05 14:53 - 2013-09-25 07:57 - 00000000 ____D () C:\ProgramData\GoBoingo
2014-11-05 14:53 - 2012-12-19 12:11 - 00000000 ____D () C:\ProgramData\HP
2014-11-05 14:53 - 2011-06-01 21:41 - 00000000 ____D () C:\ProgramData\Corel
2014-11-05 14:53 - 2011-06-01 21:12 - 00000000 ____D () C:\ProgramData\Lenovo
2014-11-05 14:52 - 2014-03-07 08:19 - 00000000 ____D () C:\app
2014-11-05 14:52 - 2012-01-26 09:34 - 00000000 ____D () C:\Kronos
2014-11-05 14:52 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-05 14:52 - 2011-07-21 21:49 - 00000000 __RHD () C:\MSOCache
2014-11-05 13:38 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-05 13:37 - 2011-07-21 21:33 - 00000000 ____D () C:\Users\emozingo
2014-11-05 11:42 - 2012-12-03 10:28 - 00000000 ____D () C:\Program Files (x86)\SparkTrust
2014-11-05 11:42 - 2012-01-17 11:48 - 00000000 ____D () C:\Program Files\Google
2014-11-05 11:41 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-11-04 19:12 - 2009-07-13 21:34 - 18087936 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 114819072 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-04 19:12 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-04 18:38 - 2013-10-24 14:57 - 00000000 ____D () C:\Users\emozingo\Documents\Oracle Initialization Parameters
2014-11-04 18:35 - 2012-01-19 07:33 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Time Tracking
2014-11-04 18:34 - 2014-06-18 05:00 - 00000000 ____D () C:\Users\emozingo\Documents\New folder
2014-11-04 18:34 - 2014-01-15 08:41 - 00000000 ____D () C:\Users\emozingo\Documents\Mini Marathon Training Guide
2014-11-04 18:34 - 2013-09-09 09:36 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStrategy Reporting Essentials
2014-11-04 18:34 - 2013-06-07 09:33 - 00000000 ____D () C:\Users\emozingo\Documents\Microstrategy Course Receipts
2014-11-04 18:34 - 2013-05-22 08:59 - 00000000 ____D () C:\Users\emozingo\Documents\MicroStategy Course Manuals
2014-11-04 18:34 - 2013-04-01 17:27 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Cabinetry
2014-11-04 18:34 - 2012-06-28 05:40 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - Stored Procedures
2014-11-04 18:34 - 2012-06-28 05:39 - 00000000 ____D () C:\Users\emozingo\Documents\Nike - FSDs
2014-11-04 18:34 - 2012-06-27 06:50 - 00000000 ____D () C:\Users\emozingo\Documents\Masco-Milgard
2014-11-04 18:34 - 2011-09-16 14:04 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Batch Schedule
2014-11-04 18:34 - 2011-09-08 15:53 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report Test Cases
2014-11-04 18:34 - 2011-09-02 14:37 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Report FSD and Test Cases
2014-11-04 18:34 - 2011-08-19 08:45 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Project
2014-11-04 18:34 - 2011-08-16 13:29 - 00000000 ____D () C:\Users\emozingo\Documents\Nike Logo
2014-11-04 18:33 - 2014-08-19 12:39 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WIM
2014-11-04 18:33 - 2014-06-12 07:58 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Install Checklist
2014-11-04 18:33 - 2012-11-05 12:46 - 00000000 ____D () C:\Users\emozingo\Documents\La-Z-Boy
2014-11-04 18:33 - 2012-07-17 05:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WTK 63 Rollout Training
2014-11-04 18:33 - 2012-01-10 12:20 - 00000000 ____D () C:\Users\emozingo\Documents\Manager Logon Pic at Clock
2014-11-04 18:32 - 2014-09-03 12:43 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Sizer app
2014-11-04 18:32 - 2014-07-07 05:16 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Ops Planner DB Reference
2014-11-04 18:32 - 2014-06-11 10:42 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM DB Tables Guide
2014-11-04 18:32 - 2014-02-12 16:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos System Settings Reference Guide
2014-11-04 18:32 - 2014-02-03 18:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Mobile
2014-11-04 18:32 - 2013-11-18 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC Architecture and Technology Core Concepts
2014-11-04 18:32 - 2013-09-20 08:11 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Database Manual
2014-11-04 18:32 - 2013-09-04 13:51 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Network Security Best Practices
2014-11-04 18:32 - 2013-08-30 07:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Management and Batch Processing
2014-11-04 18:32 - 2013-08-14 06:06 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WDM Instance Manager
2014-11-04 18:32 - 2013-07-22 08:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Retail Workshop
2014-11-04 18:32 - 2012-10-04 13:36 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos SAT and Policies
2014-11-04 18:32 - 2012-07-17 05:10 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Navigator 63 Rollout Training
2014-11-04 18:32 - 2012-06-28 11:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos WFC 6.3 Navigator Implementation Workshop
2014-11-04 18:32 - 2011-08-18 13:45 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Skills Eval
2014-11-04 18:32 - 2011-08-18 11:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Manuals
2014-11-04 18:31 - 2014-06-10 16:44 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Manuals
2014-11-04 18:31 - 2014-04-21 16:08 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 63 Technology & Platform Support
2014-11-04 18:31 - 2014-02-03 18:35 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7 Feature Summary and Implementation Manual
2014-11-04 18:31 - 2014-01-06 11:53 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos - Change Logon Page
2014-11-04 18:31 - 2013-10-24 14:31 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Compatibility Matrix
2014-11-04 18:31 - 2013-10-15 09:41 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos FAP Worksheet
2014-11-04 18:31 - 2013-09-12 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos 7.0 Technical Rollout
2014-11-04 18:31 - 2013-08-26 08:48 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Attestation Documentation
2014-11-04 18:31 - 2013-08-14 16:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Error Codes
2014-11-04 18:31 - 2013-08-14 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Application Settings
2014-11-04 18:31 - 2013-08-08 08:15 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Analytics Web Training
2014-11-04 18:31 - 2013-08-05 08:24 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Analytics
2014-11-04 18:31 - 2013-06-28 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Install Checklist
2014-11-04 18:31 - 2013-04-12 12:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Custom Report Development Lunch and Learn Outline
2014-11-04 18:31 - 2012-10-05 06:37 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch
2014-11-04 18:31 - 2012-08-29 06:12 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Background Check
2014-11-04 18:31 - 2012-06-26 05:32 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos InTouch Rollout Training
2014-11-04 18:31 - 2011-12-21 08:18 - 00000000 ____D () C:\Users\emozingo\Documents\Kronos Courses
2014-11-04 18:31 - 2011-08-12 11:52 - 00000000 ____D () C:\Users\emozingo\Documents\Knightsbridge Conference
2014-11-04 18:30 - 2014-08-01 05:09 - 00000000 ____D () C:\Users\emozingo\Documents\Emerging Markets Team
2014-11-04 18:30 - 2014-06-02 15:00 - 00000000 ____D () C:\Users\emozingo\Documents\Health Benefit Forms
2014-11-04 18:30 - 2011-08-11 04:06 - 00000000 ____D () C:\Users\emozingo\Documents\Hours Summary Report
2014-11-04 18:29 - 2014-10-01 03:55 - 00000000 ____D () C:\Users\emozingo\Documents\County of Toronto
2014-11-04 18:29 - 2013-12-30 17:48 - 00000000 ____D () C:\Users\emozingo\Documents\Classic Party Rentals
2014-11-04 18:28 - 2012-07-19 05:03 - 00000000 ____D () C:\Users\emozingo\Documents\Chanel Project
2014-11-04 18:27 - 2013-12-17 07:50 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Anniversary Celebration Expenses
2014-11-04 18:27 - 2013-11-18 05:58 - 00000000 ____D () C:\Users\emozingo\Documents\Amazon
2014-11-04 18:27 - 2013-06-26 16:30 - 00000000 ____D () C:\Users\emozingo\Documents\APE
2014-11-04 18:27 - 2012-01-17 08:40 - 00000000 ____D () C:\Users\emozingo\Documents\Analytics Training
2014-11-04 18:27 - 2011-12-09 14:23 - 00000000 ____D () C:\Users\emozingo\Documents\Axsium Bio
2014-11-04 18:25 - 2012-01-11 17:52 - 00000000 ____D () C:\Users\emozingo\Desktop\FSD
2014-11-04 18:23 - 2013-05-15 06:39 - 00000000 ____D () C:\Users\emozingo\AppData\Roaming\Clip Art Collection
2014-11-04 18:22 - 2014-07-30 13:32 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_35D8
2014-11-04 18:22 - 2013-09-17 05:34 - 00000000 ____D () C:\Users\emozingo\AppData\OICE_15_974FA576_32C1D314_26DB
2014-11-04 18:08 - 2013-02-01 06:46 - 00000000 ____D () C:\Users\emozingo\AppData\Local\Apple Computer
2014-11-04 18:05 - 2011-06-01 21:48 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-04 17:59 - 2013-06-06 05:57 - 00000000 ____D () C:\ProgramData\Cisco
2014-11-04 17:59 - 2013-05-28 15:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-04 17:59 - 2011-06-01 21:13 - 00000000 ____D () C:\mfg
2014-11-04 17:51 - 2012-12-03 08:17 - 00000000 ____D () C:\$AVG
2014-11-04 13:56 - 2009-07-14 00:08 - 00032564 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-04 13:54 - 2013-09-16 11:16 - 02790860 _____ () C:\Windows\ntbtlog.txt.bak
2014-11-04 11:40 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-04 11:00 - 2014-09-16 07:14 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-11-04 10:33 - 2011-06-01 21:48 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-04 10:22 - 2011-06-01 21:48 - 00000382 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-04 10:20 - 2012-08-28 05:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-04 10:18 - 2014-03-24 06:21 - 00000468 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-11-04 10:18 - 2014-03-24 06:21 - 00000460 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-11-04 09:03 - 2014-09-08 12:59 - 00000000 ____D () C:\Users\emozingo\Documents\Martin Marietta
2014-11-03 23:42 - 2012-07-30 15:56 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DC5B087D-9D50-44BD-A344-41D6BAFF54E5}
2014-10-31 09:17 - 2014-06-12 08:00 - 00000000 ____D () C:\Users\emozingo\Documents\Academy Sports
2014-10-31 05:01 - 2012-11-13 13:23 - 00000000 ____D () C:\Users\emozingo\Documents\Sodexo
2014-10-28 11:41 - 2011-06-01 21:29 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-10-27 09:28 - 2013-09-26 07:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-27 09:26 - 2013-10-23 05:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-27 09:25 - 2013-04-01 16:25 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-26 07:44 - 2012-09-08 08:35 - 00000000 ____D () C:\Users\emozingo\Documents\Personal
2014-10-26 07:15 - 2014-02-11 05:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-10-26 07:14 - 2013-08-28 16:13 - 00000000 ____D () C:\Program Files\Microsoft Office 15

Some content of TEMP:
====================
C:\Users\emozingo\AppData\Local\Temp\ARCompanionForSession1.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 10:34

==================== End Of Log ============================



#12 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 18 November 2014 - 08:40 AM

Hello, emozingo.
 
Thank you for your FRST log.
 
Please run the following Fix

Please open Notepad:  Press the Windows key + r (Win Key + r) > Type Notepad > Click OK.

  • Copy and paste the entire contents of the code box below:  To do this, highlight the contents of the box, right click on it, and select Copy > Right-click in the open Notepad and select Paste.
  • Save this to the same directory you saved FRST / FRST64 > Save it as fixlist.txt.

Note:  In order for the fix to work, fixlist.txt must be placed next to FRST / FRST64.  You can use your mouse to drag it in place.
 

Start
CloseProcesses:
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
SearchScopes: HKCU - {A22623A1-B70E-4C2C-AC0E-93B7281CA455} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {2A942AB7-2073-49BC-A7E1-77E93835889A} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Toolbar: HKU\.DEFAULT -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKU\S-1-5-21-3117269233-1677071875-1948265523-2731 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-11-05 11:42 - 2012-12-03 10:28 - 00000000 ____D () C:\Program Files (x86)\SparkTrust 
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine.  Running this on another machine may cause damage to your operating system.

  • Run FRST / FRST64, press the Fix button once and wait.
  • When finished, the tool will generate a log on the Desktop (Fixlog.txt).  Please post it to your next reply.

Please run the following scan
 
ESET Online Scanner
 

Note:

  • Disable any antivirus program and antispyware programs to avoid conflicts.
  • Run Eset with Internet Explorer, but if using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted, then double click on it to install.
  • Please do not surf the internet while your security programs are disabled.
  • Let the scan run uninterrupted to avoid a stall.
  • Remember to enable your security programs when the scan has finished.

Run ESET Online Scanner from HERE.

  •   Click the green ESET Online Scanner button.
  •   Read the End User License Agreement and check the box YES, I accept the Terms of Use.
  •   Click on the Start button next to it.
  •   If prompted, allow the Add-On/Active X to install.

Under Computer scan settings:

  •   Do not check Remove found threats
  •   Check Scan Archives.
  •   Click Advanced settings and select the following:
  •   Scan potentially unwanted applications
  •   Scan for potentially unsafe applications
  •   Enable Anti-Stealth technology

 

  • Click Start. ESET will download updates, install itself, and begin scanning your computer. Please be patient as this scan could take up to a few hours to complete.
  •   Wait for the scan to finish. When the scan completes, click List of found threats.
  •   Click Export and save the file to your desktop using a unique name, such as ESETScan.
  •   Copy and paste the contents of this report in your next reply.
  •   Click the Back button.
  •   Click the Finish button.

 

CHECKLIST : In your next reply, please post the following:

  • Fixlog.txt
  • ESET Report

 



#13 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 20 November 2014 - 04:15 PM

Hello fbfbfb,

 

Pasted below is the FRST log.  I was not able to run online ESET scan.  It said it was unable to load an add-on.  Also, I am getting a lot of popups when on the internet.  I also get pages that say I have a serious virus or malware and to call a certain number.  I have been getting these the last couple of days.  Thank you,

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014

Ran by emozingo at 2014-11-19 14:44:17 Run:2

Running from C:\FRST\FRST-OlderVersion

Loaded Profile: emozingo (Available profiles: UpdatusUser & Axsium & emozingo)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

Start

CloseProcesses:

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

SearchScopes: HKCU - {A22623A1-B70E-4C2C-AC0E-93B7281CA455} URL =

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869

Toolbar: HKU\.DEFAULT -> No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

Toolbar: HKU\.DEFAULT -> No Name - {2A942AB7-2073-49BC-A7E1-77E93835889A} - No File

Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

Toolbar: HKU\.DEFAULT -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

Toolbar: HKU\.DEFAULT -> No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

Toolbar: HKU\.DEFAULT -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File

Toolbar: HKU\S-1-5-21-3117269233-1677071875-1948265523-2731 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2014-11-05 11:42 - 2012-12-03 10:28 - 00000000 ____D () C:\Program Files (x86)\SparkTrust

Hosts:

EmptyTemp:

End

*****************

Processes closed successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

HKLM => Group Policy Restriction on software restored successfully.

\\SearchScopes: HKCU - {A22623A1-B70E-4C2C-AC0E-93B7281CA455} URL = => Value not found.

\\SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869 => Value not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.

"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2A942AB7-2073-49BC-A7E1-77E93835889A} => value deleted successfully.

"HKCR\CLSID\{2A942AB7-2073-49BC-A7E1-77E93835889A}" => Key not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.

"HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}" => Key not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} => value deleted successfully.

"HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}" => Key not found.

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.

"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.

HKU\S-1-5-21-3117269233-1677071875-1948265523-2731\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

"HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully.

"HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found.

catchme => Service deleted successfully.

C:\Program Files (x86)\SparkTrust => Moved successfully.

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.

Hosts was reset successfully.

EmptyTemp: => Removed 276.2 MB temporary data.

 

The system needed a reboot.

==== End of Fixlog ====



#14 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 20 November 2014 - 10:14 PM

Hello, emozingo.
 
Do not call any number regarding virus and malware removal.
 
Try running ESET Online Scanner in Safe ModeSafe Mode often prevents malware from loading and will allow you to remove the infected files.

  • Shut off your Computer > Restart.
  • As soon as the computer starts to boot-up, tap the F8 key somewhat rapidly--this will bring up the Advanced Boot Options screen.

Advanced_Boot_Options_Win7.png

  • Use the Up and Down arrow keys to scroll up to Safe Mode with Networking.
  • Then press the Enter key on your keyboard.
  • Wait for Windows 7 Files to load.
  • Log into your account as your normally do.

Now try running ESET Online Scanner according to instructions in my previous post.



#15 emozingo

emozingo

    New Member

  • Authentic Member
  • Pip
  • 14 posts

Posted 22 November 2014 - 06:20 AM

attached is eset.txt


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users