Fishhooky
Posts: 17 +0
I am running Sophos. It keeps detecting and quarantining the Troj/Miner-AB virus but doesn't seem to be able to remove it as it keeps reappearing in the msupdate71 folder, within Temp files.
Please see below the FRST and Addition logs generated with the FRS Tool.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by pazalh (2016-04-20 13:02:31)
Running from C:\Users\pazalh\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2015-12-11 14:09:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-469656807-1525750594-2528887039-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-469656807-1525750594-2528887039-501 - Limited - Disabled)
SophosSAUPLSP640360 (S-1-5-21-469656807-1525750594-2528887039-1017 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Freeware in C:\ACD2015FREE\ (HKLM-x32\...\ACDLabs in C__ACD2015FREE_) (Version: v14.00, FREE - ACD/Labs)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\{44CF4DB9-707A-4395-839C-573FBC206CB9}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\{A6FB0BFC-1F3F-42E0-BEAB-FA139FB54812}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{315BE77E-D725-477D-9C71-63F78844363C}) (Version: 12.2.2.172 - Adobe Systems, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Configuration Manager Client (Version: 5.00.8325.1000 - Microsoft Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.5.0.9325 - Thomson Reuters)
FileOpen Client (x64) B945 (HKLM\...\{739832CC-EAFB-4E1D-A306-CE21B836AC6F}) (Version: 3.0.105.945 - FileOpen Systems, Inc.)
Google Chrome (HKLM-x32\...\{878B9925-1C43-3AED-87F6-2C2A79678CD8}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client (HKLM-x32\...\{b08e77c6-988d-429f-ac06-9a32121a361c}) (Version: 5.1.86.0 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nuance PDF Converter Enterprise 8 (HKLM\...\{FF5C2B99-E960-4945-8ED0-6F2AA6A72473}) (Version: 8.00.6215 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM-x32\...\{FF5C2B99-E960-4945-8ED0-6F2AA6A72473}) (Version: 8.00.6215 - Nuance Communications, Inc.)
Origin85new (x32 Version: 8.50.000 - OriginLab) Hidden
OriginPro 8.5 (HKLM-x32\...\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}) (Version: 8.5 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-012C-0000-0000-0000000FF1CE}_Office15.LYNC_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.6 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
Symantec Enterprise Vault Outlook Add-In 10.0.2.1210 (HKLM-x32\...\{817220AB-B36A-4AD2-A15F-D57779A8ACE7}) (Version: 10.0.9402 - Symantec Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNC_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03DA83AC-60CC-4769-91D5-E418B9E75FE7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-05] (Dropbox, Inc.)
Task: {042BD4D9-E875-46E3-97E5-26035D092B6E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3AE95B19-AA32-42B4-8B91-CEBD435D9927} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2015-10-27] (Microsoft Corporation)
Task: {43286E7E-7BB6-4725-B413-2B41FFC6F56D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {50E2D41D-B563-4857-A9A1-66698BC92A19} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {52F10E28-0DE7-4176-B3D6-386BCB7B7F3E} - System32\Tasks\Microsoft\AppV\Publishing\1_user_periodic => SyncAppvPublishingServer.exe
Task: {542F3FA2-C5E4-493B-8337-AEE0E1437B50} - System32\Tasks\Microsoft\AppV\Publishing\1_user_logon => SyncAppvPublishingServer.exe
Task: {63057DF0-5CB2-400C-BC37-7FEEA73CECBA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {74167423-3C2C-42BE-B928-4A9F2DBC818E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-05] (Dropbox, Inc.)
Task: {8C783BB4-5E8A-43C8-B2C2-F1499F33701E} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {92A9858B-F397-4CA6-91EE-D121260C9D8F} - System32\Tasks\Wednesday Lunchtime => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2016-04-14] (Sophos Limited)
Task: {95D446E6-0C18-418D-A219-9520B6597ECA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {99237475-FC8A-436E-B0F7-0973EF35444F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A3EA0CBA-78A6-486C-B3AE-212D4779B7F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {A9BFA59A-08F8-4990-86F9-CE47E88CB313} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AF39CD65-EC33-4A56-8698-6F437004A838} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-11] (Realtek Semiconductor)
Task: {C5CE8FE4-9F4E-4E26-A07B-E45D24345BDF} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Wednesday Lunchtime.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\pazalh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UoN Applications\Compilers and Development Tools\Plato FTN95\(UoN) FTN95 Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Silverfrost\FTN95\fvars.bat" /appvve:80E5DEA5-7654-44F0-82D6-22308BB1E569_9F2680B1-823D-48A8-BCB1-32A73F6650B6
==================== Loaded Modules (Whitelisted) ==============
2015-12-11 15:02 - 2014-08-12 18:57 - 00117208 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-14 15:09 - 2016-04-14 15:09 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2015-11-10 16:45 - 2015-11-10 16:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-14 15:08 - 2016-04-14 15:08 - 01276680 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 01094408 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00347400 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00465160 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00087816 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00254216 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00511752 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00059144 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00149768 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00832264 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00044808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00075016 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00069384 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00052488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2016-04-19 12:25 - 2016-04-19 12:25 - 01456128 _____ () C:\Users\pazalh\AppData\Local\Temp\mdi064.dll
2016-01-05 13:02 - 2016-03-21 22:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 00:07 - 2016-03-21 22:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-05 13:02 - 2016-03-21 22:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-01-05 13:02 - 2016-04-08 19:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-05 13:02 - 2016-03-21 22:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 00:07 - 2016-03-21 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 00:07 - 2016-03-21 22:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 00:07 - 2016-03-21 22:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 00:07 - 2016-04-08 19:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 00:07 - 2016-04-08 19:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-05 13:02 - 2016-03-21 22:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 00:07 - 2016-03-21 22:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 00:07 - 2016-03-21 22:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-01-05 13:02 - 2016-04-08 19:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-01-05 13:02 - 2016-03-21 22:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-12 00:47 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 00:47 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1664130791-3153540899-3044996548-183753\Control Panel\Desktop\\Wallpaper -> C:\Users\pazalh\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
DNS Servers: 128.243.101.123 - 128.243.101.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A0425C1F-77D1-4E4C-9307-02C4D6BF3439}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{F5DEC30A-60F6-4E3B-851B-21195B8326DC}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{1542FFE3-FACF-4647-A880-991FE7698DD2}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{018ADB05-76B2-4ABD-8517-8F8472CDB05E}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{5243DC6C-875E-4C6A-96B0-DAC2E9D48FA7}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{F24D3B49-1C33-4A2D-9CB8-82B5C8DF9D80}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{8A16E143-FB2F-43F3-8DFF-7E682C539552}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{5D04E379-6779-47F3-869C-EF62C89367C1}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{9847DFE2-69A4-47D2-BF9D-FB6B06AD11E6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2D64F819-8D3E-41CE-ABA7-AA1C6FCFD312}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E56808D7-743D-49CB-A9EB-420C2DAA7DC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7A30EA3-60D6-4626-860C-0437AC025F17}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{49FBB2DA-A363-4571-A773-6A12CF67BB8F}] => (Allow) LPort=2701
FirewallRules: [{3C25EE40-D565-4737-BE2D-39FBE71FCF25}] => (Allow) LPort=2702
FirewallRules: [{13EC3454-9546-4958-8EE6-C2297C39BEC2}] => (Allow) LPort=135
FirewallRules: [{157CDC69-0173-4C5C-91E4-53D5E7720E68}] => (Allow) LPort=445
FirewallRules: [{26CB2996-B3C5-42FA-A98A-3A8DE3B78805}] => (Allow) C:\Windows\System32\RCAgent.exe
FirewallRules: [TCP Query User{ED7CF413-8F83-41AB-8B36-0581953B0BA3}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [UDP Query User{A6D2A8AE-CAF9-4062-B8A6-695F3D198E68}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [{00C78A98-7338-4E1C-94D2-A8C54686D685}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6B4C9A17-39DD-44E4-AF3D-597366C4E4EC}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{AF9C7F14-01D6-4660-90C7-07A69129BF86}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [TCP Query User{BC92A79F-79FD-41D2-8223-DAF42176A936}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{4DE77930-3319-4F2E-B487-14D370D054AE}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [{D6BC69DB-52C8-4FFE-90F4-66D2BBE9CD3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91AF5BB3-3622-4362-943E-70E6A05C46FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1F2A33B-52B4-4A8F-8116-E347238A085C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1941AD96-F941-4BF6-BD48-2CEB9096AA88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BC80CB6-5C2E-4046-8F9C-80D2247CC66D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{074B695B-222B-4404-BAFC-733F183202A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B51959CF-4857-42C2-BC70-AD80A5E4906F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E26636D8-306A-47DC-BA44-0184A3FC17DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC6D47DD-B691-4EE2-958D-B8EFAA0511A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BC1A60B-436F-49F1-983C-4CE38FEEEA5A}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{415045B2-6B16-452D-8A32-44670BC14E5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26E62147-8018-4EE6-B84D-3A87F51B6B5F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2016 12:52:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 12:50:19 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
Error: (04/20/2016 12:47:32 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 12:45:49 PM) (Source: Sophos Anti-Virus) (EventID: 1) (User: NT AUTHORITY)
Description: Failed to connect to the on-access driver (0x80070002).
Error: (04/20/2016 12:43:38 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
Error: (04/20/2016 12:38:46 PM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT AUTHORITY)
Description: Scanning "Boot record, drive V:" returned SAV Interface error 0xa0040210: The file could not be accessed.
Error: (04/20/2016 10:44:27 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=318:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
Error: (04/20/2016 10:41:28 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=18C4:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
Error: (04/20/2016 10:40:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 10:38:28 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=CCC:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
System errors:
=============
Error: (04/20/2016 12:50:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (04/20/2016 12:50:17 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain AD due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (04/20/2016 12:45:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-01-05 11:52:51.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz
Percentage of memory in use: 12%
Total physical RAM: 32666.28 MB
Available physical RAM: 28745.23 MB
Total Virtual: 65330.75 MB
Available Virtual: 61042.66 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:235.74 GB) (Free:22.86 GB) NTFS
Drive d: (Data2) (Fixed) (Total:931.39 GB) (Free:931.17 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1230.41 GB) NTFS
Drive f: (Adobe Illustrator CS4) (CDROM) (Total:1.67 GB) (Free:0 GB) UDF
Drive r: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive s: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive x: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive z: (Users03 (S-Data03)) (Network) (Total:4 GB) (Free:0.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 5A8C3D56)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=235.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24 MB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BC22DE41)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 41044509)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Please see below the FRST and Addition logs generated with the FRS Tool.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by pazalh (2016-04-20 13:02:31)
Running from C:\Users\pazalh\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2015-12-11 14:09:50)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-469656807-1525750594-2528887039-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-469656807-1525750594-2528887039-501 - Limited - Disabled)
SophosSAUPLSP640360 (S-1-5-21-469656807-1525750594-2528887039-1017 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ACD/Labs Freeware in C:\ACD2015FREE\ (HKLM-x32\...\ACDLabs in C__ACD2015FREE_) (Version: v14.00, FREE - ACD/Labs)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\{44CF4DB9-707A-4395-839C-573FBC206CB9}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\{A6FB0BFC-1F3F-42E0-BEAB-FA139FB54812}) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\{315BE77E-D725-477D-9C71-63F78844363C}) (Version: 12.2.2.172 - Adobe Systems, Inc)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Configuration Manager Client (Version: 5.00.8325.1000 - Microsoft Corporation) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.5.0.9325 - Thomson Reuters)
FileOpen Client (x64) B945 (HKLM\...\{739832CC-EAFB-4E1D-A306-CE21B836AC6F}) (Version: 3.0.105.945 - FileOpen Systems, Inc.)
Google Chrome (HKLM-x32\...\{878B9925-1C43-3AED-87F6-2C2A79678CD8}) (Version: 49.0.2623.112 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 7 Update 9 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417009FF}) (Version: 7.0.90 - Oracle)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MATLAB R2015b (HKLM\...\Matlab R2015b) (Version: 8.6 - MathWorks)
Metric Collection SDK (x32 Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client (HKLM-x32\...\{b08e77c6-988d-429f-ac06-9a32121a361c}) (Version: 5.1.86.0 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{8D00DBC4-DEB4-4910-9D7C-30A5C6898195}) (Version: 4.6.3.24870 - Microsoft Corporation)
Microsoft Lync 2013 (HKLM-x32\...\Office15.LYNC) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nuance PDF Converter Enterprise 8 (HKLM\...\{FF5C2B99-E960-4945-8ED0-6F2AA6A72473}) (Version: 8.00.6215 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 8 (HKLM-x32\...\{FF5C2B99-E960-4945-8ED0-6F2AA6A72473}) (Version: 8.00.6215 - Nuance Communications, Inc.)
Origin85new (x32 Version: 8.50.000 - OriginLab) Hidden
OriginPro 8.5 (HKLM-x32\...\{E0E49070-F2C7-402A-9D36-C9B87CA2E09D}) (Version: 8.5 - OriginLab Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version: - Thomson Reuters)
Scansoft PDF Professional (x32 Version: - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition (HKLM-x32\...\{90150000-012C-0000-0000-0000000FF1CE}_Office15.LYNC_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM-x32\...\{09863DA9-7A9B-4430-9561-E04D178D7017}) (Version: 10.6.3.537 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{BCF53039-A7FC-4C79-A3E3-437AE28FD918}) (Version: 5.2.0.276 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{66967E5F-43E8-4402-87A4-04685EE5C2CB}) (Version: 1.2.2.50 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.6 - Sophos Limited)
Sophos System Protection (HKLM-x32\...\{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6}) (Version: 1.3.0 - Sophos Limited)
Symantec Enterprise Vault Outlook Add-In 10.0.2.1210 (HKLM-x32\...\{817220AB-B36A-4AD2-A15F-D57779A8ACE7}) (Version: 10.0.9402 - Symantec Corporation)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.LYNC_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version: - Microsoft)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03DA83AC-60CC-4769-91D5-E418B9E75FE7} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-05] (Dropbox, Inc.)
Task: {042BD4D9-E875-46E3-97E5-26035D092B6E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {3AE95B19-AA32-42B4-8B91-CEBD435D9927} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2015-10-27] (Microsoft Corporation)
Task: {43286E7E-7BB6-4725-B413-2B41FFC6F56D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {50E2D41D-B563-4857-A9A1-66698BC92A19} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-11] (Adobe Systems Incorporated)
Task: {52F10E28-0DE7-4176-B3D6-386BCB7B7F3E} - System32\Tasks\Microsoft\AppV\Publishing\1_user_periodic => SyncAppvPublishingServer.exe
Task: {542F3FA2-C5E4-493B-8337-AEE0E1437B50} - System32\Tasks\Microsoft\AppV\Publishing\1_user_logon => SyncAppvPublishingServer.exe
Task: {63057DF0-5CB2-400C-BC37-7FEEA73CECBA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {74167423-3C2C-42BE-B928-4A9F2DBC818E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-05] (Dropbox, Inc.)
Task: {8C783BB4-5E8A-43C8-B2C2-F1499F33701E} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15] (Realtek Semiconductor)
Task: {92A9858B-F397-4CA6-91EE-D121260C9D8F} - System32\Tasks\Wednesday Lunchtime => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2016-04-14] (Sophos Limited)
Task: {95D446E6-0C18-418D-A219-9520B6597ECA} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {99237475-FC8A-436E-B0F7-0973EF35444F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {A3EA0CBA-78A6-486C-B3AE-212D4779B7F7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-11] (Google Inc.)
Task: {A9BFA59A-08F8-4990-86F9-CE47E88CB313} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AF39CD65-EC33-4A56-8698-6F437004A838} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-11] (Realtek Semiconductor)
Task: {C5CE8FE4-9F4E-4E26-A07B-E45D24345BDF} - System32\Tasks\MATLAB R2015b Startup Accelerator => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe [2015-07-30] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2015b Startup Accelerator.job => C:\Program Files\MATLAB\R2015b\bin\win64\MATLABStartupAccelerator.exe
Task: C:\WINDOWS\Tasks\Wednesday Lunchtime.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\pazalh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UoN Applications\Compilers and Development Tools\Plato FTN95\(UoN) FTN95 Command Prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\Silverfrost\FTN95\fvars.bat" /appvve:80E5DEA5-7654-44F0-82D6-22308BB1E569_9F2680B1-823D-48A8-BCB1-32A73F6650B6
==================== Loaded Modules (Whitelisted) ==============
2015-12-11 15:02 - 2014-08-12 18:57 - 00117208 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-14 15:09 - 2016-04-14 15:09 - 00233608 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\http.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00140696 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ip.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00119344 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\ipv6.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00076704 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\portmap.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00165000 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\tcp.plg
2016-04-14 15:09 - 2016-04-14 15:09 - 00148440 _____ () C:\Program Files\Sophos\Sophos Network Threat Protection\bin\plugins\udp.plg
2015-11-10 16:45 - 2015-11-10 16:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2016-04-14 15:08 - 2016-04-14 15:08 - 01276680 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 01094408 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00347400 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00465160 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_AnyTypeCode.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00087816 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00254216 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00511752 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00059144 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_CodecFactory.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00149768 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00832264 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00044808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Svc_Utils.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00075016 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00069384 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PI_Server.dll
2016-04-14 15:08 - 2016-04-14 15:08 - 00052488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Codeset.dll
2016-04-19 12:25 - 2016-04-19 12:25 - 01456128 _____ () C:\Users\pazalh\AppData\Local\Temp\mdi064.dll
2016-01-05 13:02 - 2016-03-21 22:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-15 00:07 - 2016-03-21 22:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-05 13:02 - 2016-03-21 22:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-01-05 13:02 - 2016-04-08 19:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-05 13:02 - 2016-03-21 22:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-15 00:07 - 2016-03-21 22:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-01-05 13:02 - 2016-04-08 19:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-01-05 13:02 - 2016-03-21 22:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-15 00:07 - 2016-03-21 22:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-15 00:07 - 2016-03-21 22:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-15 00:07 - 2016-03-21 22:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-15 00:07 - 2016-04-08 19:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-05 13:02 - 2016-03-21 22:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 05:22 - 2016-04-08 19:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-15 00:07 - 2016-04-08 19:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-15 00:07 - 2016-04-08 19:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-05 13:02 - 2016-03-21 22:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-15 00:07 - 2016-03-21 22:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-15 00:07 - 2016-03-21 22:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-01-05 13:02 - 2016-04-08 19:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-04-15 00:07 - 2016-04-08 19:20 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-01-05 13:02 - 2016-03-21 22:56 - 00697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-04-12 00:47 - 2016-04-06 11:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll
2016-04-12 00:47 - 2016-04-06 11:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1664130791-3153540899-3044996548-183753\Control Panel\Desktop\\Wallpaper -> C:\Users\pazalh\AppData\Local\Realtime Soft\UltraMon\UltraMon Wallpaper.bmp
DNS Servers: 128.243.101.123 - 128.243.101.135
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A0425C1F-77D1-4E4C-9307-02C4D6BF3439}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{F5DEC30A-60F6-4E3B-851B-21195B8326DC}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PDFRouter.exe
FirewallRules: [{1542FFE3-FACF-4647-A880-991FE7698DD2}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{018ADB05-76B2-4ABD-8517-8F8472CDB05E}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\PdfPro8Hook.exe
FirewallRules: [{5243DC6C-875E-4C6A-96B0-DAC2E9D48FA7}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{F24D3B49-1C33-4A2D-9CB8-82B5C8DF9D80}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GPDFDirect.exe
FirewallRules: [{8A16E143-FB2F-43F3-8DFF-7E682C539552}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{5D04E379-6779-47F3-869C-EF62C89367C1}] => (Allow) C:\Program Files (x86)\Nuance\PDF Professional 8\bin\GaaihoDoc.exe
FirewallRules: [{9847DFE2-69A4-47D2-BF9D-FB6B06AD11E6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{2D64F819-8D3E-41CE-ABA7-AA1C6FCFD312}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E56808D7-743D-49CB-A9EB-420C2DAA7DC4}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D7A30EA3-60D6-4626-860C-0437AC025F17}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{49FBB2DA-A363-4571-A773-6A12CF67BB8F}] => (Allow) LPort=2701
FirewallRules: [{3C25EE40-D565-4737-BE2D-39FBE71FCF25}] => (Allow) LPort=2702
FirewallRules: [{13EC3454-9546-4958-8EE6-C2297C39BEC2}] => (Allow) LPort=135
FirewallRules: [{157CDC69-0173-4C5C-91E4-53D5E7720E68}] => (Allow) LPort=445
FirewallRules: [{26CB2996-B3C5-42FA-A98A-3A8DE3B78805}] => (Allow) C:\Windows\System32\RCAgent.exe
FirewallRules: [TCP Query User{ED7CF413-8F83-41AB-8B36-0581953B0BA3}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [UDP Query User{A6D2A8AE-CAF9-4062-B8A6-695F3D198E68}C:\program files (x86)\microsoft office\office14\outlook.exe] => (Block) C:\program files (x86)\microsoft office\office14\outlook.exe
FirewallRules: [{00C78A98-7338-4E1C-94D2-A8C54686D685}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{6B4C9A17-39DD-44E4-AF3D-597366C4E4EC}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [UDP Query User{AF9C7F14-01D6-4660-90C7-07A69129BF86}C:\program files\imagej\imagej.exe] => (Allow) C:\program files\imagej\imagej.exe
FirewallRules: [TCP Query User{BC92A79F-79FD-41D2-8223-DAF42176A936}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{4DE77930-3319-4F2E-B487-14D370D054AE}C:\program files\matlab\r2015b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2015b\bin\win64\matlab.exe
FirewallRules: [{D6BC69DB-52C8-4FFE-90F4-66D2BBE9CD3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{91AF5BB3-3622-4362-943E-70E6A05C46FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1F2A33B-52B4-4A8F-8116-E347238A085C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1941AD96-F941-4BF6-BD48-2CEB9096AA88}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BC80CB6-5C2E-4046-8F9C-80D2247CC66D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{074B695B-222B-4404-BAFC-733F183202A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B51959CF-4857-42C2-BC70-AD80A5E4906F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E26636D8-306A-47DC-BA44-0184A3FC17DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC6D47DD-B691-4EE2-958D-B8EFAA0511A6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2BC1A60B-436F-49F1-983C-4CE38FEEEA5A}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{415045B2-6B16-452D-8A32-44670BC14E5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{26E62147-8018-4EE6-B84D-3A87F51B6B5F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/20/2016 12:52:00 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 12:50:19 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
Error: (04/20/2016 12:47:32 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 12:45:49 PM) (Source: Sophos Anti-Virus) (EventID: 1) (User: NT AUTHORITY)
Description: Failed to connect to the on-access driver (0x80070002).
Error: (04/20/2016 12:43:38 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
Error: (04/20/2016 12:38:46 PM) (Source: Sophos Anti-Virus) (EventID: 9) (User: NT AUTHORITY)
Description: Scanning "Boot record, drive V:" returned SAV Interface error 0xa0040210: The file could not be accessed.
Error: (04/20/2016 10:44:27 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=318:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
Error: (04/20/2016 10:41:28 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=18C4:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
Error: (04/20/2016 10:40:07 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (04/20/2016 10:38:28 AM) (Source: Application Virtualization Client) (EventID: 3131) (User: )
Description: {tid=CCC:usr=Administrator}
Failure on Desktop Configuration Server request to URL {rtsp://appv.nottingham.ac.uk:554/} with header {Host: appv.nottingham.ac.uk
Content-Type: text/xml
AppV-Op: Refresh
} (rc 1690900A-00002002).
System errors:
=============
Error: (04/20/2016 12:50:18 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (04/20/2016 12:50:17 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain AD due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (04/20/2016 12:45:56 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (04/20/2016 12:45:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
CodeIntegrity:
===================================
Date: 2016-01-05 11:52:51.421
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz
Percentage of memory in use: 12%
Total physical RAM: 32666.28 MB
Available physical RAM: 28745.23 MB
Total Virtual: 65330.75 MB
Available Virtual: 61042.66 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:235.74 GB) (Free:22.86 GB) NTFS
Drive d: (Data2) (Fixed) (Total:931.39 GB) (Free:931.17 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1230.41 GB) NTFS
Drive f: (Adobe Illustrator CS4) (CDROM) (Total:1.67 GB) (Free:0 GB) UDF
Drive r: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive s: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive x: (UIWDCUPK05_D) (Network) (Total:84.7 GB) (Free:75.59 GB) NTFS
Drive z: (Users03 (S-Data03)) (Network) (Total:4 GB) (Free:0.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 5A8C3D56)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=235.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=24 MB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: BC22DE41)
Partition: GPT.
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 41044509)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================