Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome processes in Task Manager


  • This topic is locked This topic is locked
7 replies to this topic

#1 RickSingh

RickSingh

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 04 November 2014 - 03:46 PM

I have a Windows 7 Lenovo laptop that is running very slow.  I ran virus scans, including Malwarebytes that returned zero results.  I have noticed in Task Manager that there are several processes running with a description of "Google Chrome". 

 

The exe file is in the \userprofile\appdata\locallow\Sun\ folder. This exe cannot be deleted since there is a lock on it. Even if I kill the processes from Task Manager, they regenerate faster than I can delete.

 

Would you please help me with removing this virus?  Thank you.



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:40 PM

Posted 08 November 2014 - 08:53 AM

Hi. Please do the following:

Download Farbar Recovery Scan Tool and save it to your desktop. http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
Note: please pick the version that matches your operating system's bit type. If you don't know which version matches your system, take a look at this link: http://www.bleepingcomputer.com/tutorials/32-bit-or-64-bit-windows/

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.



#3 RickSingh

RickSingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 09 November 2014 - 01:16 PM

Hello, thanks for responding.

 

Below are the 2 logs.

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by ricksingh (administrator) on RICKSINGH on 04-11-2014 15:17:27
Running from \\FILE-NA1-03\USERDATA1$\ricksingh\Desktop
Loaded Profiles: ricksingh & SQLServerLocal (Available profiles: ricksingh & SQLServerLocal & LocalAdmin)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Greatis Software, LLC) C:\Program Files (x86)\BootRacer\BootRacerServ.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco Hostscan\bin\ciscod.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
(Microsoft Corporation) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PasswordManager.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(SnapComms Ltd) C:\Program Files (x86)\SnapComms\Client\417\SnapClientService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsComProviderSvr.exe
(SnapComms Ltd) C:\Program Files (x86)\SnapComms\Client\417\SnapClient.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Google Inc.) C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
() C:\Program Files (x86)\Lenovo\Basic USB Dock\IgfxTskMgr.exe
(Docking Station) C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win7.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\pnamain.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Lync\communicator.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files (x86)\ITunes\iTunesHelper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Farbar) \\FILE-NA1-03\USERDATA1$\ricksingh\Desktop\FRST64.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe
(Google Inc.) C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\Tkhtlha.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PasswordRegistration] => C:\WINDOWS\system32\MsPwdRegistration.exe [31592 2010-02-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2011-03-14] (Conexant systems, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-24] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312 2014-04-14] (Microsoft Corporation)
HKLM-x32\...\Run: [SoftGridTray] => C:\Program Files (x86)\Microsoft Application Virtualization Client\SFTTray.exe [854760 2012-09-03] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [38840 2010-09-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640440 2010-09-22] (Adobe Systems Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe",
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BootRacer] => C:\Program Files (x86)\BootRacer\Bootrace.exe [3812624 2014-02-19] ( (Greatis Software))
HKLM\...\Policies\Explorer: [UseDefaultTile] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-03-09] (Microsoft Corporation)
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Run: [Google Update] => C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-23] (Google Inc.)
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Run: [RIMDeviceManager] => C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe [2226264 2012-11-26] (Research In Motion Limited)
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Run: [Buizckjt] => regsvr32.exe /s "C:\Users\ricksingh\AppData\Local\Research In Motion\Buizckjt.dll" <===== ATTENTION
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\system: [Wallpaper] C:\Windows\System32\BWEWallpaper.bmp
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\system: [SetVisualStyle] %windir%\resources\Themes\Aero\aero.msstyles
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoWindowsUpdate] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoUserFolderInStartMenu] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\...\Policies\Explorer: [DisallowCpl] 1
HKU\S-1-5-18\...\RunOnce: [Microsoft Security Client] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [SetVisualStyle] %windir%\resources\Themes\Aero\aero.msstyles
HKU\S-1-5-18\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoPropertiesRecycleBin] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-18\...\Policies\Explorer: [ForceStartMenuLogOff] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoToolbarsOnTaskbar] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSimpleStartMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMyGames] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoOnlinePrintsWizard] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoComputersNearMe] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoNetHood] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoUserFolderInStartMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-18\...\Policies\Explorer: [DisallowCpl] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IgfxTskMgr.lnk
ShortcutTarget: IgfxTskMgr.lnk -> C:\Program Files (x86)\Lenovo\Basic USB Dock\IgfxTskMgr.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\igpxtskmgn.lnk
ShortcutTarget: igpxtskmgn.lnk -> C:\Program Files (x86)\Lenovo\USB3.0 Dock\igpxtskmgn64win7.exe (Docking Station)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Online plug-in.lnk
ShortcutTarget: Online plug-in.lnk -> C:\Windows\Installer\{E7C5763F-948D-453B-9138-4A8F552B3CE3}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe ()
Startup: C:\Users\ricksingh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [TfsOverlayAdd] -> {D4DD7FC6-066F-442a-A200-DD21649CF378} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL ()
ShellIconOverlayIdentifiers: [TfsOverlayControlled] -> {EFF5DF4C-7662-4ed7-B533-837D3319D311} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL ()
ShellIconOverlayIdentifiers: [TfsOverlayEdit] -> {FF529703-3398-4c98-B88D-13F784CB10A2} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL ()
ShellIconOverlayIdentifiers: [TfsOverlayLock] -> {EAB6FC01-3462-4dc9-8C94-75582E3DC3CA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL ()
ShellIconOverlayIdentifiers: [TfsOverlayRename] -> {F15E94B9-9522-42bd-8A73-569BCBE5A5EA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://advantage.internal.BWE.com/
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4255863253-1233835171-2685878428-108658\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://sslvpn-na.BWE.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mymeetings.webex.com/client/T27L10NSP25EP3/webex/ieatgpc1.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default
FF DefaultSearchEngine: Google
FF Homepage: hxxp://www.msn.com/?pc=Z192&install_date=20111128
FF Keyword.URL: hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111128&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 -> C:\WINDOWS\SysWOW64\#npdeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\ricksingh\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\ricksingh\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\ricksingh\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ricksingh\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ricksingh\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default\Extensions\LogMeInClient@logmein.com [2011-03-30]
FF Extension: DownloadHelper - C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-01-31]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-05-02]
FF Extension: Youtube: Show Video Rating Stars in Search - C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default\Extensions\{d18de924-5045-4196-84ec-8fe73a418a41}.xpi [2012-09-21]
FF Extension: Mozilla Framework Assistant - C:\Users\ricksingh\AppData\Roaming\Mozilla\Firefox\Profiles\fvmogt0r.default\Extensions\{dff89b40-84af-4731-8992-79ac1cd949c5}.xpi [2013-01-07]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ricksingh\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ricksingh\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\ricksingh\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U23) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Users\ricksingh\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll No File
CHR Profile: C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-13]
CHR Extension: (YouTube) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-23]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2012-07-07]
CHR Extension: (Google Search) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-23]
CHR Extension: (Google Wallet) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\ricksingh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-23]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\ricksingh\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BootRacerServ; C:\Program Files (x86)\BootRacer\BootRacerServ.exe [65296 2013-07-26] (Greatis Software, LLC)
R2 ciscod.exe; C:\Program Files (x86)\Cisco\Cisco Hostscan\bin\ciscod.exe [47056 2011-03-30] (Cisco Systems, Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-11] (DisplayLink Corp.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-02-01] (Microsoft Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-04-18] (Macrovision Europe Ltd.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2010-08-11] (IBM)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [280320 2013-01-24] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [69632 2006-11-08] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PasswordManager; C:\WINDOWS\SysWOW64\PasswordManager.exe [20480 2011-08-19] () [File not signed]
S2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [88064 2006-11-08] (Hewlett-Packard) [File not signed]
S3 smstsmgr; C:\WINDOWS\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 SnapClientService; C:\Program Files (x86)\SnapComms\Client\417\SnapClientService.exe [202928 2012-09-19] (SnapComms Ltd)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 prepdrvr; C:\WINDOWS\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [766696 2012-09-04] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [272616 2012-09-04] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [26344 2012-09-04] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [22760 2012-09-04] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 15:17 - 2014-11-04 15:17 - 00000000 ____D () C:\FRST
2014-10-28 09:45 - 2011-07-20 09:55 - 00000538 ____N () C:\Users\ricksingh\.java.policy
2014-10-27 20:59 - 2014-11-04 13:57 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-27 20:58 - 2014-10-27 20:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-27 20:58 - 2014-10-27 20:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-27 20:58 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-10-27 20:58 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-04 15:10 - 2012-04-18 11:16 - 00003542 _____ () C:\WINDOWS\System32\Tasks\Health Check Tool
2014-11-04 14:43 - 2012-04-18 05:50 - 01191778 _____ () C:\WINDOWS\WindowsUpdate.log
2014-11-04 09:42 - 2012-05-23 13:33 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658Core.job
2014-11-04 09:00 - 2009-07-13 23:45 - 00012272 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 09:00 - 2009-07-13 23:45 - 00012272 ____H () C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 08:53 - 2009-07-14 00:13 - 00893056 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-11-04 08:50 - 2013-05-05 13:05 - 00000894 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-03 11:42 - 2012-04-19 20:32 - 00000000 ____D () C:\Users\ricksingh\Tracing
2014-11-03 11:40 - 2012-01-06 07:41 - 00000388 _____ () C:\WINDOWS\SMSCFG.INI
2014-11-03 11:39 - 2014-09-09 11:15 - 00000000 ____D () C:\Program Files (x86)\BootRacer
2014-11-03 11:39 - 2009-07-14 00:08 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-11-03 11:39 - 2009-07-13 23:51 - 00075407 _____ () C:\WINDOWS\setupact.log
2014-10-31 08:45 - 2012-04-18 10:50 - 00002240 _____ () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-30 14:57 - 2012-04-19 18:45 - 00000000 ____D () C:\Users\ricksingh
2014-10-30 14:57 - 2012-04-18 11:19 - 00000000 ____D () C:\Program Files\Java
2014-10-30 06:25 - 2011-06-18 07:33 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-10-29 12:09 - 2012-04-19 19:02 - 00000000 ____D () C:\Users\ricksingh\AppData\Roaming\Mozilla
2014-10-29 07:39 - 2012-04-18 11:01 - 00000000 ____D () C:\Program Files\BWE
2014-10-27 22:00 - 2012-04-19 20:31 - 00000000 ____D () C:\Users\ricksingh\AppData\Roaming\SoftGrid Client
2014-10-27 21:52 - 2013-01-21 20:34 - 00580000 _____ () C:\WINDOWS\PFRO.log
2014-10-27 20:59 - 2013-01-06 22:55 - 00000000 ____D () C:\Users\ricksingh\AppData\Roaming\Malwarebytes
2014-10-27 20:58 - 2013-01-06 22:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-26 19:07 - 2012-05-09 10:42 - 00000000 ____D () C:\Users\ricksingh\AppData\Local\Research In Motion
2014-10-26 08:37 - 2012-05-23 13:33 - 00003896 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658UA
2014-10-26 08:37 - 2012-05-23 13:33 - 00003500 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658Core
2014-10-26 08:37 - 2012-05-23 13:33 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658UA.job
2014-10-20 00:30 - 2013-05-05 13:05 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 00:30 - 2013-05-05 13:05 - 00003642 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 00:30 - 2013-05-05 13:05 - 00000898 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 11:58 - 2009-07-14 00:32 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
2014-10-06 07:59 - 2012-04-19 20:21 - 00051348 __RSH () C:\Users\ricksingh\ntuser.pol
2014-10-06 07:00 - 2012-04-18 11:16 - 00283182 __RSH () C:\ProgramData\ntuser.pol

Files to move or delete:
====================
C:\ProgramData\1IP8eJ.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-27 17:44

==================== End Of Log ============================

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by ricksingh at 2014-11-04 15:18:09
Running from \\FILE-NA1-03\USERDATA1$\ricksingh\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Tools for .Net 3.5 (x32 Version: 3.11.50727 - Microsoft Corporation) Hidden
64 Bit HP BiDi Channel Components Installer (Version: 1.2.0.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.4.0 - Adobe Systems)
Adobe Flash Player - Disable Auto Updates (HKLM-x32\...\{AFE20C85-9C73-45F1-B649-E5EBB2A57174}) (Version: 1.0.0 - BWE)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\{58597FDC-CDF0-4760-A57C-250DF09F4A21}) (Version: 12.0.2.122 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Beyond Compare Version 2.5.3 (HKLM-x32\...\BC2_is1) (Version:  - Scooter Software)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.37 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.37 - Research In Motion Ltd.) Hidden
BlackBerry USB and Modem Drivers 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.43 - Research In Motion Ltd.)
BlackBerry USB and Modem Drivers 7.0 (x32 Version: 7.0.0.43 - Research In Motion Ltd.) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BootRacer (HKLM-x32\...\{FC30C28B-4A8B-4556-8C26-386749384016}) (Version: 4.7.1.370 - Greatis Software, LLC)
Cisco AnyConnect Posture Module (HKLM-x32\...\{9E5BB719-AD76-4544-AEB4-CF7777F717BB}) (Version: 3.0.3050 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.02026 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.02026 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect BWE Active X Controls (HKLM-x32\...\{490B9E1B-B5D1-4C50-8175-50898AC069E8}) (Version: 1.00.0000 - Your Company Name)
Cisco AnyConnect BWE VPN Profile (HKLM-x32\...\{AA003535-3718-43E5-AFDB-14D4E39BBEBF}) (Version: 1.00.0000 - BWE)
Cisco Hostscan (HKLM-x32\...\{542D7DFD-D2F2-4970-8DED-7153576C959F}) (Version: 3.6.181 - Cisco)
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.1.44.1 - Citrix Systems, Inc.)
Colligo Email Manager (HKLM\...\{30B39E94-3406-43C9-B009-D139966C6F2B}) (Version: 5.5.7 - Colligo Networks)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.0 - Conexant)
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
Constellation Energy Group WyPen 3.0 (HKLM-x32\...\CEG WyPen 3.0) (Version:  - )
DeployHelper (HKCU\...\bbbd082df607a4cd) (Version: 1.0.1.33 - BWE)
DisplayLink Core Software (HKLM\...\{BB07E020-7224-4EC3-864E-2AA0BF42A7DD}) (Version: 7.4.51572.0 - DisplayLink Corp.)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
eDocPrinter PDF Pro 6.82(x64) MSI (HKLM\...\{E3DF0404-F1F8-413F-BA22-EB078976299B}) (Version: 6.82.6139 - ITeksoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Forefront Identity Manager Add-ins and Extensions (HKLM\...\{82602802-91A2-449B-98BF-7F86BDE7F7E5}) (Version: 4.0.2592.0 - Microsoft Corporation)
Forefront Identity Manager Add-ins and Extensions LP (HKLM\...\{21BC06BD-3E55-4EFD-A5B6-EB9B241845F6}) (Version: 4.0.2592.0 - Microsoft Corporation)
fxAct (HKLM-x32\...\{2100FD7E-7B0A-4E78-9088-CA79B33C5807}) (Version: 2.4.1 - RPSystems)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Instant Meeting Web Moderator Link (HKLM-x32\...\Instant Meeting Web Moderator Link) (Version:  - )
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java™ 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
Lenovo USB Graphics (HKLM\...\{7257526E-B74A-488E-BA2E-56327482B06B}) (Version: 7.4.51587.0 - Lenovo)
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Lotus Notes 8.5.2 (HKLM-x32\...\{E11DFB27-BAF4-46D6-AD76-D5519C0E6786}) (Version: 8.52.10222 - IBM)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{7B5ABC68-4641-4CEF-BD5B-E30407CF2B2C}) (Version: 2.0.5301.1 - Microsoft Corporation)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Access Runtime 2010 (HKLM-x32\...\Office14.AccessRT) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{342C9BB8-65A0-46DE-AB7A-8031E151AF69}) (Version: 4.6.1.20870 - Microsoft Corporation)
Microsoft Application Virtualization Desktop Client (HKLM-x32\...\{5D80483C-D297-4E04-9EDF-DD58521E9565}) (Version: 4.6.2.24020 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 - Visual Studio 2010 Tools (HKLM-x32\...\{C912D6C8-B870-42AB-BB22-9AC7AF09798D}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}) (Version: 3.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages - Visual Studio 2010 Tools (HKLM-x32\...\{A879B90E-B62C-4DA4-9C3F-79A1A6CFAAF9}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4445 - Microsoft Corporation)
Microsoft Office 2010 Deployment Kit for App-V (HKLM-x32\...\{90140000-0073-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Primary Interop Assemblies (HKLM-x32\...\{90140000-1105-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1024 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint 2010 Interactive Guide (HKLM-x32\...\{2C52AA7A-9445-4788-8605-51DEA1A6F387}) (Version: 1.2.1 - Microsoft)
Microsoft Project Standard 2010 (HKLM-x32\...\Office14.PRJSTD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Books Online (HKLM-x32\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.3 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2008 Power Tools - October 2008 (HKLM-x32\...\{E8085D3C-7185-4A58-A6DD-27C4507CF179}) (Version: 2.3.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Power Tools (HKLM-x32\...\{B102139C-0734-4E39-8CB3-242854F118E2}) (Version: 10.0.41206.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{64D5BBC6-5270-3711-AA39-31C1087AF4E6}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2008 Team Explorer - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Team Explorer - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Team Explorer - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{766B3A7A-B5AE-33F5-9858-75E692799C84}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 6.0 Enterprise Edition (HKLM-x32\...\Visual Studio 6.0 Enterprise Edition) (Version:  - )
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Premium 2012 (HKLM-x32\...\{ddf0bb95-e254-447e-8472-3470057d9c7e}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio Team System 2008 Development Edition - ENU (HKLM-x32\...\Microsoft Visual Studio Team System 2008 Development Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio Team System 2008 Development Edition - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{6721AC10-3743-38F1-B178-C0EC6C9A4108}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5294.17011 - Microsoft Corporation)
Mozilla Firefox 14.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 14.0.1 (x86 en-US)) (Version: 14.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 14.0.1 - Mozilla)
MS_OfficeCalenderControl_1.0 (HKLM-x32\...\{6D3FD0A3-F55B-4A63-A766-45D11316346C}) (Version: 1.00.0000 - BWE)
MS_Outlook_Office2010Pre-Reqs_1.0 (HKLM-x32\...\{F273B808-A969-4123-913A-D9001BEFC129}) (Version: 1.00.0000 - BWE)
MSDN Library - October 2001 (HKLM-x32\...\MSDN Library - October 2001) (Version:  - )
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyGeneration 1.3 (remove only) (HKLM-x32\...\MyGeneration13) (Version:  - )
NuGet (HKLM-x32\...\{BE8DCA37-A15A-4C0B-B601-D18AC34C944D}) (Version: 1.0.20105.0 - Microsoft Corporation)
Oracle Java - SSVAgent (HKLM-x32\...\{D2666929-E6E8-4B2D-A9EB-C3FA2518F453}) (Version: 1.0.0 - BWE)
Oubliette 1.9.5 (HKLM-x32\...\Oubliette_is1) (Version:  - )
Password Manager (HKLM-x32\...\{3EBDB092-58EB-4809-9106-CB3C38612BF2}) (Version: 2.0.1 - BWE)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
rsclientprint (HKLM-x32\...\{BE775B2B-3662-46E7-AABF-F8CA8BD9CEDA}) (Version: 1.00.0000 - TW)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{54846D1D-E5D5-4A28-AA6D-7208259007EA}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003A-0000-0000-0000000FF1CE}_Office14.PRJSTD_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
SnapComms Client (HKLM-x32\...\{ECE0B9B6-E596-11E1-AF2A-0003FF319E3E}) (Version: 3.0.417 - SnapComms Limited)
SQL Compare 10 (HKLM-x32\...\{F64706F8-A22D-4570-9A7A-5733434874BE}) (Version: 10.1.0.102 - Red Gate Software Ltd)
SQL Data Compare 10 (HKLM-x32\...\{DFF45DAC-BEDC-4788-8C70-DA9C88884B9E}) (Version: 10.0.1.119 - Red Gate Software Ltd)
SQL Prompt 5 (HKLM-x32\...\{435B9405-96CC-4C87-8603-1CEA4E1A2EC3}) (Version: 5.2.8.2 - Red Gate Software Ltd)
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Symantec Enterprise Vault Outlook Add-In 10.0.2.1210 (HKLM-x32\...\{817220AB-B36A-4AD2-A15F-D57779A8ACE7}) (Version: 10.0.9402 - Symantec Corporation)
TextPad 5 (HKLM-x32\...\{B32C6A80-3A49-4BDF-967E-43ED4E38286A}) (Version: 5.0.3 - <no manufacturer>)
TextPad 5 (HKLM-x32\...\{B6EC7388-E277-4A5B-8C8F-71067A41BA64}) (Version: 5.4.2 - Helios)
ThinkPad Basic USB 3.0 Dock (HKLM-x32\...\{8B294E72-A417-489C-B55F-9259C1EDFADB}_is1) (Version: 1.07.46 - Lenovo Group Limited)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.62.00.00 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - )
ThinkPad USB 3.0 Dock (HKLM-x32\...\{69109A9C-1D00-4A84-9ABF-AAE9CADD20DD}) (Version: 1.07.15 - Lenovo)
BWE CIS Outlook Addin (HKLM-x32\...\{3204D316-C380-4013-9220-2E78802F5761}) (Version: 1.1.8 - BWE)
BWE Room Reservation Outlook Addin 1.4 (US) (HKLM-x32\...\{C01C73F0-B4AF-4D99-9EE1-74D4B3D14F3E}) (Version: 1.4 - BWE)
BWE Room Reservation Outlook Addin 2.1.6 (US) (HKLM-x32\...\{F6DE897F-1F03-4BC0-B3E4-79DD90957681}) (Version: 2.1.6 - BWE)
TreeSize Free V3.0.1 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.0.1 - JAM Software)
TW Disable send to bluetooth within MS Office 2010 (HKLM-x32\...\{0FE5F5EB-FBE7-418F-937D-FAD1D81BF7D4}) (Version: 1.0.0 - BWE)
TW FIM Registration_1.0 (HKLM-x32\...\{08469898-7968-4B39-9382-94D8D0C7E6BB}) (Version: 1.00.0000 - BWE)
TW Office Tools x64 (HKLM\...\{1677BF60-B953-4144-B847-7C28C0E87111}) (Version: 1.00.0000 - Your Company Name)
TW_RunPrograms_1.0 (HKLM-x32\...\{D2AB329D-3CE5-4EE3-A0C7-EDBDFFA79173}) (Version: 1.00.0000 - BWE)
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
visionapp Remote Desktop 2011 (HKLM-x32\...\visionapp Remote Desktop 2011) (Version: 7.0.3328.0 - visionapp AG)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01 (HKLM-x32\...\{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x64 Runtime - v9.0.30729.01 (HKLM-x32\...\{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.30729 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}) (Version: 15.0.9334 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1082\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4255863253-1233835171-2685878428-108658_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\ricksingh\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2013-01-21 20:23 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FED2F2B-2E56-4F09-80FC-CE9D72444340} - System32\Tasks\task83792707 => C:\Users\ricksingh\AppData\Roaming\AcVxzDUdaGKeNRrGknzO.exe <==== ATTENTION
Task: {4AC4617B-9F70-45D5-B754-F00813DC13BE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658Core => C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23] (Google Inc.)
Task: {51273FE4-C780-476D-8CB0-CCAA1AFA8BFE} - System32\Tasks\Health Check Tool => Cscript.exe "C:\Program Files\SMS\Health Check Tool\Scripts\Health Check Tool.wsf"
Task: {76B5FD3D-6804-41D8-9428-59929018441F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-05] (Google Inc.)
Task: {C1F224FE-7350-411A-A56A-D4B3F02A8223} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-05] (Google Inc.)
Task: {D8408C4F-BD30-474F-A9EE-9BD9892CFAD5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658UA => C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-23] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658Core.job => C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4255863253-1233835171-2685878428-108658UA.job => C:\Users\ricksingh\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-08-19 00:07 - 2011-08-19 00:07 - 00020480 _____ () C:\WINDOWS\SysWOW64\PasswordManager.exe
2013-04-04 01:09 - 2013-04-04 01:09 - 04300432 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-12-06 19:42 - 2011-12-06 19:42 - 00292168 _____ () C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\TfsShellExt.DLL
2011-12-06 19:42 - 2011-12-06 19:42 - 00019272 _____ () C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\amd64\TfsComProviderStub.DLL
2011-09-01 21:24 - 2011-03-31 13:29 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-09-01 21:18 - 2011-04-10 04:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-18 10:56 - 2010-10-26 07:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2014-07-15 04:10 - 2013-02-27 13:27 - 00106496 _____ () C:\Program Files (x86)\Lenovo\Basic USB Dock\IgfxTskMgr.exe
2012-12-13 08:45 - 2012-12-13 08:45 - 00063560 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-12-06 19:41 - 2011-12-06 19:41 - 00017736 _____ () C:\Program Files (x86)\Microsoft Team Foundation Server 2010 Power Tools\x86\TfsComProviderStub.DLL
2014-10-26 19:07 - 2014-10-26 19:06 - 00312832 _____ () C:\Users\ricksingh\AppData\Local\Research In Motion\Buizckjt.dll
2013-04-04 01:09 - 2013-04-04 01:09 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-11-03 11:42 - 2014-11-03 11:42 - 00718152 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\libglesv2.dll
2014-11-03 11:42 - 2014-11-03 11:42 - 00126280 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\libegl.dll
2014-11-03 11:42 - 2014-11-03 11:42 - 08537928 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\pdf.dll
2014-11-03 11:42 - 2014-11-03 11:42 - 00353096 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-11-03 11:42 - 2014-11-03 11:42 - 01732936 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\ffmpegsumo.dll
2014-11-03 11:42 - 2014-11-03 11:42 - 14669128 _____ () C:\Users\ricksingh\AppData\LocalLow\Sun\Fbjiyoobly\zidopweqbhzw\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

ASPNET (S-1-5-21-49469614-2514857408-7009707-1004 - Limited - Enabled)
Guest (S-1-5-21-49469614-2514857408-7009707-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-49469614-2514857408-7009707-500 - Administrator - Enabled) => C:\Users\LocalAdmin
Sidhoo (S-1-5-21-49469614-2514857408-7009707-1015 - Limited - Enabled)
SQLServerLocal (S-1-5-21-49469614-2514857408-7009707-1006 - Limited - Enabled) => C:\Users\SQLServerLocal

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2014 11:42:17 AM) (Source: TFSShellExt) (EventID: 3) (User: )
Description: Team Foundation services are not available from server ntcmwtfs01.us.datacenters.ww.
Technical information (for administrator):
  Unable to connect to the remote server

Error: (11/03/2014 11:41:17 AM) (Source: SmsClient) (EventID: 11800) (User: )
Description: ScopeId_AF06609C-B3EC-4F77-874E-25FF5F015EB8/Baseline_d0c83833-974d-4eed-9367-9f613a07dec21Failed to download baseline CI Id ScopeId_AF06609C-B3EC-4F77-874E-25FF5F015EB8/Baseline_d0c83833-974d-4eed-9367-9f613a07dec2, version 6.00.

Error: (10/31/2014 04:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16866, time stamp: 0x53211297
Faulting module name: Flash32_14_0_0_145.ocx, version: 14.0.0.145, time stamp: 0x53aa18ec
Exception code: 0xc0000005
Fault offset: 0x005d9039
Faulting process id: 0x1ef4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/31/2014 08:53:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3554

Start Time: 01cff46db3c71ba3

Termination Time: 134

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/29/2014 09:35:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.16866 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 36bc

Start Time: 01cff39c2a4653f0

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (10/29/2014 00:17:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16866, time stamp: 0x53211297
Faulting module name: Flash32_14_0_0_145.ocx, version: 14.0.0.145, time stamp: 0x53aa18ec
Exception code: 0xc0000005
Fault offset: 0x005d9039
Faulting process id: 0x2550
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (10/29/2014 00:09:09 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: INTERNAL)
Description: Application or service 'Internet Explorer' could not be shut down.

Error: (10/28/2014 09:45:23 AM) (Source: Group Policy Files) (EventID: 8198) (User: NT AUTHORITY)
Description: The user 'deployment.properties' preference item in the 'PROD - Workstation - Java Configuration {4354AF29-B608-4CCE-8514-F0D29271A6E6}' Group Policy object was not removed because it failed with error code ''%user00790275

Error: (10/28/2014 07:58:18 AM) (Source: Group Policy Files) (EventID: 8192) (User: NT AUTHORITY)
Description: The user 'deployment.properties' preference item in the 'PROD - Workstation - Java Configuration {4354AF29-B608-4CCE-8514-F0D29271A6E6}' Group Policy object did not apply because it failed with error code '0x80070035 The network path was not found.'%user00790275

Error: (10/27/2014 10:08:00 PM) (Source: TFSShellExt) (EventID: 3) (User: )
Description: Team Foundation services are not available from server ntcmwtfs01.us.datacenters.ww.
Technical information (for administrator):
  Unable to connect to the remote server

System errors:
=============
Error: (11/04/2014 02:42:22 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1285.0

 Update Source: %NT AUTHORITY49

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/04/2014 01:43:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/04/2014 01:19:29 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain INTERNAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/04/2014 00:27:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: INTERNAL)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (11/04/2014 10:42:20 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1285.0

 Update Source: %NT AUTHORITY49

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/04/2014 10:39:46 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.187.1195.0

 Update Source: %NT AUTHORITY49

 Update Stage: 4.5.0216.00

 Source Path: 4.5.0216.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (11/04/2014 09:00:32 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain INTERNAL due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (11/04/2014 08:55:56 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/04/2014 08:53:22 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (11/03/2014 07:35:52 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Microsoft Office Sessions:
=========================
Error: (11/03/2014 11:42:17 AM) (Source: TFSShellExt) (EventID: 3) (User: )
Description: Team Foundation services are not available from server ntcmwtfs01.us.datacenters.ww.
Technical information (for administrator):
  Unable to connect to the remote server

Error: (11/03/2014 11:41:17 AM) (Source: SmsClient) (EventID: 11800) (User: )
Description: ScopeId_AF06609C-B3EC-4F77-874E-25FF5F015EB8/Baseline_d0c83833-974d-4eed-9367-9f613a07dec26.00

Error: (10/31/2014 04:08:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1686653211297Flash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d90391ef401cff512095a7175C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx1308185b-6142-11e4-bd79-60d819b18d1a

Error: (10/31/2014 08:53:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.16866355401cff46db3c71ba3134C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/29/2014 09:35:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE10.0.9200.1686636bc01cff39c2a4653f060C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (10/29/2014 00:17:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.1686653211297Flash32_14_0_0_145.ocx14.0.0.14553aa18ecc0000005005d9039255001cff2c2fdbece9fC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\SysWOW64\Macromed\Flash\Flash32_14_0_0_145.ocx6420cace-5f8f-11e4-bd79-60d819b18d1a

Error: (10/29/2014 00:09:09 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: INTERNAL)
Description: 1C:\Program Files (x86)\Internet Explorer\iexplore.exeInternet Explorer0111795520

Error: (10/28/2014 09:45:23 AM) (Source: Group Policy Files) (EventID: 8198) (User: NT AUTHORITY)
Description: userdeployment.propertiesPROD - Workstation - Java Configuration {4354AF29-B608-4CCE-8514-F0D29271A6E6}

Error: (10/28/2014 07:58:18 AM) (Source: Group Policy Files) (EventID: 8192) (User: NT AUTHORITY)
Description: userdeployment.propertiesPROD - Workstation - Java Configuration {4354AF29-B608-4CCE-8514-F0D29271A6E6}0x80070035 The network path was not found.

Error: (10/27/2014 10:08:00 PM) (Source: TFSShellExt) (EventID: 3) (User: )
Description: Team Foundation services are not available from server ntcmwtfs01.us.datacenters.ww.
Technical information (for administrator):
  Unable to connect to the remote server

CodeIntegrity Errors:
===================================
  Date: 2013-01-21 20:22:55.828
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-21 20:22:55.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-01-04 11:36:53.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\8f79be2a18406a717b164a676a032598\1dd7a01a3abec64c93bf42bb682f\c10c61b4c0dab4f98f00\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-04 11:36:53.896
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\8f79be2a18406a717b164a676a032598\1dd7a01a3abec64c93bf42bb682f\c10c61b4c0dab4f98f00\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-04 11:36:53.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\8f79be2a18406a717b164a676a032598\1dd7a01a3abec64c93bf42bb682f\c10c61b4c0dab4f98f00\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-04 11:36:53.841
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\8f79be2a18406a717b164a676a032598\1dd7a01a3abec64c93bf42bb682f\c10c61b4c0dab4f98f00\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appid.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 51%
Total physical RAM: 8071.23 MB
Available physical RAM: 3944.83 MB
Total Pagefile: 16140.65 MB
Available Pagefile: 11527.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (v1-07 64-bit) (Fixed) (Total:148.75 GB) (Free:8.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 554671EB)
Partition 1: (Not Active) - (Size=148.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:40 PM

Posted 09 November 2014 - 02:51 PM

Is this a personal computer or a company owned computer?



#5 RickSingh

RickSingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 09 November 2014 - 06:15 PM

It is a company owned computer.



#6 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:04:40 PM

Posted 10 November 2014 - 05:13 PM

Do you have permission to fix this computer?



#7 RickSingh

RickSingh
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:40 PM

Posted 10 November 2014 - 11:12 PM

My virus scan successfully removed this Trojan from my computer and it seems to be running fine for at least a day now. Thanks for your help.


Edited by RickSingh, 10 November 2014 - 11:24 PM.


#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:03:40 PM

Posted 26 January 2015 - 11:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users