Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple DLLHOST.EXE


  • This topic is locked This topic is locked
6 replies to this topic

#1 Sevastopol1

Sevastopol1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 July 2014 - 08:59 AM

Hello and thanks for your help in advance.

 

I have tried running various anti-malware software, cleaners, etc but issue keep reappearing.

 

Symptoms include the multiple instances of dllhost.exe that consume memory and slow computer.

 

 

Here is the DDS log.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502
Run by cfeist at 9:33:36 on 2014-07-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3317.2276 [GMT -4:00]
.
AV: Trend Micro Security Agent *Enabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Trend Micro Security Agent Anti-spyware *Enabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Enabled* {49A8346C-6900-54B6-B1B3-5F678736DDE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\System32\vds.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe
C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\security agent\TmIEPlg.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: LocalAccountTokenFilterPolicy = dword:1
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1A1F0774-EDE6-4255-A411-B2A730D6A6DD} - hxxp://raiseinstall.rockwellautomation.com/ecadworks-full/setup.exe
DPF: {8157E81A-275D-4BE8-A7A9-E36E62DF9C68} - hxxps://eta-nm:4343/SMB/console/html/root/AtxEnc.cab?ver=19,0,0,1384
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {AFD262A2-9495-44DE-B08A-D721B0D0D767} - hxxps://filetransfer.fanucrobotics.com/COM/MOVEitUploadWizard7.5.1.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://vnc.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
TCP: NameServer = 192.168.15.1
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092} : DHCPNameServer = 192.168.15.1
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092}\14E6765737F53534 : DHCPNameServer = 10.90.201.11 10.93.200.11
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092}\254455F575966496 : DHCPNameServer = 8.8.8.8 4.2.2.1
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092}\34C445E45445 : DHCPNameServer = 8.8.8.8 209.244.0.3
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092}\3666569637472E08993702960586F6E656 : DHCPNameServer = 198.224.182.135 198.224.183.135
TCP: Interfaces\{45D362A9-55BC-40DD-B9DE-929AB549C092}\441697370294E6E60253 : DHCPNameServer = 24.25.5.60 24.25.5.61
TCP: Interfaces\{8202CD41-D8BD-4B61-8C4E-0BA554A48003} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{F11A0848-5319-4692-A878-6B4236789E3F} : DHCPNameServer = 198.224.182.135 198.224.183.135
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\security agent\TmIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: keprest - c:\users\cfeist\appdata\local\keprest.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-6-21 20328]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2011-7-8 17648]
R2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\skype\toolbars\autoupdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1945088]
R2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\skype\toolbars\pnrsvc\SkypeC2CPNRSvc.exe [2014-4-11 2318336]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\sonicwall\sonicwall global vpn client\SWGVCSvc.exe [2009-3-6 787968]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2014-1-23 64264]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\security agent\TmXpflt.sys [2013-8-14 263968]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\security agent\TmPreflt.sys [2013-8-14 36128]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2011-6-21 43888]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-7-13 144576]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-8-24 33832]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-12-21 7434240]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-1-4 62440]
S1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [2011-7-13 87064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 692736]
S2 mksvirmonsvc;Proxyserverservice;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
S2 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-11 1902080]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2011-7-13 134144]
S3 MHIKEY10;MHIKEY10;c:\windows\system32\drivers\MHIKEY10.sys [2010-10-1 52096]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-9 14848]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [2010-9-24 155440]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [2009-3-4 21016]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-9 49664]
S4 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]
S4 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2011-11-11 813568]
S4 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\rockwell software\factorytalk activation\lmgrd.exe [2012-12-12 1407312]
S4 FANUC Robotics Motion Server;FANUC Robotics Motion Server;c:\program files\fanuc\roboguide\bin\FRMotionServer.exe [2011-8-4 14336]
S4 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\rockwell software\factorytalk activation\tools\FTActivationBoost.exe [2013-4-22 145744]
S4 MPDataFilesService;FANUC Robotics Data Service;c:\program files\fanuc\roboguide\bin\MPDataFilesService.exe [2011-8-4 35840]
S4 NmspHost;Rockwell Namespace Services;c:\program files\common files\rockwell\NmspHost.exe [2011-11-11 787456]
S4 RdcyHost;Rockwell Redundancy Services;c:\program files\common files\rockwell\RdcyHost.exe [2011-11-11 787456]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-7-25 162672]
S4 TmCCSF;Trend Micro Common Client Solution Framework;c:\program files\trend micro\security agent\ccsf\TmCCSF.exe [2014-2-17 1153024]
S4 TmProxy;Trend Micro Security Agent NT Proxy Service;c:\program files\trend micro\security agent\TmProxy.exe [2014-1-22 1257472]
S4 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2012-1-26 593920]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
ShellExec: acad.exe: open="c:\program files\autodesk\autocad 2013\acad.exe"
.
=============== Created Last 30 ================
.
2014-07-21 13:10:49 94 ----a-w- c:\users\cfeist\appdata\local\wsr31zt32.dll
2014-07-21 12:46:14 177164 ----a-w- c:\users\cfeist\appdata\local\dfl31z32.dll
2014-07-21 11:01:45 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-21 03:34:07 -------- d-----w- c:\users\cfeist\appdata\local\temp
2014-07-21 01:11:45 -------- d-s---w- C:\ComboFix
2014-07-21 00:41:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-07-20 21:53:04 -------- d-----w- c:\program files\NT Registry Optimizer
2014-07-20 20:56:52 -------- d-----w- C:\reimage repair
2014-07-20 18:42:25 -------- d-----w- C:\mbam rootkit
2014-07-18 17:24:50 -------- d-----w- C:\take ownership
2014-07-18 13:43:27 219648 ----a-w- c:\windows\system32\fsquirt.exe
2014-07-18 13:01:38 -------- d-----w- c:\program files\CCleaner
2014-07-18 03:48:12 -------- d-----w- C:\ProcessMonitor
2014-07-18 01:37:46 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-18 01:37:35 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-18 01:37:35 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-18 01:37:35 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-18 01:37:34 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-07-16 17:32:58 -------- d-----w- c:\programdata\Package Cache
2014-07-16 15:49:06 -------- d-----w- C:\mbam
2014-07-16 01:43:43 -------- d-----w- c:\users\cfeist\appdata\roaming\Inxeom
2014-07-16 01:43:43 -------- d-----w- c:\users\cfeist\appdata\roaming\Hulou
2014-06-27 18:41:22 48128 ----a-w- c:\windows\system32\FRUserAppSettings.dll
2014-06-27 18:36:22 -------- d-----w- C:\ipendant controls 8.30
2014-06-26 12:21:31 -------- d-----w- c:\users\cfeist\appdata\roaming\NVIDIA
.
==================== Find3M  ====================
.
2014-07-21 12:40:40 1023488 ----a-w- c:\windows\system32\vds.exe
2014-07-21 12:31:59 886784 ----a-w- c:\windows\system32\spoolsv.exe
2014-07-21 11:02:22 1769984 ----a-w- c:\windows\system32\wbengine.exe
2014-07-21 11:02:20 643584 ----a-w- c:\windows\system32\msiexec.exe
2014-07-21 03:37:34 995328 ----a-w- c:\windows\system32\SearchIndexer.exe
2014-07-21 03:37:33 1595392 ----a-w- c:\windows\system32\VSSVC.exe
2014-07-21 03:37:30 3748352 ----a-w- c:\windows\system32\sppsvc.exe
2014-07-21 03:37:23 1090048 ----a-w- c:\windows\system32\FXSSVC.exe
2014-07-20 09:25:12 608256 ----a-w- c:\windows\system32\wlrmdr.exe
2014-07-20 09:24:57 624128 ----a-w- c:\windows\system32\wermgr.exe
2014-07-20 09:24:34 646144 ----a-w- c:\windows\system32\wbem\WinMgmt.exe
2014-07-20 09:24:25 588288 ----a-w- c:\windows\system32\vdsldr.exe
2014-07-20 09:23:01 589312 ----a-w- c:\windows\system32\sdbinst.exe
2014-07-20 09:22:46 584192 ----a-w- c:\windows\system32\rasautou.exe
2014-07-20 09:22:42 629248 ----a-w- c:\windows\system32\printui.exe
2014-07-20 09:22:26 1094656 ----a-w- c:\windows\system32\ntvdm.exe
2014-07-20 09:22:23 647168 ----a-w- c:\windows\system32\newdev.exe
2014-07-20 09:22:18 645632 ----a-w- c:\windows\system32\ndadmin.exe
2014-07-20 09:22:07 582144 ----a-w- c:\windows\system32\mpnotify.exe
2014-07-20 09:21:29 613376 ----a-w- c:\windows\system32\lodctr.exe
2014-07-20 09:21:07 635392 ----a-w- c:\windows\system32\hdwwiz.exe
2014-07-20 09:20:56 622592 ----a-w- c:\windows\system32\expand.exe
2014-07-20 09:20:17 820224 ----a-w- c:\windows\system32\drvinst.exe
2014-07-20 09:15:59 617472 ----a-w- c:\windows\system32\csrstub.exe
2014-07-20 09:14:08 637952 ----a-w- c:\windows\system32\CertEnrollCtrl.exe
2014-07-20 09:14:02 584192 ----a-w- c:\windows\system32\bridgeunattend.exe
2014-07-20 09:13:58 626176 ----a-w- c:\windows\system32\AxInstUI.exe
2014-07-20 09:13:57 620544 ----a-w- c:\windows\system32\auditpol.exe
2014-07-20 08:57:07 584192 ----a-w- c:\windows\hh.exe
2014-07-18 13:53:49 603136 ----a-w- c:\windows\system32\UI0Detect.exe
2014-07-13 14:36:34 1261056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 01:31:23 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-06-25 20:46:17 1201664 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-01 22:28:52 876032 ----a-w- c:\windows\WLXPGSS.SCR
2010-11-10 16:30:58 264 ----a-w- c:\program files\Baan.bat
.
============= FINISH:  9:34:21.20 ===============
 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 21 July 2014 - 09:13 AM

Hi there,

I fear that you've been hit by Expiro, a file infector (among other malware).
Let's check that:


Step 1

Please visit VirusTotal and scan a file as follows:
  • Click on Choose File.
  • Copy and paste the following into the file name textbox:
    c:\windows\system32\spoolsv.exe
    and click Open.
  • Now hit the Scan it! button on the website to scan the selected file.
  • If you get the message

    File already analysed - This file was last analyse by VirusTotal on ....

    then click on Reanalyse!
  • Wait until the scan has finished.
  • Copy the URL from your browsers address bar and paste it in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Sevastopol1

Sevastopol1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 July 2014 - 09:25 AM

URL from VirusTotal

 

https://www.virustotal.com/en/file/8905ad909bdc5da3f2868278c449feab969ba084de527fd39973318f8d1bbb25/analysis/1405952268/

 

Logs from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by cfeist (administrator) on ETA-CFEIST on 21-07-2014 10:21:39
Running from C:\Users\cfeist\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Rockwell Automation, Inc.) C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(FANUC) C:\Program Files\FANUC\ROBOGUIDE\bin\RGCore.exe
() C:\Program Files\FANUC\Shared\Robot Server\FRRobotNeighborhood.exe
() C:\Program Files\FANUC\Shared\Off Line\FRVRC\frvirtual.exe
(FANUC Robotics North America, Inc.) C:\Program Files\FANUC\Shared\Robot Server\frrobot.exe
(FANUC) C:\Program Files\FANUC\ROBOGUIDE\bin\RGCore.exe
() C:\Program Files\FANUC\Shared\Off Line\FRVRC\frvirtual.exe
(FANUC Robotics North America, Inc.) C:\Program Files\FANUC\Shared\Robot Server\frrobot.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\keprest: C:\Users\cfeist\AppData\Local\keprest.dll [X]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-719028502-870836700-907948943-1146\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-719028502-870836700-907948943-1146\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplica (the data entry has 289 more characters). <==== Poweliks!
Startup: C:\Users\etadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mxeeiy.lnk
ShortcutTarget: mxeeiy.lnk -> C:\Users\etadmin\AppData\Roaming\Microsoft\Mxeeiy\mxeeiy.exe (Корпорация Майкрософт)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x469FA930AA45CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323224&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA80F26F3-2C5A-4FD1-9AF2-C68FDC7BBA33&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3323224&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA80F26F3-2C5A-4FD1-9AF2-C68FDC7BBA33&q={searchTerms}&SSPV=
SearchScopes: HKCU - {495B2EB6-F577-490B-BF99-9A0D1BBEA314} URL = http://www.google.com/search?q={searchTerms}
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1A1F0774-EDE6-4255-A411-B2A730D6A6DD} http://raiseinstall.rockwellautomation.com/ecadworks-full/setup.exe
DPF: {8157E81A-275D-4BE8-A7A9-E36E62DF9C68} https://eta-nm:4343/SMB/console/html/root/AtxEnc.cab?ver=19,0,0,1384
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {AFD262A2-9495-44DE-B08A-D721B0D0D767} https://filetransfer.fanucrobotics.com/COM/MOVEitUploadWizard7.5.1.ocx
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://vnc.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} https://download.rockwellautomation.com/plugins/rockwell.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Security Agent\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Tcpip\..\Interfaces\{8202CD41-D8BD-4B61-8C4E-0BA554A48003}: [NameServer]208.69.150.252,208.69.150.250

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=2.0.7.35 - C:\Program Files\NOS\bin\nprockwell.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\cfeist\AppData\Local\Citrix\Plugins\79\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-12-13]
FF HKLM\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\Security Agent\FirefoxExtension [2014-07-16]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3323224&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPA80F26F3-2C5A-4FD1-9AF2-C68FDC7BBA33&SSPV=
CHR StartupUrls: "hxxp://search.conduit.com/?ctid=CT3323224&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPA80F26F3-2C5A-4FD1-9AF2-C68FDC7BBA33&SSPV="
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://search.conduit.com/Results.aspx?ctid=CT3323224&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPA80F26F3-2C5A-4FD1-9AF2-C68FDC7BBA33&q={searchTerms}&SSPV=
CHR Extension: (YouTube) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-28]
CHR Extension: (Google Search) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-28]
CHR Extension: (Skype Click to Call) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-11-22]
CHR Extension: (cwwogwaoa) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdgkfajodaliacghnafobjnclblcfmlm [2014-01-28]
CHR Extension: (RelevantKnowledge) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2014-01-25]
CHR Extension: (Google Wallet) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-22]
CHR Extension: (Gmail) - C:\Users\cfeist\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [824320 2014-07-08] (Adobe Systems Incorporated) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [629248 2014-01-28] (Microsoft Corporation) [File not signed]
S4 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [618496 2014-02-02] (Apple Inc.) [File not signed]
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [596480 2014-01-28] (Microsoft Corporation) [File not signed]
S4 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S4 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [955392 2014-02-03] (Apple Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1945088 2014-05-07] (Microsoft Corporation) [File not signed]
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2318336 2014-05-07] (Microsoft Corporation) [File not signed]
S3 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [627712 2014-01-28] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [692736 2014-01-28] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\system32\dllhost.exe [576000 2014-01-28] (Microsoft Corporation) [File not signed]
S4 dnWhoDisp; C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe [663552 2014-01-28] (Rockwell Automation, Inc.) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [1123840 2014-07-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [664576 2014-01-28] (Microsoft Corporation) [File not signed]
S4 EventClientMultiplexer; C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe [900608 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 EventServer; C:\Program Files\Common Files\Rockwell\EventServer.exe [813568 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 FactoryTalk Activation Service; C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1407312 2012-12-12] (Flexera Software, Inc.)
S4 FANUC Robotics Motion Server; C:\Program Files\FANUC\ROBOGUIDE\bin\FRMotionServer.exe [14336 2013-08-11] (FANUC Robotics America) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [1090048 2014-07-20] (Microsoft Corporation) [File not signed]
S4 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1609728 2014-01-28] (Flexera Software, Inc.) [File not signed]
S4 FTActivationBoost; C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [145744 2013-04-22] (Rockwell Automation, Inc.)
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [698880 2014-01-28] (Google Inc.) [File not signed]
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [698880 2014-01-28] (Google Inc.) [File not signed]
S4 Harmony; C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE [790528 2014-02-14] (Rockwell Automation, Inc.) [File not signed]
S4 HP Port Resolver; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE [651264 2014-01-28] (Hewlett-Packard Company) [File not signed]
S4 HP Status Server; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE [643072 2014-01-28] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [643072 2014-02-14] (Macrovision Corporation) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [1441792 2014-07-21] (Microsoft Corporation) [File not signed]
S4 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [1115136 2014-01-29] (Apple Inc.) [File not signed]
S4 MPDataFilesService; C:\Program Files\FANUC\ROBOGUIDE\bin\MPDataFilesService.exe [35840 2013-08-11] (FANUCRobotics) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [704512 2014-01-28] (Microsoft Corporation) [File not signed]
S2 msiserver; C:\Windows\System32\msiexec.exe [643584 2014-07-21] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S4 NmspHost; C:\Program Files\Common Files\Rockwell\NmspHost.exe [787456 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 ntrtscan; C:\Program Files\Trend Micro\Security Agent\ntrtscan.exe [3055616 2014-07-16] (Trend Micro Inc.) [File not signed]
S4 NVSvc; C:\Windows\system32\nvvsvc.exe [1201664 2014-06-25] (NVIDIA Corporation) [File not signed]
S4 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)
S4 OpcEnum; C:\Windows\system32\OpcEnum.exe [667648 2014-01-28] (OPC Foundation) [File not signed]
S2 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [711168 2014-01-28] (Microsoft Corporation) [File not signed]
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5201408 2014-01-28] (Microsoft Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
S4 RdcyHost; C:\Program Files\Common Files\Rockwell\RdcyHost.exe [787456 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 RNADiagnosticsService; C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe [32440 2012-12-20] (Rockwell Automation Inc.)
S4 RNADiagReceiver; C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe [803840 2014-02-05] (Rockwell Automation, Inc.) [File not signed]
S4 RNADirectory; C:\Program Files\Common Files\Rockwell\RnaDirServer.exe [1519616 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 RNADirMultiplexor; C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe [1641472 2014-02-15] (Rockwell Automation, Inc.) [File not signed]
S4 RSLinx; C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE [2560000 2014-01-28] (Rockwell Automation, Inc.) [File not signed]
S4 RsvcHost; C:\Program Files\Common Files\Rockwell\RsvcHost.exe [787456 2014-07-18] (Rockwell Automation, Inc.) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [581120 2014-01-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [886784 2014-07-21] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3748352 2014-07-20] (Microsoft Corporation) [File not signed]
R2 SWGVCSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [787968 2014-02-04] (SonicWALL, Inc.) [File not signed]
S4 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [909312 2014-07-16] (Trend Micro Inc.) [File not signed]
S4 TmCCSF; C:\Program Files\Trend Micro\Security Agent\CCSF\TmCCSF.exe [1153024 2014-07-16] (Trend Micro Inc.) [File not signed]
S4 tmlisten; C:\Program Files\Trend Micro\Security Agent\tmlisten.exe [3166208 2014-07-16] (Trend Micro Inc.) [File not signed]
S4 TmProxy; C:\Program Files\Trend Micro\Security Agent\TmProxy.exe [1257472 2014-07-16] (Trend Micro Inc.) [File not signed]
R2 UI0Detect; C:\Windows\system32\UI0Detect.exe [603136 2014-07-18] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [1023488 2014-07-21] (Microsoft Corporation) [File not signed]
S4 Viewpoint Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [593920 2014-02-04] (Viewpoint Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1595392 2014-07-20] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1902080 2014-01-28] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1769984 2014-07-21] (Microsoft Corporation) [File not signed]
R2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2275840 2014-05-02] (Microsoft Corp.) [File not signed]
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [707072 2014-01-28] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1690112 2014-01-28] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [995328 2014-07-20] (Microsoft Corporation) [File not signed]
S2 amfilter; %systemroot%\system32\GT891x.dll [X]
S2 Atmuni; %systemroot%\system32\twdns.dll [X]
S2 bb-run; %systemroot%\system32\cics.region1.dll [X]
S2 DVDVRRdr_xp; %systemroot%\system32\Sntnlusb.dll [X]
S2 hpqwmiex; %systemroot%\system32\VX3000.dll [X]
S2 hSONYPVh; %systemroot%\system32\DELL_A02.dll [X]
S2 LC7981; %systemroot%\system32\iolodmv.dll [X]
S2 mksvirmonsvc; %systemroot%\system32\oracle_load_balancer_60_client-forms6i.dll [X]
S2 mps9; %systemroot%\system32\incdrec.dll [X]
S2 NICSer_WPC300N; %systemroot%\system32\avp.dll [X]
S2 ntiopnp; %systemroot%\system32\tdtcp.dll [X]
S2 p1131vid; %systemroot%\system32\CnxTrLan.dll [X]
S2 Packet; %systemroot%\system32\mssql$microsoftsmlbiz.dll [X]
S2 prodrv06; %systemroot%\system32\pgfilter.dll [X]
S2 Rawwan; %systemroot%\system32\uleadburninghelper.dll [X]
S2 RTL8169; %systemroot%\system32\k56.dll [X]
S2 SE27mgmt; %systemroot%\system32\SQLAgent$MICROSOFTBCM.dll [X]
S4 SE2Cmdfl;  [X]
S2 sscdbus; %systemroot%\system32\iolo_srv.dll [X]
S2 ss_bus; %systemroot%\system32\ISAMSvc.dll [X]
S2 uisp; %systemroot%\system32\abp480n5.dll [X]
S2 v2imount; %systemroot%\system32\pmounter.dll [X]
S2 vnxservice; %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll [X]
S2 wstcodec; %systemroot%\system32\citrixxteserver.dll [X]
S2 wusb54gv2svc; %systemroot%\system32\pcnet.dll [X]
S4 wzcsvc;  [X]
S2 ZTEusbmdm6k; %systemroot%\system32\lxcf_device.dll [X]
S2 _iomega_active_disk_service_; %systemroot%\system32\nsengine.dll [X]

==================== Drivers (Whitelisted) ====================

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2010-08-24] (Broadcom Corporation)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [62216 2012-04-13] (FTDI Ltd.)
R2 Machnm32; C:\Windows\System32\Machnm32.sys [7168 2010-03-01] ()
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10.sys [52096 2010-10-01] (Generic USB smartcard reader)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)
R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [20328 2011-06-05] (NVIDIA Corporation)
R3 O2MDRRDR; C:\Windows\System32\DRIVERS\O2MDRw7.sys [62440 2011-01-04] (O2Micro )
S3 RSSERIAL; C:\Windows\SYSTEM32\RSSERIAL.SYS [155440 2010-09-24] (Rockwell Software Inc.) [File not signed]
R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)
S1 SWIPsec; C:\Windows\system32\Drivers\SWIPsec.sys [87064 2009-03-06] (SonicWALL, Inc.)
S3 SWVNIC; C:\Windows\System32\DRIVERS\swvnic.sys [21016 2009-03-04] (SonicWALL, Inc.)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [76648 2014-01-23] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [291400 2013-10-31] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [64264 2014-01-23] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\Security Agent\TmXPFlt.sys [263968 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\Security Agent\TmPreFlt.sys [36128 2013-08-14] (Trend Micro Inc.)
R2 VSApiNt; C:\Program Files\Trend Micro\Security Agent\VSApiNt.sys [1517600 2013-08-14] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\cfeist\AppData\Local\Temp\catchme.sys [X]
S0 mgwt; System32\drivers\pbuck.sys [X]
S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [X]
S3 slabbus; system32\DRIVERS\slabbus.sys [X]
S3 slabser; system32\DRIVERS\slabser.sys [X]
S1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]
S3 vpnva; system32\DRIVERS\vpnva.sys [X]
U3 mbr; \??\C:\Users\cfeist\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

NETSVC: pavagente -> No Registry Path.
NETSVC: Atmuni -> C:\Windows\system32\twdns.dll ==> No File.
NETSVC: Packet -> C:\Windows\system32\mssql$microsoftsmlbiz.dll ==> No File.
NETSVC: wusb54gv2svc -> C:\Windows\system32\pcnet.dll ==> No File.
NETSVC: ZTEusbmdm6k -> C:\Windows\system32\lxcf_device.dll ==> No File.
NETSVC: bb-run -> C:\Windows\system32\cics.region1.dll ==> No File.
NETSVC: mksvirmonsvc -> C:\Windows\system32\oracle_load_balancer_60_client-forms6i.dll ==> No File.
NETSVC: hSONYPVh -> C:\Windows\system32\DELL_A02.dll ==> No File.
NETSVC: ss_bus -> C:\Windows\system32\ISAMSvc.dll ==> No File.
NETSVC: ntiopnp -> C:\Windows\system32\tdtcp.dll ==> No File.
NETSVC: sscdbus -> C:\Windows\system32\iolo_srv.dll ==> No File.
NETSVC: Rawwan -> C:\Windows\system32\uleadburninghelper.dll ==> No File.
NETSVC: mps9 -> C:\Windows\system32\incdrec.dll ==> No File.
NETSVC: SE27mgmt -> C:\Windows\system32\SQLAgent$MICROSOFTBCM.dll ==> No File.
NETSVC: bdfdll -> No Registry Path.
NETSVC: wstcodec -> C:\Windows\system32\citrixxteserver.dll ==> No File.
NETSVC: vnxservice -> C:\Windows\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll ==> No File.
NETSVC: prodrv06 -> C:\Windows\system32\pgfilter.dll ==> No File.
NETSVC: v2imount -> C:\Windows\system32\pmounter.dll ==> No File.
NETSVC: LC7981 -> C:\Windows\system32\iolodmv.dll ==> No File.
NETSVC: SE2Cmdfl ->  ==> No File.
NETSVC: RTL8169 -> C:\Windows\system32\k56.dll ==> No File.
NETSVC: NICSer_WPC300N -> C:\Windows\system32\avp.dll ==> No File.
NETSVC: p1131vid -> C:\Windows\system32\CnxTrLan.dll ==> No File.
NETSVC: uisp -> C:\Windows\system32\abp480n5.dll ==> No File.
NETSVC: _iomega_active_disk_service_ -> C:\Windows\system32\nsengine.dll ==> No File.
NETSVC: amfilter -> C:\Windows\system32\GT891x.dll ==> No File.
NETSVC: DVDVRRdr_xp -> C:\Windows\system32\Sntnlusb.dll ==> No File.
NETSVC: hpqwmiex -> C:\Windows\system32\VX3000.dll ==> No File.

==================== One Month Created Files and Folders ========

2014-07-21 10:21 - 2014-07-21 10:22 - 00028519 _____ () C:\Users\cfeist\Desktop\FRST.txt
2014-07-21 10:21 - 2014-07-21 10:21 - 00000000 ____D () C:\FRST
2014-07-21 10:21 - 2014-07-21 10:19 - 01080320 _____ (Farbar) C:\Users\cfeist\Desktop\FRST.exe
2014-07-21 10:16 - 2014-07-21 10:18 - 00003087 _____ () C:\Users\cfeist\AppData\Local\dfl31z32.dll
2014-07-21 10:16 - 2014-07-21 10:16 - 00000003 _____ () C:\Users\cfeist\AppData\Local\defjecih31.nls
2014-07-21 09:34 - 2014-07-21 09:34 - 00019890 _____ () C:\Users\cfeist\Desktop\dds.txt
2014-07-21 09:34 - 2014-07-21 09:34 - 00014739 _____ () C:\Users\cfeist\Desktop\attach.txt
2014-07-21 09:33 - 2014-07-21 09:25 - 00688992 ____R (Swearware) C:\Users\cfeist\Desktop\dds.com
2014-07-21 09:01 - 2014-07-21 09:01 - 00000056 _____ () C:\Windows\setupact.log
2014-07-21 09:01 - 2014-07-21 09:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-21 09:00 - 2014-07-21 09:00 - 00000164 _____ () C:\Users\cfeist\Documents\cc_20140721_090010.reg
2014-07-21 08:52 - 2014-07-21 08:52 - 00011694 _____ () C:\Users\cfeist\Documents\cc_20140721_085204.reg
2014-07-21 07:30 - 2014-07-21 10:21 - 00000003 _____ () C:\ProgramData\Extender Service31.nls
2014-07-21 07:21 - 2014-07-21 07:21 - 00046592 _____ () C:\Users\cfeist\Documents\7-18 Carl Feist.xls
2014-07-20 23:30 - 2014-07-20 23:35 - 00000187 _____ () C:\Users\cfeist\Desktop\catchme.log
2014-07-20 21:11 - 2014-07-21 07:01 - 00000000 ___SD () C:\ComboFix
2014-07-20 21:09 - 2014-07-20 17:46 - 05561612 ____R (Swearware) C:\Users\cfeist\Desktop\ComboFix.exe
2014-07-20 20:41 - 2014-07-20 21:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-20 17:53 - 2014-07-20 17:53 - 00000934 _____ () C:\Users\cfeist\Desktop\NTREGOPT.lnk
2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-07-20 17:39 - 2014-07-20 17:39 - 00000344 _____ () C:\Windows\Tasks\ReimageUpdater.job
2014-07-20 17:18 - 2014-07-20 17:39 - 00000155 _____ () C:\Windows\Reimage.ini
2014-07-20 16:56 - 2014-07-20 16:57 - 00000000 ____D () C:\reimage repair
2014-07-20 14:42 - 2014-07-20 20:39 - 00000000 ____D () C:\mbam rootkit
2014-07-20 09:44 - 2014-07-21 07:02 - 00000000 ____D () C:\Users\cfeist\Desktop\mbar
2014-07-18 18:18 - 2014-07-18 18:49 - 00000003 _____ () C:\ProgramData\ink-Layer Topology Discovery Mapper31.nls
2014-07-18 14:47 - 2014-07-18 14:47 - 04161313 _____ () C:\Users\cfeist\Desktop\tdsskiller.zip
2014-07-18 14:47 - 2014-07-18 14:47 - 00177254 _____ () C:\Users\cfeist\Desktop\Extras.Txt
2014-07-18 14:46 - 2014-07-18 14:46 - 00092412 _____ () C:\Users\cfeist\Desktop\OTL.Txt
2014-07-18 14:23 - 2014-07-18 14:22 - 01171968 _____ (OldTimer Tools) C:\Users\cfeist\Desktop\OTL.exe
2014-07-18 13:46 - 2014-07-18 13:46 - 00197646 _____ () C:\Users\cfeist\Documents\cc_20140718_134616.reg
2014-07-18 13:24 - 2014-07-18 13:25 - 00000000 ____D () C:\take ownership
2014-07-18 09:43 - 2009-07-13 21:14 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe
2014-07-18 09:01 - 2014-07-18 15:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-18 09:01 - 2014-07-18 09:01 - 00000921 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-18 09:01 - 2014-07-18 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 09:01 - 2014-07-17 19:45 - 03736040 _____ (Piriform Ltd) C:\Users\cfeist\Desktop\ccsetup415_slim.exe
2014-07-18 08:44 - 2014-07-18 08:44 - 00046592 _____ () C:\Users\cfeist\Documents\7-17 Carl Feist.xls
2014-07-17 23:48 - 2014-07-18 15:20 - 00000000 ____D () C:\ProcessMonitor
2014-07-17 21:37 - 2014-07-21 07:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-17 21:37 - 2014-07-20 20:39 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-17 21:37 - 2014-07-18 15:58 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-17 21:37 - 2014-07-17 21:37 - 00001016 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 21:37 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-17 21:37 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-17 19:48 - 2014-07-17 19:48 - 00000934 _____ () C:\Users\etadmin\Desktop\NTREGOPT.lnk
2014-07-17 19:48 - 2014-07-17 19:43 - 00483809 _____ (Lars Hederer ) C:\Users\cfeist\Desktop\ntregopt-setup.exe
2014-07-16 13:48 - 2014-07-16 13:48 - 00000000 _____ () C:\Windows\system32\diagnostic.log
2014-07-16 13:37 - 2014-07-16 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent
2014-07-16 13:34 - 2014-07-17 07:27 - 00046592 _____ () C:\Users\cfeist\Documents\7-16 Carl Feist.xls
2014-07-16 13:32 - 2014-07-16 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-16 12:39 - 2014-07-16 13:28 - 80815104 _____ () C:\Users\cfeist\Desktop\agentWin32.msi
2014-07-16 12:15 - 2014-07-18 15:26 - 00000003 _____ () C:\ProgramData\vider31.nls
2014-07-16 11:49 - 2014-07-16 11:50 - 00000000 ____D () C:\mbam
2014-07-15 21:43 - 2014-07-18 17:12 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\Inxeom
2014-07-15 21:43 - 2014-07-16 07:40 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\Hulou
2014-07-15 19:00 - 2014-07-15 19:01 - 00047104 _____ () C:\Users\cfeist\Documents\7-15 Carl Feist.xls
2014-07-15 07:56 - 2014-07-15 07:56 - 00046592 _____ () C:\Users\cfeist\Documents\7-14 Carl Feist.xls
2014-07-14 09:46 - 2014-07-14 10:18 - 00026904 _____ () C:\Users\cfeist\Documents\PK USA RACK GROUPS.bak
2014-07-12 17:05 - 2014-07-12 17:05 - 00047104 _____ () C:\Users\cfeist\Documents\7-11 Carl Feist.xls
2014-07-10 19:21 - 2014-07-10 19:21 - 00047104 _____ () C:\Users\cfeist\Documents\7-10 Carl Feist.xls
2014-07-09 20:48 - 2014-07-09 20:48 - 00047104 _____ () C:\Users\cfeist\Documents\7-9 Carl Feist.xls
2014-07-08 20:04 - 2014-07-08 20:04 - 00046592 _____ () C:\Users\cfeist\Documents\7-8 Carl Feist.xls
2014-07-07 21:15 - 2014-07-07 21:15 - 00047104 _____ () C:\Users\cfeist\Documents\7-7 Carl Feist.xls
2014-07-07 18:56 - 2014-07-07 18:47 - 00137023 ____N () C:\Users\cfeist\Documents\Tech Schedule 2014.xlsx
2014-07-06 23:05 - 2014-07-12 17:07 - 00047104 _____ () C:\Users\cfeist\Documents\7-6 Carl Feist.xls
2014-07-03 11:48 - 2014-07-03 11:48 - 00046592 _____ () C:\Users\cfeist\Documents\7-3 Carl Feist.xls
2014-07-02 20:42 - 2014-07-02 20:42 - 00046592 _____ () C:\Users\cfeist\Documents\7-2 Carl Feist.xls
2014-07-01 18:02 - 2014-07-01 18:02 - 00046592 _____ () C:\Users\cfeist\Documents\7-1 Carl Feist.xls
2014-06-30 18:26 - 2014-06-30 18:26 - 00047104 _____ () C:\Users\cfeist\Documents\Carl Feist 6-30.xls
2014-06-29 19:19 - 2014-06-30 07:01 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-29.xls
2014-06-27 14:41 - 2014-06-17 02:18 - 00048128 _____ (FANUC) C:\Windows\system32\FRUserAppSettings.dll
2014-06-27 14:36 - 2014-06-27 14:36 - 00000000 ____D () C:\ipendant controls 8.30
2014-06-27 14:33 - 2014-06-27 14:35 - 21031937 _____ (Igor Pavlov) C:\Users\cfeist\Downloads\iPendantControls_V8.30_A.exe
2014-06-27 14:25 - 2014-06-30 15:28 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-27.xls
2014-06-26 18:13 - 2014-06-26 18:29 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-26.xls
2014-06-26 08:21 - 2014-06-26 08:21 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\NVIDIA
2014-06-26 08:08 - 2014-06-26 08:09 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-25.xls
2014-06-25 16:43 - 2013-06-21 08:02 - 21102368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv32.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 17560352 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 13411896 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2um.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 12427240 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dum.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 09069344 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-25 16:43 - 2013-06-21 08:02 - 07687592 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 06324360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 02777888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 02002720 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 01024288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco3232049.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 00893728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco3232049.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 00467232 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR.dll
2014-06-25 16:43 - 2013-06-21 08:02 - 00465184 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC.dll
2014-06-25 16:43 - 2013-02-25 01:27 - 00154400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda32v.sys
2014-06-25 16:43 - 2013-02-25 01:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap32.dll
2014-06-25 16:43 - 2013-01-29 04:35 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco3220103.dll
2014-06-25 13:27 - 2014-06-25 13:27 - 00001303 _____ () C:\Users\cfeist\Documents\WAN GroupVPN_0017C5C09EC0.rcf
2014-06-24 16:18 - 2014-06-24 16:18 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-24.xls
2014-06-23 10:16 - 2014-06-24 08:26 - 00047104 _____ () C:\Users\cfeist\Documents\Carl Feist 6-23.xls
2014-06-23 10:00 - 2014-06-23 10:00 - 00035852 _____ () C:\Users\cfeist\Documents\Kmenu.zip

==================== One Month Modified Files and Folders =======

2014-07-21 10:22 - 2014-07-21 10:21 - 00028519 _____ () C:\Users\cfeist\Desktop\FRST.txt
2014-07-21 10:21 - 2014-07-21 10:21 - 00000000 ____D () C:\FRST
2014-07-21 10:21 - 2014-07-21 07:30 - 00000003 _____ () C:\ProgramData\Extender Service31.nls
2014-07-21 10:19 - 2014-07-21 10:21 - 01080320 _____ (Farbar) C:\Users\cfeist\Desktop\FRST.exe
2014-07-21 10:18 - 2014-07-21 10:16 - 00003087 _____ () C:\Users\cfeist\AppData\Local\dfl31z32.dll
2014-07-21 10:16 - 2014-07-21 10:16 - 00000003 _____ () C:\Users\cfeist\AppData\Local\defjecih31.nls
2014-07-21 09:36 - 2011-07-18 21:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 09:34 - 2014-07-21 09:34 - 00019890 _____ () C:\Users\cfeist\Desktop\dds.txt
2014-07-21 09:34 - 2014-07-21 09:34 - 00014739 _____ () C:\Users\cfeist\Desktop\attach.txt
2014-07-21 09:31 - 2013-11-22 21:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-21 09:29 - 2011-07-08 14:21 - 00840530 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-21 09:25 - 2014-07-21 09:33 - 00688992 ____R (Swearware) C:\Users\cfeist\Desktop\dds.com
2014-07-21 09:08 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-21 09:08 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-21 09:01 - 2014-07-21 09:01 - 00000056 _____ () C:\Windows\setupact.log
2014-07-21 09:01 - 2014-07-21 09:01 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-21 09:01 - 2011-07-18 21:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-21 09:01 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-21 09:00 - 2014-07-21 09:00 - 00000164 _____ () C:\Users\cfeist\Documents\cc_20140721_090010.reg
2014-07-21 08:52 - 2014-07-21 08:52 - 00011694 _____ () C:\Users\cfeist\Documents\cc_20140721_085204.reg
2014-07-21 08:40 - 2011-12-12 10:52 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-07-21 08:31 - 2012-08-27 18:21 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-07-21 07:27 - 2014-07-17 21:37 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 07:21 - 2014-07-21 07:21 - 00046592 _____ () C:\Users\cfeist\Documents\7-18 Carl Feist.xls
2014-07-21 07:16 - 2012-08-27 09:43 - 00000442 _____ () C:\Windows\Tasks\TrendMicro-Audit.job
2014-07-21 07:02 - 2014-07-20 09:44 - 00000000 ____D () C:\Users\cfeist\Desktop\mbar
2014-07-21 07:02 - 2011-12-12 10:52 - 00643584 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2014-07-21 07:02 - 2011-12-12 10:51 - 01769984 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2014-07-21 07:01 - 2014-07-20 21:11 - 00000000 ___SD () C:\ComboFix
2014-07-21 07:01 - 2012-06-18 22:47 - 00000000 ____D () C:\Windows\erdnt
2014-07-20 23:37 - 2011-12-12 10:52 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\FXSSVC.exe
2014-07-20 23:37 - 2011-12-12 10:51 - 03748352 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-07-20 23:37 - 2011-12-12 10:51 - 01595392 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-07-20 23:37 - 2011-07-11 12:14 - 00995328 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-07-20 23:36 - 2009-07-13 22:03 - 23592960 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-07-20 23:36 - 2009-07-13 22:03 - 103546880 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-07-20 23:36 - 2009-07-13 22:03 - 01163264 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-07-20 23:36 - 2009-07-13 22:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-07-20 23:35 - 2014-07-20 23:30 - 00000187 _____ () C:\Users\cfeist\Desktop\catchme.log
2014-07-20 21:09 - 2014-07-20 20:41 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-20 20:39 - 2014-07-20 14:42 - 00000000 ____D () C:\mbam rootkit
2014-07-20 20:39 - 2014-07-17 21:37 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-20 19:17 - 2011-07-18 19:30 - 00000000 ____D () C:\Users\cfeist\Documents\My Workcells
2014-07-20 18:43 - 2011-07-13 10:09 - 00000000 ____D () C:\Users\cfeist
2014-07-20 18:07 - 2011-07-13 10:09 - 11231232 _____ () C:\Users\cfeist\NTUSER.bak
2014-07-20 17:59 - 2013-11-07 09:23 - 00000000 ____D () C:\Users\admin2
2014-07-20 17:59 - 2013-11-07 09:19 - 00000000 ____D () C:\Users\bself
2014-07-20 17:59 - 2011-07-08 14:19 - 00000000 ____D () C:\Users\etadmin
2014-07-20 17:59 - 2011-07-08 13:09 - 00000000 ____D () C:\Users\administrator
2014-07-20 17:59 - 2009-07-13 22:03 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-07-20 17:53 - 2014-07-20 17:53 - 00000934 _____ () C:\Users\cfeist\Desktop\NTREGOPT.lnk
2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer
2014-07-20 17:53 - 2014-07-20 17:53 - 00000000 ____D () C:\Program Files\NT Registry Optimizer
2014-07-20 17:46 - 2014-07-20 21:09 - 05561612 ____R (Swearware) C:\Users\cfeist\Desktop\ComboFix.exe
2014-07-20 17:39 - 2014-07-20 17:39 - 00000344 _____ () C:\Windows\Tasks\ReimageUpdater.job
2014-07-20 17:39 - 2014-07-20 17:18 - 00000155 _____ () C:\Windows\Reimage.ini
2014-07-20 16:57 - 2014-07-20 16:56 - 00000000 ____D () C:\reimage repair
2014-07-20 05:25 - 2009-07-13 19:36 - 00608256 _____ (Microsoft Corporation) C:\Windows\system32\wlrmdr.exe
2014-07-20 05:24 - 2009-07-13 19:27 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2014-07-20 05:24 - 2009-07-13 19:23 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\vdsldr.exe
2014-07-20 05:23 - 2009-07-13 19:12 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2014-07-20 05:22 - 2009-07-13 20:18 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2014-07-20 05:22 - 2009-07-13 19:54 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\rasautou.exe
2014-07-20 05:22 - 2009-07-13 19:36 - 00582144 _____ (Microsoft Corporation) C:\Windows\system32\mpnotify.exe
2014-07-20 05:22 - 2009-07-13 19:21 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm.exe
2014-07-20 05:22 - 2009-07-13 19:16 - 00647168 _____ (Microsoft Corporation) C:\Windows\system32\newdev.exe
2014-07-20 05:22 - 2009-07-13 19:16 - 00645632 _____ (Microsoft Corporation) C:\Windows\system32\ndadmin.exe
2014-07-20 05:21 - 2009-07-13 19:19 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\lodctr.exe
2014-07-20 05:21 - 2009-07-13 19:16 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\hdwwiz.exe
2014-07-20 05:20 - 2009-07-13 19:16 - 00820224 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-07-20 05:20 - 2009-07-13 19:12 - 00622592 _____ (Microsoft Corporation) C:\Windows\system32\expand.exe
2014-07-20 05:15 - 2009-07-13 19:21 - 00617472 _____ (Microsoft Corporation) C:\Windows\system32\csrstub.exe
2014-07-20 05:14 - 2009-07-13 19:53 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\bridgeunattend.exe
2014-07-20 05:14 - 2009-07-13 19:33 - 00637952 _____ (Microsoft Corporation) C:\Windows\system32\CertEnrollCtrl.exe
2014-07-20 05:13 - 2009-07-13 19:34 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2014-07-20 05:13 - 2009-07-13 19:33 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\AxInstUI.exe
2014-07-20 04:57 - 2009-07-13 20:12 - 00584192 _____ (Microsoft Corporation) C:\Windows\hh.exe
2014-07-19 22:32 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\addins
2014-07-18 18:49 - 2014-07-18 18:18 - 00000003 _____ () C:\ProgramData\ink-Layer Topology Discovery Mapper31.nls
2014-07-18 17:12 - 2014-07-15 21:43 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\Inxeom
2014-07-18 17:12 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\Performance
2014-07-18 16:07 - 2009-07-14 03:50 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-18 16:07 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-18 15:58 - 2014-07-17 21:37 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-18 15:35 - 2009-07-14 00:52 - 00000000 ____D () C:\Program Files\DVD Maker
2014-07-18 15:34 - 2011-10-10 10:08 - 00000000 ____D () C:\Program Files\Common Files\Rockwell
2014-07-18 15:27 - 2014-07-18 09:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-18 15:26 - 2014-07-16 12:15 - 00000003 _____ () C:\ProgramData\vider31.nls
2014-07-18 15:20 - 2014-07-17 23:48 - 00000000 ____D () C:\ProcessMonitor
2014-07-18 14:52 - 2012-06-18 22:47 - 00000000 ____D () C:\Qoobox
2014-07-18 14:47 - 2014-07-18 14:47 - 04161313 _____ () C:\Users\cfeist\Desktop\tdsskiller.zip
2014-07-18 14:47 - 2014-07-18 14:47 - 00177254 _____ () C:\Users\cfeist\Desktop\Extras.Txt
2014-07-18 14:46 - 2014-07-18 14:46 - 00092412 _____ () C:\Users\cfeist\Desktop\OTL.Txt
2014-07-18 14:22 - 2014-07-18 14:23 - 01171968 _____ (OldTimer Tools) C:\Users\cfeist\Desktop\OTL.exe
2014-07-18 13:48 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Registration
2014-07-18 13:46 - 2014-07-18 13:46 - 00197646 _____ () C:\Users\cfeist\Documents\cc_20140718_134616.reg
2014-07-18 13:25 - 2014-07-18 13:24 - 00000000 ____D () C:\take ownership
2014-07-18 12:00 - 2009-07-14 00:53 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-18 11:40 - 2011-07-08 12:56 - 00000384 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-18 09:53 - 2009-07-13 19:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\UI0Detect.exe
2014-07-18 09:27 - 2012-03-30 13:54 - 00000000 ____D () C:\Windows\Minidump
2014-07-18 09:27 - 2011-07-08 15:13 - 00000000 ____D () C:\Windows\Panther
2014-07-18 09:27 - 2011-07-08 13:31 - 00000000 ____D () C:\Program Files\PDFCreator
2014-07-18 09:01 - 2014-07-18 09:01 - 00000921 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-18 09:01 - 2014-07-18 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-18 09:01 - 2013-11-07 09:23 - 02359296 ___SH () C:\Users\admin2\NTUSER.bak
2014-07-18 09:01 - 2013-11-07 09:19 - 01048576 ___SH () C:\Users\bself\NTUSER.bak
2014-07-18 09:01 - 2011-07-08 14:19 - 00786432 ___SH () C:\Users\etadmin\NTUSER.bak
2014-07-18 09:01 - 2011-07-08 13:09 - 01048576 ___SH () C:\Users\administrator\NTUSER.bak
2014-07-18 08:44 - 2014-07-18 08:44 - 00046592 _____ () C:\Users\cfeist\Documents\7-17 Carl Feist.xls
2014-07-18 08:41 - 2014-05-07 15:25 - 00000003 _____ () C:\ProgramData\pPortSharing31.nls
2014-07-18 08:12 - 2012-11-28 17:00 - 00000000 ____D () C:\Program Files\Citrix
2014-07-17 21:37 - 2014-07-17 21:37 - 00001016 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-17 21:37 - 2014-07-17 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-17 20:39 - 2014-01-22 09:50 - 00000000 ____D () C:\Users\cfeist\Documents\mcg practice
2014-07-17 19:48 - 2014-07-17 19:48 - 00000934 _____ () C:\Users\etadmin\Desktop\NTREGOPT.lnk
2014-07-17 19:45 - 2014-07-18 09:01 - 03736040 _____ (Piriform Ltd) C:\Users\cfeist\Desktop\ccsetup415_slim.exe
2014-07-17 19:43 - 2014-07-17 19:48 - 00483809 _____ (Lars Hederer ) C:\Users\cfeist\Desktop\ntregopt-setup.exe
2014-07-17 13:29 - 2014-03-26 14:38 - 00000000 ____D () C:\Users\cfeist\Documents\customers
2014-07-17 07:27 - 2014-07-16 13:34 - 00046592 _____ () C:\Users\cfeist\Documents\7-16 Carl Feist.xls
2014-07-16 13:53 - 2011-07-08 13:35 - 00000000 ____D () C:\Program Files\Trend Micro
2014-07-16 13:52 - 2013-11-06 15:10 - 01895106 _____ () C:\Windows\system32\TmInstall.log
2014-07-16 13:51 - 2013-11-06 15:10 - 00012368 _____ () C:\Windows\cfgall.ini
2014-07-16 13:48 - 2014-07-16 13:48 - 00000000 _____ () C:\Windows\system32\diagnostic.log
2014-07-16 13:44 - 2011-07-08 13:38 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-07-16 13:37 - 2014-07-16 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro Worry-Free Business Security Agent
2014-07-16 13:33 - 2014-07-16 13:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-16 13:28 - 2014-07-16 12:39 - 80815104 _____ () C:\Users\cfeist\Desktop\agentWin32.msi
2014-07-16 11:50 - 2014-07-16 11:49 - 00000000 ____D () C:\mbam
2014-07-16 07:40 - 2014-07-15 21:43 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\Hulou
2014-07-15 21:40 - 2013-11-06 12:16 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\Dropbox
2014-07-15 19:01 - 2014-07-15 19:00 - 00047104 _____ () C:\Users\cfeist\Documents\7-15 Carl Feist.xls
2014-07-15 18:45 - 2014-05-14 19:02 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\DropboxMaster
2014-07-15 18:45 - 2013-11-06 12:20 - 00000000 ___RD () C:\Dropbox
2014-07-15 07:59 - 2014-02-23 18:42 - 00011634 _____ () C:\Users\cfeist\Documents\Expense Report Tracker.xlsx
2014-07-15 07:56 - 2014-07-15 07:56 - 00046592 _____ () C:\Users\cfeist\Documents\7-14 Carl Feist.xls
2014-07-14 10:20 - 2009-07-14 00:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-07-14 10:18 - 2014-07-14 09:46 - 00026904 _____ () C:\Users\cfeist\Documents\PK USA RACK GROUPS.bak
2014-07-13 10:36 - 2013-11-22 21:28 - 01261056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-12 17:07 - 2014-07-06 23:05 - 00047104 _____ () C:\Users\cfeist\Documents\7-6 Carl Feist.xls
2014-07-12 17:05 - 2014-07-12 17:05 - 00047104 _____ () C:\Users\cfeist\Documents\7-11 Carl Feist.xls
2014-07-10 19:21 - 2014-07-10 19:21 - 00047104 _____ () C:\Users\cfeist\Documents\7-10 Carl Feist.xls
2014-07-09 20:48 - 2014-07-09 20:48 - 00047104 _____ () C:\Users\cfeist\Documents\7-9 Carl Feist.xls
2014-07-08 21:31 - 2011-07-18 21:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 20:04 - 2014-07-08 20:04 - 00046592 _____ () C:\Users\cfeist\Documents\7-8 Carl Feist.xls
2014-07-07 21:15 - 2014-07-07 21:15 - 00047104 _____ () C:\Users\cfeist\Documents\7-7 Carl Feist.xls
2014-07-07 18:47 - 2014-07-07 18:56 - 00137023 ____N () C:\Users\cfeist\Documents\Tech Schedule 2014.xlsx
2014-07-03 11:48 - 2014-07-03 11:48 - 00046592 _____ () C:\Users\cfeist\Documents\7-3 Carl Feist.xls
2014-07-02 20:42 - 2014-07-02 20:42 - 00046592 _____ () C:\Users\cfeist\Documents\7-2 Carl Feist.xls
2014-07-01 18:02 - 2014-07-01 18:02 - 00046592 _____ () C:\Users\cfeist\Documents\7-1 Carl Feist.xls
2014-06-30 18:26 - 2014-06-30 18:26 - 00047104 _____ () C:\Users\cfeist\Documents\Carl Feist 6-30.xls
2014-06-30 15:28 - 2014-06-27 14:25 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-27.xls
2014-06-30 07:01 - 2014-06-29 19:19 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-29.xls
2014-06-27 14:36 - 2014-06-27 14:36 - 00000000 ____D () C:\ipendant controls 8.30
2014-06-27 14:35 - 2014-06-27 14:33 - 21031937 _____ (Igor Pavlov) C:\Users\cfeist\Downloads\iPendantControls_V8.30_A.exe
2014-06-26 18:29 - 2014-06-26 18:13 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-26.xls
2014-06-26 08:21 - 2014-06-26 08:21 - 00000000 ____D () C:\Users\cfeist\AppData\Roaming\NVIDIA
2014-06-26 08:09 - 2014-06-26 08:08 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-25.xls
2014-06-25 16:48 - 2011-07-08 15:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-25 16:46 - 2011-06-05 09:20 - 01201664 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-06-25 16:45 - 2013-12-14 14:15 - 00000000 ____D () C:\temp
2014-06-25 16:45 - 2011-07-08 14:33 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-25 16:45 - 2011-07-08 14:33 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-25 16:45 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Help
2014-06-25 13:27 - 2014-06-25 13:27 - 00001303 _____ () C:\Users\cfeist\Documents\WAN GroupVPN_0017C5C09EC0.rcf
2014-06-24 16:18 - 2014-06-24 16:18 - 00046592 _____ () C:\Users\cfeist\Documents\Carl Feist 6-24.xls
2014-06-24 08:26 - 2014-06-23 10:16 - 00047104 _____ () C:\Users\cfeist\Documents\Carl Feist 6-23.xls
2014-06-23 10:00 - 2014-06-23 10:00 - 00035852 _____ () C:\Users\cfeist\Documents\Kmenu.zip

ZeroAccess:
C:\Users\cfeist\AppData\Local\{94361e22-c1c2-5d0a-2761-ad8cf9ff0344}
C:\Users\cfeist\AppData\Local\{94361e22-c1c2-5d0a-2761-ad8cf9ff0344}\@

Some content of TEMP:
====================
C:\Users\cfeist\AppData\Local\temp\catchme.dll
C:\Users\cfeist\AppData\Local\temp\{672CC73B-AA00-4DAE-9EAF-6E0CF72F6605}-36.0.1985.125_chrome_installer.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-18 05:48

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:20-07-2014
Ran by cfeist at 2014-07-21 10:22:22
Running from C:\Users\cfeist\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Trend Micro Security Agent (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA}
AS: Trend Micro Security Agent Anti-spyware (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall (Enabled) {49A8346C-6900-54B6-B1B3-5F678736DDE9}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoCAD Architecture 2013 - English (HKLM\...\AutoCAD Architecture 2013 - English) (Version: 7.0.50.0 - Autodesk)
AutoCAD Architecture 2013 - English (Version: 7.0.50.0 - Autodesk) Hidden
AutoCAD Architecture 2013 Language Pack - English (Version: 7.0.50.0 - Autodesk) Hidden
AutoCAD Factory Design Utilities 2013 Language Pack - English (Version: 19.0.100.010 - Autodesk) Hidden
Autodesk Content Service (HKLM\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk DirectConnect 2013 32-bit (HKLM\...\Autodesk DirectConnect 2013 32-bit) (Version: 7.0.28.0 - Autodesk)
Autodesk DirectConnect 2013 32-bit (Version: 7.0.28.0 - Autodesk) Hidden
Autodesk Factory Design Suite 2013 Language Pack (Version: 2.0.100.006 - Autodesk) Hidden
Autodesk Factory Design Suite Premium 2013 (HKLM\...\Autodesk Factory Design Suite Premium 2013) (Version: 2.0.100.006 - Autodesk)
Autodesk Factory Design Suite Premium 2013 (Version: 2.0.100.006 - Autodesk) Hidden
Autodesk Factory Design Suite Support 2013 (Version: 1.0.0 - Autodesk) Hidden
Autodesk Factory Design Suite Uninstaller 2013 (HKLM\...\{F866B802-2E05-0332-BF5C-DDAB3B5F7EA9}) (Version: 2.0.0 - Autodesk)
Autodesk Factory Design Utilities for AutoCAD 2013 (HKLM\...\Autodesk Factory Design Utilities for AutoCAD 2013) (Version: 19.0.100.010 - Autodesk)
Autodesk Factory Design Utilities for AutoCAD 2013 (Version: 19.0.100.010 - Autodesk) Hidden
Autodesk Factory Design Utilities for Inventor 2013 (HKLM\...\Autodesk Factory Design Utilities for Inventor 2013) (Version: 17.0.100.009 - Autodesk)
Autodesk Factory Design Utilities for Inventor 2013 (Version: 17.0.100.009 - Autodesk) Hidden
Autodesk Inventor 2013 (Version: 17.1.17600.0000 - Autodesk) Hidden
Autodesk Inventor 2013 English (HKLM\...\Autodesk Inventor 2013) (Version: 17.1.17600.0000 - Autodesk)
Autodesk Inventor 2013 English Language Pack (Version: 17.0.13800.0000 - Autodesk) Hidden
Autodesk Inventor 2013 SP1 (HKLM\...\Autodesk Inventor 2013 SP1) (Version: 17.1.17600.0000 - Autodesk)
Autodesk Inventor 2013 SP1.1 (HKLM\...\Autodesk Inventor 2013 SP1.1) (Version: 17.1.17600.0000 - Autodesk)
Autodesk Inventor Content Center Libraries 2013 (Desktop Content) (HKLM\...\{B46DECD1-1732-4EF1-0000-22D71E81877C}) (Version: 17.0.13800.0000 - Autodesk)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion for Inventor 2013 Add-in (HKLM\...\{08BCFE15-8AA1-4A58-B018-4FEF486BA922}) (Version: 1.0.0.111 - Autodesk)
Autodesk Material Library 2013 (HKLM\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.14 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.14 - Autodesk)
Autodesk Material Library Low Resolution Image Library 2013 (HKLM\...\{27C6C0A2-2EC9-4FEA-BE2B-659EAAC2C68C}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Autodesk Vault 2013 Service Pack 1 Update 2 (Client) (HKLM\...\Autodesk Vault Basic 2013 (Client)_Autodesk Vault 2013 Service Pack 1 Update 2 (Client)) (Version:  - Autodesk, Inc.)
Autodesk Vault Basic 2013 (Client) (HKLM\...\Autodesk Vault Basic 2013 (Client)) (Version: 17.3.2.0 - Autodesk)
Autodesk Vault Basic 2013 (Client) (Version: 17.3.2.0 - Autodesk) Hidden
Autodesk Vault Basic 2013 (Client) English Language Pack (Version: 17.0.61.0 - Autodesk) Hidden
Autodesk Workflows - Factory Design Suite 2013 (HKLM\...\{06388E0D-A386-478B-8E40-7D76142A8DF4}) (Version: 3.0.10.0 - Autodesk)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brady Corp. LABXpert USB (HKLM\...\PCLCOMM&0E2E&0301) (Version:  - )
Brady Corp. LABXpert USB (HKLM\...\PCLCOMM&0E2E&0302) (Version:  - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDS 3.6.7 (HKLM\...\SICK-mutexCDS-3.6.7_is1) (Version: 3.6.7 - )
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
CWGenericBase-Runtime Setup (HKLM\...\{30BA75D6-A4D8-46FA-9EA6-FE291F7491ED}) (Version: 1.0.0 - CodeWrights)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DiskAid 5.43 (HKLM\...\DiskAid_is1) (Version: 5.43 - DigiDNA)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DraftSight (HKLM\...\{EE7D7509-CC19-4DED-A439-F50B191C9E37}) (Version: 8.0.2123 - Dassault Systemes)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
FactoryTalk Activation Manager 3.60.01 (CPR 9 SR 6) (HKLM\...\{823DA070-BC8F-4BD4-B5B3-9498F02262CB}) (Version: 3.60.01 - Rockwell Automation, Inc.)
FactoryTalk Diagnostics 2.60.00 (CPR 9 SR 6) (HKLM\...\{B1EDA7E0-8539-49F3-B706-36842FE984D4}) (Version: 2.60.00 - Rockwell Automation, Inc.)
FactoryTalk Services Platform 2.50 (CPR 9 SR 5) (HKLM\...\{E2145D1A-0D6B-4160-821F-5EC96DCAFAA4}) (Version: 2.50.00.0010 - Rockwell Automation, Inc.)
FANUC ROBOGUIDE (HKLM\...\{9E2C7340-E595-427B-8136-C5133E4450D6}) (Version: V8.2040 (Rev.F) - FANUC Robotics America, Inc.)
FANUC Robotics iPendant Controls (HKLM\...\{0E930492-FCAE-4565-B3DA-C29A687E586F}) (Version: 8.3039.02.05 - FANUC Robotics America, Inc.)
FANUC Robotics Off-line Support (HKLM\...\{74160C20-B061-4343-89C9-A2AE50290702}) (Version: V6.43 (Rev.D) - )
FANUC Robotics PC File Services (HKLM\...\{EA77F4AC-6874-4D67-ABBE-8803A7E84B60}) (Version: V6.31 (Rev.B) - )
FANUC Robotics Robot Neighborhood (HKLM\...\{22B5A25F-85A9-4149-895D-7307E22875BA}) (Version: V8.20 (Rev.A) - FANUC Robotics America, Inc.)
FANUC Robotics Robot Server (HKLM\...\{85950D11-0FA2-4058-AB3F-48AEC62C1165}) (Version: V8.20 (Rev.A) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V5.30 (HKLM\...\{65507157-ACD3-4FFB-94FE-F3441F996F7A}) (Version: (Rev.H) - )
FANUC Robotics Virtual Robot Controller V6.20 (HKLM\...\{3CA296C9-0F70-416D-BAEF-A724E1EC287E}) (Version:  - )
FANUC Robotics Virtual Robot Controller V6.22 (HKLM\...\{251A3D3C-2A03-4E7E-A43E-8D50BD06FAF1}) (Version: (Rev.D) - )
FANUC Robotics Virtual Robot Controller V6.30 (HKLM\...\{606C06A1-2FFF-4B48-8BB6-FF3E70373AB9}) (Version: 63029 - )
FANUC Robotics Virtual Robot Controller V6.31 (HKLM\...\{D5A1046E-CFD8-4681-8E80-05FF271EF636}) (Version: (Rev.F) - )
FANUC Robotics Virtual Robot Controller V6.40 (HKLM\...\{40CF09F0-C329-46ED-BF94-D50838C67904}) (Version: (Rev.S) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V6.43 (HKLM\...\{FA825E73-BE66-4DAA-911F-4DF30B74CC10}) (Version: (Rev.G) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V7.20 (HKLM\...\{29DDB6F7-87D6-4DCE-A7D6-00CBD05C9A0D}) (Version: (Rev.Q) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V7.30 (HKLM\...\{BCEAADAE-9259-40CB-9456-D4E44C74AAB7}) (Version: (Rev.I) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V7.40 (HKLM\...\{FEBBCC8B-BA36-4554-839E-DE7151B513D7}) (Version: (Rev.H) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V7.50 (HKLM\...\{4273ECBC-C67E-4AD9-BF96-BA47A5045492}) (Version: (Rev.K) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V7.70 (HKLM\...\{53F5FAAD-DA06-4A30-9811-7350DDB126F6}) (Version: (Rev.K) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V8.10 (HKLM\...\{D9653066-CF72-4B4B-8A0E-8D572513AA33}) (Version: (Rev.F) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V8.13 (HKLM\...\{FA4BBDA5-A60C-4363-AD31-E5CC344C244F}) (Version: (Rev.B) - FANUC Robotics America, Inc.)
FANUC Robotics Virtual Robot Controller V8.20 (HKLM\...\{78D6AF42-E1C3-447F-A9F4-52814AEEEEE4}) (Version: (Rev.B) - FANUC Robotics America, Inc.)
FANUC Robotics Vision Controls V8 (HKLM\...\{3236D3BD-46AD-49FE-972C-436CA420D2E6}) (Version: 8.2053.05.09 - FANUC CORPORATION / FANUC Robotics America, Inc.)
FANUC Robotics WinOLPC (HKLM\...\{7F7472C1-FACE-11D1-BA0B-00201801BE36}) (Version: V6.43 (Rev.D) - FANUC Robotics America, Inc.)
FANUC Robotics WinTPE (HKLM\...\{A0FE0B81-C309-11D0-8A92-00A02479C928}) (Version: V6.43 (Rev.D) - )
FANUC Vision PC Controls V7.70 (HKLM\...\{599C7020-56D9-4DB2-9B2F-262AA44630DF}) (Version: 7.7083.40.05 - FANUC CORPORATION / FANUC Robotics America, Inc.)
FARO LS 1.1.406.58 (HKLM\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
FTDI USB Serial Converter Drivers (HKLM\...\FTDICOMM) (Version: 2.00.00 - FTDI Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{575A25F9-3018-46F6-AB97-552B52770877}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP Deskjet 2540 series Help (HKLM\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{5DDB3393-E08B-447E-925F-6C00B95D0FE7}) (Version: 2.1.1.3 - Apple Inc.)
Inventor Factory Design Utilities 2013 Language Pack - English (Version: 17.0.100.009 - Autodesk) Hidden
iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java Auto Updater (Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.260 - Oracle)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual Basic PowerPacks 2.0 (HKLM\...\{F17B8386-A74A-4E4E-A7DD-435372991E14}) (Version: 2.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 (HKLM\...\{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}) (Version: 3.0.5305.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NTREGOPT 1.1j (HKLM\...\NTREGOPT_is1) (Version:  - Lars Hederer)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PanelBuilder32 (HKLM\...\PanelBuilder32) (Version:  - )
Parker Isysnet Analog Module Profiles (Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ASCII Module Profile (Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ControlNet Adapter Module Profile (Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles (Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 2 (Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 3 (Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Ethernet Adapter Module Profile (Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Photo Gallery (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{A6E08AC3-F00A-42B4-AF87-A30832769B23}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Redundancy Module Config Tool (HKLM\...\InstallShield_{25010847-562B-45AF-85D0-B40F283F20C5}) (Version: 6.2.10.0 - )
Redundancy Module Config Tool (Version: 6.2.10.0 - ) Hidden
RK512 Communication DTM 1.4.0.22 (HKLM\...\RK512CommunicationDTM_is1) (Version: 1.4.0.22 - SICK AG)
Rockwell Automation 1440 XM Dynamic Measurement Module Profile (Version: 1.07.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles (Version: 2.02.1.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles 2 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles 2 (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ASCII Module Profiles (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ControlNet Adapter Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profile, DeviceLogix (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 2 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 4 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Specialty Module Profiles (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles 2 (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ASCII Module Profiles (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ControlNet Adapter Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profile, DeviceLogix (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles (Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 2 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 3 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 4 (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile (Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Specialty Module Profiles (Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 CNet Comms Module Profiles (Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Ethernet Bridge Module Profile (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 HART Module Profiles (Version: 2.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Remote I/O Interface Module Profile (Version: 1.05.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (Version: 5.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 ASCII Module Profiles (Version: 1.06.5.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Boolean Module Profiles (Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Controller Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (Version: 1.02.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Embedded Module Profiles (Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Specialty Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1783 Ethernet Managed Switch Module Profile (Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1791DS Discrete Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1799 Embedded Discrete Module Profile (Version: 1.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2097 Kinetix Module Profiles (Version: 1.01.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 48MS Vision Sensor Module Profiles (Version: 1.01.19.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 5XRF RFID Reader Module Profiles (Version: 1.02.24.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (Version: 2.01.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (Version: 4.01.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (Version: 1.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (Version: 1.03.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (Version: 1.04.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO EtherNet Safety Module Profiles (Version: 3.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Download Manager (HKLM\...\{FFAD8DA9-ED41-494d-AC8E-63D861D0A733}) (Version: 2.0.7.35 - NOS Microsystems Ltd.)
Rockwell Automation Drives PowerFlex 4 Module Profiles (Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 2 Module Profiles (Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 3 Module Profiles (Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 Module Profiles (Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives SCANport Module Profiles (Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation EtherNet/IP Tap Family Module Profiles (Version: 2.06.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Generic Safety Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Kinetix CIP Motion Drive Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation PowerFlex CIP Motion Drive Module Profiles (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Stratix 8000/8300 Module Profiles (Version: 4.01.13.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation USB CIP Driver Package (HKLM\...\{99BCB705-EF61-4ADB-ABD6-3EAAE5BF30C6}) (Version: 3.11.02 - Rockwell Automation)
Rockwell Windows Firewall Configuration Utility 1.00.06 (HKLM\...\{01D8D3AA-2A4F-4085-9CC3-61E389D86D29}) (Version: 1.00.06.0004 - Rockwell Automation, Inc.)
RS4soft (HKLM\...\RS4soft) (Version:  - )
RSLinx Classic 2.57.00 CPR 9 SR 3 (HKLM\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.57.00.14 CPR 9 SR 3 - Rockwell Automation, Inc.)
RSLogix 500 English 8.10.00 (CPR 9) (HKLM\...\{026AC6A2-54CE-4E69-9925-1EFDB4E321C5}) (Version: 8.10.00 - Rockwell Automation Inc)
RSLogix 5000 Module Profile Core (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates (Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates 1 (Version: 8.00.2421.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Setup Utility (Version: 7.00.2186.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Motion Database (Version: 20.01.06 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Setup Installer (Version: 4.02.0000 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 System Updates (Version: 20.10.0410 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 v19.01.00 (CPR 9 SR 3) (HKLM\...\{30010119-EC33-11D6-A408-F6139379CBFB}) (Version: 19.01.00 - Rockwell Automation, Inc.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
ShoreTel Presenter (HKLM\...\{AD3015E1-66CD-44CC-978B-73F0546EB9F4}) (Version: 18.41.7901.0 - ShoreTel)
SICK CDSDTM 3.6.7.32 (HKLM\...\CDSDTM_is1) (Version: 3.6.7.32 - SICK AG)
SICK Shared (HKLM\...\SICK_Shared_is1) (Version:  - SICK AG)
Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.7 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.7.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SonicWALL Global VPN Client (HKLM\...\{40624553-811E-400E-B69B-38D8926A66BD}) (Version: 4.2.6 - SonicWALL)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trend Micro Worry-Free Business Security Agent (HKLM\...\Wofie) (Version: 19.0.1240 - Trend Micro Inc.)
Trend Micro Worry-Free Business Security Agent (Version: 9.0 - Trend Micro Inc.) Hidden
UltraVnc (HKLM\...\{8C5C331A-97D6-46DE-BFF4-8424BD06A888}) (Version: 1.0.962 - uvnc bvba)
Ultraware (HKLM\...\{E6A870C0-0A28-11D4-9D78-005004A05EF9}) (Version: 1.80 - )
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update 2 for Inventor 2013 SP1.1 (See readme for detail) (DL21028655) (HKLM\...\Autodesk Inventor 2013_17120) (Version: 1 - Autodesk)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Viewpoint Manager (Remove Only) (HKLM\...\Viewpoint Manager) (Version:  - )
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Live Communications Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )

==================== Restore Points  =========================

11-07-2014 11:53:42 Scheduled Checkpoint
16-07-2014 16:49:20 Removed Trend Micro Worry-Free Business Security Agent
16-07-2014 17:30:39 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
16-07-2014 17:35:41 Installed Trend Micro Worry-Free Business Security Agent

==================== Hosts content: ==========================

2012-06-18 23:19 - 2014-07-21 07:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {04D8918D-26BB-458C-AF11-EFB8D14E0E30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-18] (Piriform Ltd)
Task: {1FE854DE-06A7-48C2-A650-E1ABD55C9888} - System32\Tasks\G2MUpdateTask-S-1-5-21-719028502-870836700-907948943-1146 => C:\Program Files\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: {403D8915-51F8-4B95-8B22-C9CD7E19E196} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {4DA3B463-75C5-4BFE-8573-22750C333994} - System32\Tasks\{4D45DD82-E05C-4B73-98DB-588A98F87C68} => C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe [2014-01-29] (SonicWALL, Inc.)
Task: {5A37C890-F464-416A-B2A2-0340C3BA0174} - System32\Tasks\TrendMicro-Audit => C:\Windows\ETA_Scripts\TrendMicro.bat [2013-08-15] ()
Task: {729199EF-DDF2-4872-8F6B-754CA7F84FD0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {75373789-47D6-4A17-9C54-4D258E390014} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2014-01-28] (Hewlett-Packard Co.)
Task: {99466D4F-5E07-4818-9B82-0EAEFD5D3243} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-28] (Google Inc.)
Task: {9BF262B8-8558-4B61-ABC7-40404C1EEC68} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ADE9D446-632C-4F40-9408-341637713C77} - System32\Tasks\{59F665F5-2213-4DA6-A835-10693510EB1A} => C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVC.exe [2014-01-29] (SonicWALL, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReimageUpdater.job => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
Task: C:\Windows\Tasks\TrendMicro-Audit.job => ?

==================== Loaded Modules (whitelisted) =============

2011-07-08 13:31 - 2001-10-28 19:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-09-10 17:49 - 2013-05-21 08:33 - 00131072 _____ () C:\Program Files\FANUC\Shared\Robot Server\FRRobotNeighborhoodps.dll
2014-06-25 16:45 - 2013-06-21 08:02 - 00455968 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2010-02-24 18:13 - 2010-02-24 18:13 - 00053248 _____ () C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\rausbciplib.dll
2013-09-10 18:31 - 2013-08-11 14:49 - 03095040 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\TemplateEngine.dll
2011-08-04 17:53 - 2013-08-11 15:13 - 00081920 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\AxInterop.ZTCGFXLib.dll
2013-09-10 18:31 - 2013-08-11 15:05 - 00022528 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\RGCableSimulation.dll
2011-08-04 17:53 - 2013-03-02 11:47 - 02052096 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\cosmo3d13.dll
2011-08-04 17:53 - 2013-03-02 11:47 - 00065613 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\libmmd.dll
2011-07-13 14:17 - 2013-03-02 11:47 - 00102912 _____ () C:\Windows\system32\ifl0.dll
2011-08-04 17:53 - 2013-03-02 11:47 - 02080768 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\op13_sp.dll
2013-09-10 18:31 - 2013-08-11 14:59 - 00028160 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\GLCometClient.dll
2011-08-04 17:52 - 2013-07-16 06:00 - 00094208 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\frtpdevice.dll
2011-08-04 17:53 - 2013-08-11 15:02 - 00205312 _____ () C:\Program Files\FANUC\ROBOGUIDE\bin\RGPipeMonitor.dll
2011-08-04 17:52 - 2014-06-18 09:30 - 00915456 _____ () C:\Program Files\FANUC\Shared\UIF\friNPPWnd.dll
2011-07-13 14:57 - 2014-01-28 21:19 - 00995328 _____ () C:\Program Files\FANUC\Shared\Robot Server\FRRobotNeighborhood.exe
2011-07-13 14:59 - 2014-01-28 21:03 - 00802816 _____ () C:\Program Files\FANUC\Shared\Off Line\FRVRC\frvirtual.exe
2013-09-10 18:04 - 2013-07-19 05:47 - 00061440 _____ () C:\Program Files\FANUC\Shared\Off Line\FRVRC\V7.70\bin\frsock.dll
2011-08-04 17:53 - 2013-08-11 15:04 - 00028160 _____ () C:\Windows\system32\VirtualCameraForiRVision.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\cfeist\Documents\Acieta (script 4)-3-25-14.docx:AFP_AfpInfo

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Autodesk Content Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dnWhoDisp => 2
MSCONFIG\Services: EventClientMultiplexer => 2
MSCONFIG\Services: EventServer => 2
MSCONFIG\Services: FactoryTalk Activation Service => 2
MSCONFIG\Services: FANUC Robotics Motion Server => 2
MSCONFIG\Services: FLEXnet Licensing Service => 2
MSCONFIG\Services: FTActivationBoost => 2
MSCONFIG\Services: Harmony => 2
MSCONFIG\Services: HP Port Resolver => 2
MSCONFIG\Services: HP Status Server => 2
MSCONFIG\Services: IDriverT => 2
MSCONFIG\Services: iPod Service => 2
MSCONFIG\Services: MPDataFilesService => 2
MSCONFIG\Services: NmspHost => 2
MSCONFIG\Services: ntrtscan => 2
MSCONFIG\Services: NVSvc => 2
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\Services: OpcEnum => 3
MSCONFIG\Services: RdcyHost => 2
MSCONFIG\Services: ReimageRealTimeProtector => 2
MSCONFIG\Services: RNADiagnosticsService => 2
MSCONFIG\Services: RNADiagReceiver => 2
MSCONFIG\Services: RNADirectory => 2
MSCONFIG\Services: RNADirMultiplexor => 2
MSCONFIG\Services: RSLinx => 3
MSCONFIG\Services: RsvcHost => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\Services: TmCCSF => 2
MSCONFIG\Services: tmlisten => 2
MSCONFIG\Services: TmProxy => 2
MSCONFIG\Services: uvnc_service => 2
MSCONFIG\Services: Viewpoint Service => 2

==================== Faulty Device Manager Devices =============

Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SonicWALL IPsec Driver
Description: SonicWALL IPsec Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SWIPsec
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Usbccid Smartcard Reader (WUDF)
Description: Microsoft Usbccid Smartcard Reader (WUDF)
Class Guid: {50dd5230-ba8a-11d1-bf5d-0000f805f530}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The Windows Event Log service is starting.
The Windows Event Log service could not be started.

A system error has occurred.

The system cannot find message text for message number 0x1069 in the message file for (null).

More help is available by typing NET HELPMSG 4201.

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 3316.9 MB
Available physical RAM: 1308.16 MB
Total Pagefile: 6632.09 MB
Available Pagefile: 4392.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1852.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.32 GB) (Free:131.25 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: B75D04E5)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 21 July 2014 - 11:12 AM

Hi,

unfortunately my suspicion has proven true. Your computer is infected with Expiro, a file infector (or virus). This is a malware that patches all your executable files (including system files) and is very hard to fully remove. And even if all files can be disinfected this would leave a lot of damaged files behind.
What's more: In addition to Expiro there is also a bunch of other ugly malware. This system is in a very poor state.

I'd very strongly recommend to format the harddrive an re-install the operating system and the software from scratch. Backup only personal data and no programs or executable files before formatting the drive.
What are your thoughts on this?

Let me also inform you that Expiro is stealing all sorts of credentials. Make sure to change all credentials on a clean system.

#5 Sevastopol1

Sevastopol1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 July 2014 - 11:38 AM

Thanks for your assistance.



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 26 July 2014 - 12:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:44 PM

Posted 26 July 2014 - 12:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users