Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Kryptnik varient & Zbot.gen!AP - Bogging down machine


  • This topic is locked This topic is locked
20 replies to this topic

#1 Lakee911

Lakee911

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 07 November 2014 - 07:39 AM

Hello,

 

   First of all, thank you for the help!

 

   I've got an infection of a kryptnik trojan and Zbot.gen!AP. The first isn't being caught by Microsoft Forefront, but I've uploaded it to virustotal.com to determine it's name. I had been instructed to try ComboFix by our IT department, it cleaned my PC but it has quickly come back. This time it seems to be living in C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe. The first occurrence was causing tons of dllhost.exe * 32 processes to run, now I'm getting a ton of the svchost processes. Any attempt to delete the kryptnik trojan or it's registry entries is futile. It just comes back. 

 

   So, I've since unplugged from the network and I'm coming here for help. 

 

   When we get this fixed up, please contact me privately and let me know I can repay someone for the help they're providing!

 

 

   I'm pasting DDS.txt below and attaching attach.txt to this message. Seems fairly consistent with what I've read/observed.

 

DDS.txt:


DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.4.1
Run by JAdvani at 7:18:11 on 2014-11-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.24533.20255 [GMT -5:00]
.
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\windows\system32\atieclxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe
C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\windows\System32\alg.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
C:\windows\SysWOW64\CCM\SmsClrHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\WUDFHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://apod.nasa.gov/apod/astropix.html
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: ZeonIEEventHelper Class: {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - 
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: DocuCom PDF: {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - 
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: F12 Developer Tools: {28BCCB9A-E66B-463C-82A4-09F320DE94D7} - C:\Program Files (x86)\Internet Explorer\F12Tools.dll
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
uRun: [OicniGcayl] regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat"
uRun: [Ufgoekgabazerya] C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Ufgoekgabazerya] C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: Open with PDF Professional 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
Trusted Zone: hazenandsawyer.com
Trusted Zone: hazenandsawyer.com
Trusted Zone: microsoft.com
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://99.177.171.62:4549/cab/OCXChecker_8000.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - 
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
TCP: NameServer = 192.168.46.9 192.168.13.9 172.30.2.3
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3} : DHCPNameServer = 192.168.46.9 192.168.13.9 172.30.2.3
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\35F6E656374716027457563747 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\A41637F6E6 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\D425745756374713 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\E45445745414254333 : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\E45445745414254333 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3E3C9735-23A1-4FFF-A11B-E4432FC00C23} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3E3C9735-23A1-4FFF-A11B-E4432FC00C23} : DHCPNameServer = 192.168.46.9 192.168.13.9 172.30.2.3
TCP: Interfaces\{427EF8A8-EDA0-4008-894E-53BCD227CF2D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{7EF41D73-919A-4541-9ECE-466910984CA0} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{AD806CA5-6E81-4C0C-AFC6-8422055D2133} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E244EA7A-0C70-4EBB-82D5-66765953A94D} : NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{FD6B9AAE-C2FE-4853-B1A5-F4208CBDD80E} : NameServer = 8.8.8.8,8.8.8.8
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: bcikmao - C:\Users\jadvani\AppData\Local\bcikmao.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
x64-BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Asydzokeysot] "C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe"
x64-Run: [Ufgoekgabazerya] "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-21 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\windows\System32\drivers\stdcfltn.sys [2012-4-26 22128]
R1 VirtualBackplane;A-B Virtual Backplane;C:\windows\System32\drivers\VirtualBackplane.sys [2011-6-2 51200]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-11-6 89600]
R2 aksdf;aksdf;C:\windows\System32\drivers\aksdf.sys [2012-7-12 65024]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2014-9-15 239616]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-5-8 2279960]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [2010-5-17 1122568]
R2 FactoryTalk Gateway;FactoryTalk Gateway;C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [2010-8-26 387432]
R2 FileOpenManagerSvc;FileOpen Manager Service;C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [2012-4-30 334720]
R2 FTActivationBoost;FactoryTalk Activation Helper;C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2011-5-31 152936]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2010-8-17 2024864]
R2 MSSQL$CHROMATRACE;SQL Server (CHROMATRACE);C:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe [2014-7-12 58387104]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [2010-4-3 42884448]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 125584]
R2 PDFProFiltSrv;PDFProFiltSrv;C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [2011-9-9 135016]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2012-4-3 287016]
R2 SWIPsec;SonicWALL IPsec Driver;C:\windows\System32\drivers\SWIPsec.sys [2013-6-28 100128]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-1-26 5095264]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-26 2594584]
R3 Acceler;Accelerometer Service;C:\windows\System32\drivers\accelern.sys [2012-4-26 27760]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-4-26 172960]
R3 cvusbdrv;Dell ControlVault;C:\windows\System32\drivers\cvusbdrv.sys [2012-4-26 38440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2012-4-26 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2012-4-26 181248]
R3 O2MDRRDR;O2MDRRDR;C:\windows\System32\drivers\O2MDRw7x64.sys [2012-4-26 74984]
R3 O2SDJRDR;O2SDJRDR;C:\windows\System32\drivers\o2sdjw7x64.sys [2012-4-26 83560]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\windows\System32\drivers\teamviewervpn.sys [2013-1-26 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 GOVsrv8;Goverlan Service v8;"C:\Program Files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE" --> C:\Program Files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-4-26 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-11-6 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2011-11-18 71168]
S3 EventServer;Rockwell Event Server;C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe [2011-5-27 250216]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-7 1431888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-20 111616]
S3 LogReceiver;LogReceiver;C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2011-6-24 80232]
S3 NmspHost;Rockwell Namespace Services;C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe [2011-5-27 224104]
S3 O2MDFRDR;O2MDFRDR;C:\windows\System32\drivers\o2mdfw7x64.sys [2012-4-26 72808]
S3 PrintNotify;Printer Extensions and Notifications;C:\windows\System32\svchost.exe -k print [2009-7-13 27136]
S3 RdcyHost;Rockwell Redundancy Services;C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe [2011-5-27 224104]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-21 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\windows\System32\drivers\SWVNIC.sys [2010-1-23 24600]
S3 tcm;tcm;C:\windows\System32\drivers\tcm.sys [2012-4-26 17048]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-9-8 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2011-9-25 61976]
S4 RsFx0105;RsFx0105 Driver;C:\windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$CHROMATRACE;SQL Server Agent (CHROMATRACE);C:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\SQLAGENT.EXE [2014-7-12 441504]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 367456]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1"
ShellExec: acad.exe: open="C:\Program Files\Autodesk\AutoCAD MEP 2011\acad.exe"
.
=============== Created Last 30 ================
.
2014-11-07 12:02:41 -------- d-----w- C:\Users\jadvani\AppData\Roaming\Ywykduxe
2014-11-07 12:01:46 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5565A60-61E4-48C2-85E2-112A6D34E3EE}\offreg.dll
2014-11-07 12:01:03 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DED3CEA8-30CC-4E66-B644-BFC0F77481E8}\gapaengine.dll
2014-11-07 12:00:45 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5565A60-61E4-48C2-85E2-112A6D34E3EE}\mpengine.dll
2014-11-07 11:42:26 -------- d-sh--w- C:\$RECYCLE.BIN
2014-11-06 23:46:25 98816 ----a-w- C:\windows\sed.exe
2014-11-06 23:46:25 256000 ----a-w- C:\windows\PEV.exe
2014-11-06 23:46:25 208896 ----a-w- C:\windows\MBR.exe
2014-11-06 23:37:41 -------- d-----w- C:\ProgramData\OicniGcayl
2014-11-06 22:28:30 270 ----a-w- C:\Users\jadvani\clear.bat
2014-11-06 22:02:39 -------- d-----w- C:\FRST
2014-11-06 19:08:11 293570 ----a-w- C:\windows\SysWow64\iwipgosyo.exe
2014-11-06 19:08:08 293570 ----a-w- C:\windows\SysWow64\tiezzayxga.exe
2014-11-06 18:17:06 11627712 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-04 23:47:07 -------- d-----w- C:\ProgramData\AMD
2014-11-04 23:47:05 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-11-04 23:47:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2014-11-04 23:29:32 -------- d-----w- C:\Program Files\AMD
2014-11-04 23:26:22 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2014-11-04 22:41:41 -------- d-----w- C:\Users\jadvani\AppData\Roaming\FrameworkUpdate7
2014-11-04 16:00:01 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12625070-B749-454B-9159-31F922854213}\gapaengine.dll
2014-11-03 11:46:26 523294 ----a-w- C:\sav752D.tmp
2014-10-20 11:30:44 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-10-20 11:28:50 81560 ----a-w- C:\windows\SysWow64\mscories.dll
2014-10-20 11:28:50 73880 ----a-w- C:\windows\System32\mscories.dll
2014-10-20 11:28:50 1943696 ----a-w- C:\windows\System32\dfshim.dll
2014-10-20 11:28:50 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
2014-10-20 11:28:50 156312 ----a-w- C:\windows\System32\mscorier.dll
2014-10-20 11:28:50 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-10-20 11:22:51 276480 ----a-w- C:\windows\System32\generaltel.dll
2014-10-20 11:22:50 507392 ----a-w- C:\windows\System32\aepdu.dll
2014-10-20 11:22:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-20 11:16:28 3241472 ----a-w- C:\windows\System32\msi.dll
2014-10-20 11:16:28 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-20 11:14:11 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-20 11:13:49 424448 ----a-w- C:\windows\System32\rastls.dll
2014-10-20 11:13:49 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-10-20 11:09:53 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-10-20 11:09:50 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-10-20 11:09:21 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2014-10-20 11:09:21 22016 ----a-w- C:\windows\System32\credssp.dll
2014-10-20 11:09:20 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-10-20 11:09:17 212480 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2014-10-20 11:09:17 150528 ----a-w- C:\windows\System32\rdpcorekmts.dll
2014-10-20 11:09:15 455168 ----a-w- C:\windows\System32\winlogon.exe
2014-10-20 11:09:05 235520 ----a-w- C:\windows\System32\winsta.dll
2014-10-20 11:09:05 157696 ----a-w- C:\windows\SysWow64\winsta.dll
2014-10-20 11:09:04 681984 ----a-w- C:\windows\System32\termsrv.dll
2014-10-20 11:08:29 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-10-20 11:08:28 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-10-20 11:08:01 77312 ----a-w- C:\windows\System32\packager.dll
2014-10-20 11:08:01 67072 ----a-w- C:\windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-11-04 19:30:58 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-24 12:53:17 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 12:53:17 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-15 23:21:34 51200 ----a-w- C:\windows\System32\kdbsdk64.dll
2014-09-15 23:19:58 38912 ----a-w- C:\windows\SysWow64\kdbsdk32.dll
2014-09-15 22:32:00 78432 ----a-w- C:\windows\System32\atimpc64.dll
2014-09-15 22:32:00 78432 ----a-w- C:\windows\System32\amdpcom64.dll
2014-09-15 22:32:00 71704 ----a-w- C:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32:00 71704 ----a-w- C:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31:50 144328 ----a-w- C:\windows\System32\atiuxp64.dll
2014-09-15 22:31:48 126848 ----a-w- C:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31:46 118096 ----a-w- C:\windows\System32\atiu9p64.dll
2014-09-15 22:31:44 100032 ----a-w- C:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31:42 1335544 ----a-w- C:\windows\System32\aticfx64.dll
2014-09-15 22:31:40 1113576 ----a-w- C:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31:34 10826488 ----a-w- C:\windows\System32\atidxx64.dll
2014-09-15 22:31:30 9254184 ----a-w- C:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31:22 7207592 ----a-w- C:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31:16 7028336 ----a-w- C:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31:06 8044976 ----a-w- C:\windows\System32\atiumd6a.dll
2014-09-15 22:31:02 8296296 ----a-w- C:\windows\System32\atiumd64.dll
2014-09-15 22:29:04 293088 ----a-w- C:\windows\System32\drivers\amdacpksd.sys
2014-09-15 22:26:58 16750080 ----a-w- C:\windows\System32\drivers\atikmdag.sys
2014-09-15 22:18:06 235008 ----a-w- C:\windows\System32\clinfo.exe
2014-09-15 22:18:02 995342 ----a-w- C:\windows\SysWow64\amdocl_as32.exe
2014-09-15 22:18:02 798734 ----a-w- C:\windows\SysWow64\amdocl_ld32.exe
2014-09-15 22:18:02 1187342 ----a-w- C:\windows\System32\amdocl_as64.exe
2014-09-15 22:18:02 1061902 ----a-w- C:\windows\System32\amdocl_ld64.exe
2014-09-15 22:18:00 98816 ----a-w- C:\windows\System32\OpenVideo64.dll
2014-09-15 22:17:58 83456 ----a-w- C:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17:56 86528 ----a-w- C:\windows\System32\OVDecode64.dll
2014-09-15 22:17:56 73216 ----a-w- C:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17:54 33867264 ----a-w- C:\windows\System32\amdocl64.dll
2014-09-15 22:17:04 28770304 ----a-w- C:\windows\SysWow64\amdocl.dll
2014-09-15 22:16:18 65024 ----a-w- C:\windows\System32\OpenCL.dll
2014-09-15 22:16:18 58880 ----a-w- C:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13:24 27918336 ----a-w- C:\windows\System32\atio6axx.dll
2014-09-15 22:09:38 48128 ----a-w- C:\windows\System32\amdmmcl6.dll
2014-09-15 22:09:36 37888 ----a-w- C:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09:10 127488 ----a-w- C:\windows\System32\mantle64.dll
2014-09-15 22:09:04 113664 ----a-w- C:\windows\SysWow64\mantle32.dll
2014-09-15 22:09:00 5639168 ----a-w- C:\windows\System32\amdmantle64.dll
2014-09-15 22:08:08 23375360 ----a-w- C:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07:48 367104 ----a-w- C:\windows\System32\atiapfxx.exe
2014-09-15 22:07:46 62464 ----a-w- C:\windows\System32\aticalrt64.dll
2014-09-15 22:07:44 52224 ----a-w- C:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07:42 55808 ----a-w- C:\windows\System32\aticalcl64.dll
2014-09-15 22:07:42 49152 ----a-w- C:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07:36 15716352 ----a-w- C:\windows\System32\aticaldd64.dll
2014-09-15 22:06:46 14302208 ----a-w- C:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05:52 4480000 ----a-w- C:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03:28 442368 ----a-w- C:\windows\System32\atidemgy.dll
2014-09-15 22:03:26 31232 ----a-w- C:\windows\System32\atimuixx.dll
2014-09-15 22:03:24 619008 ----a-w- C:\windows\System32\atieclxx.exe
2014-09-15 22:03:18 239616 ----a-w- C:\windows\System32\atiesrxx.exe
2014-09-15 22:03:12 91648 ----a-w- C:\windows\System32\mantleaxl64.dll
2014-09-15 22:03:08 85504 ----a-w- C:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03:04 190976 ----a-w- C:\windows\System32\atitmm64.dll
2014-09-15 21:59:40 827392 ----a-w- C:\windows\System32\coinst_14.30.dll
2014-09-15 21:59:20 1210880 ----a-w- C:\windows\System32\atiadlxx.dll
2014-09-15 21:59:16 900608 ----a-w- C:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59:14 75264 ----a-w- C:\windows\System32\atig6pxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59:12 69632 ----a-w- C:\windows\System32\atiglpxx.dll
2014-09-15 21:59:12 146944 ----a-w- C:\windows\System32\atig6txx.dll
2014-09-15 21:59:08 133632 ----a-w- C:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59:06 576000 ----a-w- C:\windows\System32\drivers\atikmpag.sys
2014-09-15 21:58:54 43520 ----a-w- C:\windows\System32\drivers\ati2erec.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
.
============= FINISH:  7:19:35.61 ===============
 
Thank you!


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:44 PM

Posted 12 November 2014 - 12:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/555128 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 12 November 2014 - 06:37 PM

I still need help. I've run DDS already and haven't used the PC since. I do not have Windows media readily available but I could probably round it up if I had to.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 13 November 2014 - 11:51 AM

Hello Lakee911,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Can you please also post the Combofix.txt log that should have been produced when you ran Combofix?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 13 November 2014 - 02:22 PM

Hello Fireman4IT. Thank you for your help! I've followed your instructions and I've posted the required log files below (in this message and the next):

 

 


Logfile: AdwCleaner[R0].txt

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 12:35:08
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jadvani - HSCMH-JADVANI
# Running from : C:\Users\jadvani\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\jadvani\AppData\LocalLow\Toolbar4
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.5
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7566 octets] - [13/11/2014 12:35:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7626 octets] ##########

 

 

 


Log file: AdwCleaner[S0].txt

 

# AdwCleaner v4.101 - Report created 13/11/2014 at 12:45:31
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : jadvani - HSCMH-JADVANI
# Running from : C:\Users\jadvani\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\jadvani\AppData\LocalLow\Toolbar4
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CouponBar5.0.0.5
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
 
-\\ Google Chrome v
 
[C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7782 octets] - [13/11/2014 12:35:08]
AdwCleaner[S0].txt - [7795 octets] - [13/11/2014 12:45:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7855 octets] ##########

Edited by Lakee911, 13 November 2014 - 02:26 PM.


#6 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 13 November 2014 - 02:24 PM

 
 
 

Log file: FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by jadvani (administrator) on HSCMH-JADVANI on 13-11-2014 12:53:36
Running from C:\Users\jadvani\Desktop
Loaded Profile: jadvani (Available profiles: jadvani & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe
(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\SmsClrHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\jadvani\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Asydzokeysot] => "C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe"
HKLM\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [293570 2014-11-07] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [293570 2014-11-07] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\bcikmao-x32: C:\Users\jadvani\AppData\Local\bcikmao.dll [X]
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19089056 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-05-23] (AMD)
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [OicniGcayl] => regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat"
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [293570 2014-11-07] ()
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://apod.nasa.gov/apod/astropix.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x980BB18768A8CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-510924518-477319906-751859383-66924\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-510924518-477319906-751859383-66924 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://99.177.171.62:4549/cab/OCXChecker_8000.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
Tcpip\Parameters: [DhcpNameServer] 192.168.46.9 192.168.13.9 172.30.2.3
Tcpip\..\Interfaces\{3E3C9735-23A1-4FFF-A11B-E4432FC00C23}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{427EF8A8-EDA0-4008-894E-53BCD227CF2D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7EF41D73-919A-4541-9ECE-466910984CA0}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AD806CA5-6E81-4C0C-AFC6-8422055D2133}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E244EA7A-0C70-4EBB-82D5-66765953A94D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FD6B9AAE-C2FE-4853-B1A5-F4208CBDD80E}: [NameServer] 8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: @citrixonline.com/appdetectorplugin -> C:\Users\jadvani\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: @tools.google.com/Google Update;version=3 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: @tools.google.com/Google Update;version=9 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: FlashGot - C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-01-09]
FF Extension: Greasemonkey - C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-09]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-10-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\jadvani\AppData\Local\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Java™ Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-13]
CHR Extension: (Google Search) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-13]
CHR Extension: (Google Wallet) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2013-12-06]
CHR Extension: (Gmail) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-13]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-09-11]
CHR StartMenuInternet: Google Chrome - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1122568 2010-05-17] (Acresso Software Inc.)
R2 FactoryTalk Gateway; C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [387432 2010-08-26] (Rockwell Automation, Inc.)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2012-04-30] (FileOpen Systems Inc.)
R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [152936 2011-05-31] (Rockwell Automation, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [80232 2011-06-24] (Rockwell Automation, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)
R2 MSSQL$CHROMATRACE; c:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 MSSQL$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 OpcEnum; C:\windows\SysWOW64\OpcEnum.exe [98304 2005-11-25] (OPC Foundation) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
S3 PrintNotify; C:\windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2013-07-27] (Microsoft Corporation) [File not signed]
S3 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [106344 2011-07-26] (Rockwell Automation, Inc.)
S3 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [212328 2011-07-26] (Rockwell Automation, Inc.)
S3 RSLinx; C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE [1996408 2010-09-24] (Rockwell Automation, Inc.)
S3 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [246120 2011-06-24] (Rockwell Automation, Inc.)
S3 smstsmgr; C:\windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$CHROMATRACE; c:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S4 SQLAgent$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
S2 GOVsrv; "C:\Program Files (x86)\PJ Technologies\GOVsrv\GovSrv.EXE" [X]
S2 GOVsrv8; "C:\Program Files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 prepdrvr; C:\windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2009-04-17] ()
R1 VirtualBackplane; C:\Windows\System32\DRIVERS\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 12:53 - 2014-11-13 12:54 - 00024838 _____ () C:\Users\jadvani\Desktop\FRST.txt
2014-11-13 12:35 - 2014-11-13 12:45 - 00000000 ____D () C:\AdwCleaner
2014-11-13 12:34 - 2014-11-13 12:36 - 02116608 _____ (Farbar) C:\Users\jadvani\Desktop\FRST64 (1).exe
2014-11-13 12:34 - 2014-11-13 12:33 - 02140160 _____ () C:\Users\jadvani\Desktop\AdwCleaner.exe
2014-11-07 07:19 - 2014-11-07 07:19 - 00057108 _____ () C:\Users\jadvani\Desktop\attach.txt
2014-11-07 07:19 - 2014-11-07 07:19 - 00033758 _____ () C:\Users\jadvani\Desktop\dds.txt
2014-11-07 07:02 - 2014-11-07 07:03 - 00001716 _____ () C:\Users\jadvani\Desktop\Rkill.txt
2014-11-07 07:02 - 2014-11-07 07:02 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\jadvani\Desktop\rkill64.exe
2014-11-07 07:02 - 2014-11-07 07:02 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\Ywykduxe
2014-11-07 06:52 - 2014-11-07 06:52 - 00063388 _____ () C:\ComboFix.txt
2014-11-06 18:46 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-06 18:46 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-06 18:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-06 18:41 - 2014-11-07 06:53 - 00000000 ____D () C:\Qoobox
2014-11-06 18:40 - 2014-11-07 06:50 - 00000000 ____D () C:\windows\erdnt
2014-11-06 18:39 - 2014-11-06 18:39 - 05591672 ____R (Swearware) C:\Users\jadvani\Downloads\ComboFix.exe
2014-11-06 18:37 - 2014-11-06 19:08 - 00000000 ____D () C:\ProgramData\OicniGcayl
2014-11-06 17:57 - 2014-11-06 17:57 - 00000063 _____ () C:\Users\jadvani\Desktop\New Text Document.txt
2014-11-06 17:57 - 2014-11-06 17:52 - 01188194 _____ () C:\Users\jadvani\Desktop\ProcessExplorer.zip
2014-11-06 17:57 - 2014-11-06 17:32 - 01121208 _____ () C:\Users\jadvani\Desktop\ProcessMonitor (1).zip
2014-11-06 17:52 - 2014-11-06 17:52 - 01188194 _____ () C:\Users\jadvani\Downloads\ProcessExplorer.zip
2014-11-06 17:32 - 2014-11-06 17:32 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor (2).zip
2014-11-06 17:32 - 2014-11-06 17:32 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor (1).zip
2014-11-06 17:28 - 2014-11-06 18:33 - 00000270 _____ () C:\Users\jadvani\clear.bat
2014-11-06 17:21 - 2014-11-13 12:47 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-11-06 17:06 - 2014-11-06 17:06 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\jadvani\Downloads\rkill.exe
2014-11-06 17:06 - 2014-11-06 17:06 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\jadvani\Desktop\rkill.exe
2014-11-06 17:03 - 2014-11-06 17:05 - 02114560 _____ (Farbar) C:\Users\jadvani\Desktop\FRST64.exe
2014-11-06 17:02 - 2014-11-13 12:53 - 00000000 ____D () C:\FRST
2014-11-06 14:10 - 2014-11-06 14:09 - 01121208 _____ () C:\Users\jadvani\Desktop\ProcessMonitor.zip
2014-11-06 14:09 - 2014-11-06 14:09 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor.zip
2014-11-06 14:08 - 2014-11-06 14:08 - 00003836 _____ () C:\windows\System32\Tasks\Security Center Update - 3414797000
2014-11-06 14:08 - 2014-11-06 14:08 - 00003836 _____ () C:\windows\System32\Tasks\Security Center Update - 3127520538
2014-11-06 14:08 - 2014-09-30 21:41 - 00293570 _____ () C:\windows\SysWOW64\tiezzayxga.exe
2014-11-06 14:08 - 2012-05-23 15:57 - 00293570 _____ () C:\windows\SysWOW64\iwipgosyo.exe
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\ProgramData\ATI
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\ProgramData\AMD
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-04 18:46 - 2014-11-04 18:46 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411041846457570.log
2014-11-04 18:46 - 2014-11-04 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD FirePro Control Center
2014-11-04 18:29 - 2014-11-04 18:29 - 00000000 ____D () C:\Program Files\AMD
2014-11-04 18:26 - 2014-11-04 18:26 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-11-04 17:42 - 2014-11-04 17:50 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-04 17:42 - 2014-11-04 17:50 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-04 17:41 - 2014-11-06 14:54 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\FrameworkUpdate7
2014-11-04 17:13 - 2014-11-04 17:13 - 00891224 _____ (AMD) C:\Users\jadvani\Downloads\amddriverdownloader (1).exe
2014-11-04 14:25 - 2014-11-04 14:25 - 00891224 _____ (AMD) C:\Users\jadvani\Downloads\amddriverdownloader.exe
2014-11-04 13:38 - 2014-11-04 13:41 - 286582040 _____ (AMD Inc.) C:\Users\jadvani\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-03 07:26 - 2014-11-03 07:26 - 00307391 _____ () C:\Users\jadvani\Documents\Attic-model1.skp
2014-11-03 06:51 - 2014-11-03 07:26 - 00231927 _____ () C:\Users\jadvani\Documents\attic-only.dwg
2014-11-03 06:51 - 2014-11-03 06:51 - 00232283 _____ () C:\Users\jadvani\Documents\attic-only.bak
2014-11-03 06:46 - 2014-11-03 06:46 - 00523294 _____ () C:\sav752D.tmp
2014-10-23 09:26 - 2014-10-23 09:37 - 00000000 ____D () C:\Users\jadvani\Desktop\New folder (2)
2014-10-21 14:17 - 2014-10-21 14:24 - 00000000 ____D () C:\Users\jadvani\AppData\OICE_15_974FA576_32C1D314_2F8F
2014-10-20 06:30 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-20 06:28 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-20 06:22 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-20 06:22 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-20 06:22 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-20 06:21 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-20 06:21 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-20 06:21 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-20 06:21 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-20 06:21 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-20 06:21 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-20 06:21 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-20 06:21 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-20 06:21 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-20 06:21 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-20 06:21 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-20 06:21 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-20 06:21 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-20 06:21 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-20 06:21 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-20 06:21 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-20 06:21 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-20 06:21 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-20 06:21 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-20 06:21 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-20 06:21 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-20 06:21 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-20 06:21 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-20 06:21 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-20 06:21 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-20 06:21 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-20 06:21 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 06:21 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-20 06:21 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-20 06:21 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-20 06:21 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-20 06:21 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-20 06:21 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-20 06:21 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-20 06:21 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-20 06:21 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-20 06:21 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-20 06:21 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-20 06:21 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-20 06:21 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-20 06:21 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-20 06:21 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-20 06:21 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-20 06:21 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-20 06:21 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-20 06:21 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-20 06:21 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-20 06:21 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-20 06:21 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-20 06:21 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-20 06:16 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-20 06:16 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-20 06:14 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-20 06:13 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-20 06:13 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-20 06:09 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-20 06:09 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-20 06:09 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-20 06:09 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-20 06:09 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-20 06:09 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-20 06:08 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-20 06:08 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-20 06:08 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-20 06:08 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-17 07:13 - 2014-10-17 07:13 - 00013266 _____ () C:\Users\jadvani\Documents\ITAVLC Receipt.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-13 12:53 - 2012-08-21 06:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-13 12:52 - 2012-05-07 06:35 - 01105016 _____ () C:\windows\WindowsUpdate.log
2014-11-13 12:48 - 2012-05-10 09:17 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 12:47 - 2012-07-05 14:19 - 00000461 _____ () C:\windows\SMSCFG.ini
2014-11-13 12:46 - 2011-11-18 14:36 - 00480454 _____ () C:\windows\PFRO.log
2014-11-13 12:46 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-13 12:46 - 2009-07-13 23:51 - 00008917 _____ () C:\windows\setupact.log
2014-11-13 12:38 - 2014-03-24 10:46 - 00000542 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924.job
2014-11-13 12:35 - 2009-07-13 23:45 - 00024832 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:35 - 2009-07-13 23:45 - 00024832 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 12:29 - 2012-06-13 05:57 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA.job
2014-11-10 15:14 - 2012-06-13 05:57 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core.job
2014-11-10 15:14 - 2012-05-10 09:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 13:03 - 2011-11-21 10:30 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-07 07:19 - 2009-07-14 00:13 - 00991242 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-07 06:42 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-11-07 06:39 - 2009-07-13 21:34 - 185073664 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 18350080 _____ () C:\windows\system32\config\SYSTEM.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-11-06 21:26 - 2014-09-30 12:05 - 00004978 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HSNY_LAN-jadvani HSCMH-JADVANI.hazenandsawyer.com
2014-11-06 18:42 - 2012-05-07 13:08 - 00000000 ____D () C:\Users\jadvani
2014-11-06 18:08 - 2012-05-07 08:20 - 00000000 ____D () C:\temp
2014-11-06 17:19 - 2014-06-16 07:33 - 724288512 _____ () C:\Users\jadvani\Documents\Clarksville Flood Recovery.pst
2014-11-06 17:19 - 2012-07-12 15:54 - 300688384 _____ () C:\Users\jadvani\Documents\Personal Folders.pst
2014-11-06 17:19 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-06 16:32 - 2013-08-08 09:20 - 00000000 ___RD () C:\Users\jadvani\Dropbox
2014-11-06 14:12 - 2013-08-15 05:36 - 00000000 ____D () C:\windows\system32\MRT
2014-11-06 14:04 - 2012-09-14 09:12 - 00002330 ____H () C:\Users\jadvani\Documents\Default.rdp
2014-11-06 13:27 - 2013-08-08 09:13 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\Dropbox
2014-11-06 13:21 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-11-06 13:17 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-06 09:45 - 2014-06-23 13:56 - 00004976 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {d8881d19-6628-485d-bf42-ed78e9a8887f} HSCMH-JADVANI.hazenandsawyer.com
2014-11-06 09:23 - 2012-05-10 08:06 - 00000000 ____D () C:\Users\jadvani\AppData\Local\Deployment
2014-11-06 09:21 - 2012-05-07 07:42 - 00000264 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-06 08:59 - 2012-05-07 07:44 - 00023666 __RSH () C:\ProgramData\ntuser.pol
2014-11-06 07:05 - 2012-05-07 13:08 - 00002574 __RSH () C:\Users\jadvani\ntuser.pol
2014-11-04 18:47 - 2012-05-08 09:15 - 00000000 ____D () C:\Library
2014-11-04 18:45 - 2012-11-06 11:19 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-04 18:02 - 2012-05-08 09:15 - 00000000 ____D () C:\Projects
2014-11-04 17:33 - 2012-04-26 20:37 - 00053256 _____ () C:\windows\DPINST.LOG
2014-11-04 13:24 - 2012-11-07 14:46 - 00000084 _____ () C:\windows\FW.INI
2014-11-04 10:44 - 2012-05-08 10:57 - 1328436764 _____ () C:\windows\MEMORY.DMP
2014-11-04 10:44 - 2012-05-08 10:57 - 00000000 ____D () C:\windows\Minidump
2014-11-03 06:42 - 2012-05-08 13:05 - 00000000 ____D () C:\Users\jadvani\AppData\Local\cache
2014-10-31 08:08 - 2012-09-21 06:35 - 00001866 _____ () C:\Users\jadvani\Desktop\ElectricalGroup-MW.lnk
2014-10-31 08:08 - 2012-05-11 08:48 - 00001902 _____ () C:\Users\jadvani\Desktop\Shortcut to Midwest Phone List-CINCINNATI OFFICE ONLY.lnk
2014-10-29 12:23 - 2014-03-24 10:46 - 00003576 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924
2014-10-24 12:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Help
2014-10-24 12:37 - 2011-11-21 09:03 - 00000000 ____D () C:\Diskeeper
2014-10-23 10:54 - 2012-05-10 09:17 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 10:54 - 2012-05-10 09:17 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 06:24 - 2012-06-13 05:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA
2014-10-23 06:24 - 2012-06-13 05:57 - 00003498 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core
2014-10-23 05:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\spool
2014-10-23 05:33 - 2009-07-13 23:45 - 00585560 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-22 06:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-21 14:31 - 2012-05-07 13:08 - 00169824 _____ () C:\Users\jadvani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 14:31 - 2011-11-18 15:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 08:01 - 2014-05-06 15:33 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-20 06:30 - 2013-06-28 15:19 - 00002163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Forefront Endpoint Protection.lnk
2014-10-20 06:30 - 2013-06-28 15:19 - 00001945 _____ () C:\windows\epplauncher.mif
2014-10-20 06:29 - 2013-06-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-20 06:29 - 2012-05-07 12:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-20 06:28 - 2013-09-03 07:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-20 06:18 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini
 
Files to move or delete:
====================
C:\Users\jadvani\clear.bat
 
 
Some content of TEMP:
====================
C:\Users\jadvani\AppData\Local\Temp\Quarantine.exe
C:\Users\jadvani\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-05 10:30
 
==================== End Of Log ============================
 

Log file: addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014
Ran by jadvani at 2014-11-13 12:55:39
Running from C:\Users\jadvani\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AutoCAD MEP 2011 - English (HKLM\...\AutoCAD MEP 2011 - English) (Version: 6.5.49.0 - Autodesk)
AutoCAD MEP 2011 - English (Version: 6.5.353.0 - Autodesk) Hidden
AutoCAD MEP 2011 - English Version 3 (HKLM\...\AutoCAD MEP 2011 - English Version 3) (Version: 1 - Autodesk)
AutoCAD MEP 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD MEP 2012 - English (HKLM\...\AutoCAD MEP 2012 - English) (Version: 6.7.49.0 - Autodesk)
AutoCAD MEP 2012 - English (Version: 6.7.207.0 - Autodesk) Hidden
AutoCAD MEP 2012 - English SP 2 (HKLM\...\AutoCAD MEP 2012 - English SP 2) (Version: 1 - Autodesk)
AutoCAD MEP 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD P&ID 2011 (HKLM-x32\...\AutoCAD P&ID 2011) (Version: 5.0.37.00 - Autodesk)
AutoCAD P&ID 2011 (Version: 5.0.37.00 - Autodesk) Hidden
AutoCAD P&ID 2011 Language Pack - English (Version: 5.0.37.00 - Autodesk) Hidden
AutoCAD P&ID 2012 - English (HKLM\...\AutoCAD P&ID 2012 - English) (Version: 6.0.39.00 - Autodesk)
AutoCAD P&ID 2012 - English (Version: 6.0.39.00 - Autodesk) Hidden
AutoCAD P&ID 2012 Language Pack - English (Version: 6.0.39.00 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Navisworks Freedom 2012 (HKLM\...\Autodesk Navisworks Freedom 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Freedom 2012 English Language Pack (HKLM\...\{78040857-9518-0409-91B0-9F429CBF0835}) (Version: 9.0.69.686 - Autodesk)
Beyond Compare Version 3.3.4 (HKLM-x32\...\BeyondCompare3_is1) (Version:  - Scooter Software)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ChromaTrace (HKLM-x32\...\{2B9CA095-D2F5-4C85-8E0A-A958CF9125B8}) (Version: 6.0.0 - Chromalox)
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{BD9555FF-C3B6-4654-BE94-C4E3EDD731D2}) (Version: 8.29.3202 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
ControlFLASH (HKLM-x32\...\{DCD8385B-79FA-4C6D-8B20-5177A75460C7}) (Version: 9.00.015 - Rockwell Software)
CostWorks 2012 (HKLM-x32\...\{5AA35D3D-8462-4BF3-9EC3-A5B219DEE433}) (Version: 15.16.0000 - RSMeans)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DeviceNet Node Commissioning Tool (HKLM-x32\...\{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}) (Version: 1.0.0 - Rockwell Software)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Extreme Picture Finder 3.15 (HKLM-x32\...\Extreme Picture Finder_is1) (Version: 3.15 - Extreme Internet Software)
FactoryTalk Activation Manager 3.40 (CPR 9 SR 4) (HKLM-x32\...\{70A1D2A6-A0B1-4D42-96FD-9832085575A1}) (Version: 3.40.00.0046 - Rockwell Automation, Inc.)
FactoryTalk Diagnostics 2.40 (CPR 9 SR 4) (HKLM-x32\...\{6809A6B0-6A86-4520-8744-95ED21007590}) (Version: 2.40.00.0011 - Rockwell Automation, Inc.)
FactoryTalk Gateway 3.03.00000 (CPR 9 SR 3) (HKLM-x32\...\{844C71E7-45B8-421A-AC46-EC344F63E59B}) (Version: 3.03.00000 - Rockwell Automation, Inc.)
FactoryTalk Services Platform 2.40 (CPR 9 SR 4) (HKLM-x32\...\{A134675D-D0F7-4D78-B218-3D39B59410EF}) (Version: 2.40.00.0011 - Rockwell Automation, Inc.)
FactoryTalk® View Machine Edition 6.10.00 (CPR 9 SR 4) (HKLM-x32\...\{ADE57A5D-6AC7-4F5B-925E-52FC60F77ECF}) (Version: 6.10.00.9 (CPR 9 SR 4) - Rockwell Automation, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik)
Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
FileOpen Client (x64) (HKLM\...\{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}) (Version: 3.0.83.920 - FileOpen Systems, Inc.)
Firmware Upgrade Wizard for PanelView Plus 6 700-1500 (HKLM-x32\...\{5A1F1645-DF39-4297-AEDB-6609949A59DB}) (Version: 6.10.20120418 - Rockwell Automation)
Franklin County Download Manager (HKU\S-1-5-21-510924518-477319906-751859383-66924\...\7a85fbf0e00cdf02) (Version: 1.0.0.36 - Franklin County Auditor Office)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-510924518-477319906-751859383-66924\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
harmon.ie for SharePoint (HKLM-x32\...\{36ccadbe-6938-4c5f-9b3a-e751ce107555}) (Version: 4.0.2133 - harmon.ie)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HASP Device Drivers (HKLM-x32\...\HASP Device Drivers) (Version:  - )
Heavy Industries Consultant Resource Catalogs (HKLM-x32\...\{3DBF5909-D00B-440C-BD6B-6C3C9C3E0505}) (Version: 1.00.0000 - Rockwell Automation)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.110 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Logix CPU Security Tool (HKLM-x32\...\{9AE0E408-37BC-4B89-B768-252DE878CE7A}) (Version: 3.0.0 - Rockwell Automation)
Logix5000 Clock Update Tool (HKLM-x32\...\{B8EB09E7-2123-450F-9765-0C2526CBFC05}) (Version: 2.4.0 - Rockwell Software)
Logix5000 Task Monitor (HKLM-x32\...\{5E171324-7299-4107-96D6-7584635962D5}) (Version: 2.4.0 - Rockwell Automation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Forefront Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Standard 2007 (HKLM-x32\...\VISSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}) (Version: 7.250.4122.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-510924518-477319906-751859383-66924\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version:  - )
Nuance PDF Converter Enterprise 7 (HKLM\...\{F51B8275-3FC2-4EF8-951D-303FA62D785A}) (Version: 7.20.6153 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 7 (HKLM-x32\...\{F51B8275-3FC2-4EF8-951D-303FA62D785A}) (Version: 7.20.6153 - Nuance Communications, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlook Reminder Tool (HKLM-x32\...\{44765A95-CF30-4066-8310-289F805F196F}) (Version: 1.0.0 - Three Keys)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parker Isysnet Analog Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ASCII Module Profile (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
PID Calculation Program (HKLM-x32\...\PID Calculation Program) (Version:  - )
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reservationless-Plus VoIP (HKLM-x32\...\{96CEF81A-0D4A-442E-AA50-4666FE7A2E7A}) (Version: 5.12.4.496 - InterCall, Inc.)
Rockwell Automation 1440 XM Dynamic Measurement Module Profile (x32 Version: 1.07.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles (x32 Version: 2.02.1.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles 2 (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ASCII Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profile, DeviceLogix (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 4 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Specialty Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles 2 (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ASCII Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profile, DeviceLogix (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 4 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Specialty Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 CNet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Ethernet Bridge Module Profile (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 HART Module Profiles (x32 Version: 2.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Remote I/O Interface Module Profile (x32 Version: 1.05.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 5.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 ASCII Module Profiles (x32 Version: 1.06.5.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Boolean Module Profiles (x32 Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Controller Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 1.02.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Embedded Module Profiles (x32 Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Specialty Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1783 Ethernet Managed Switch Module Profile (x32 Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1791DS Discrete Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1799 Embedded Discrete Module Profile (x32 Version: 1.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2097 Kinetix Module Profiles (x32 Version: 1.01.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 48MS Vision Sensor Module Profiles (x32 Version: 1.01.19.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 5XRF RFID Reader Module Profiles (x32 Version: 1.02.24.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 2.01.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 4.01.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.03.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.04.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO EtherNet Safety Module Profiles (x32 Version: 3.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Driver Package x64 (HKLM-x32\...\{274CD5B9-27A7-47B8-B58D-2550B887F62D}) (Version: 1.1.4 - Rockwell Automation.)
Rockwell Automation Drives PowerFlex 4 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 2 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 3 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives SCANport Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation EtherNet/IP Tap Family Module Profiles (x32 Version: 2.06.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Generic Safety Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Kinetix CIP Motion Drive Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation PowerFlex CIP Motion Drive Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Stratix 8000/8300 Module Profiles (x32 Version: 4.01.13.0 - Rockwell Automation, Inc.) Hidden
Rockwell Windows Firewall Configuration Utility 1.00.06 (HKLM-x32\...\{01D8D3AA-2A4F-4085-9CC3-61E389D86D29}) (Version: 1.00.06.0004 - Rockwell Automation, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.1 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RSLinx Classic 2.57.00 CPR 9 SR 3 (HKLM-x32\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.57.00.14 CPR 9 SR 3 - Rockwell Automation, Inc.)
RSLinx Enterprise 5.40.00000 (CPR 9 SR 4) (HKLM-x32\...\{C8302E7B-5433-4AB9-B45D-569998B56E68}) (Version: 5.40.00000 - Rockwell Automation, Inc.)
RSLogix 5 English 7.40.00 (CPR 9) (HKLM-x32\...\{1866FCD2-4DFE-4E79-90B0-E4707DA753D9}) (Version: 7.40.00 - Rockwell Automation, Inc.)
RSLogix 500 English 8.40.00 (CPR 9) (HKLM-x32\...\{436D42D9-1809-40C5-9A82-D2ED2F8EF58C}) (Version: 8.40.00 - Rockwell Automation Inc)
RSLogix 5000 Compare (HKLM-x32\...\{D6088EA7-1828-40AF-A684-3C1AD67FDE68}) (Version: 3.20.00 - Rockwell Software)
RSLogix 5000 DeviceNet Tag Generator (HKLM-x32\...\{B100A292-14C5-4E41-AE27-0229BFBFDA9F}) (Version: 1.0.105 - Rockwell Automation,Inc.)
RSLogix 5000 IEC61131-3 Translation Tool (HKLM-x32\...\{517AA455-8CC9-4281-87A4-865E71947DC9}) (Version: 1.0.0 - Rockwell Automation, Inc.)
RSLogix 5000 Module Profile Core (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates (x32 Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Setup Utility (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Online Books v19.00.00 (HKLM-x32\...\{20010019-D5FD-11DA-A128-000C29473C90}) (Version: 19.00.00 - Rockwell Automation, Inc.)
RSLogix 5000 Setup Installer (x32 Version: 4.02.0000 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Start Page Media v19.00.00 (HKLM-x32\...\{10000019-D5FD-11DA-A128-000C29473C90}) (Version: 19.00.00 - Rockwell Automation, Inc.)
RSLogix 5000 System Updates (x32 Version: 18.02.1209 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 v13.04 (HKLM-x32\...\{30010413-EC33-11D6-A408-F6139379CBFB}) (Version: 13.04.0000 - Rockwell Software, Inc.)
RSLogix 5000 v15.02 (HKLM-x32\...\{30010215-EC33-11D6-A408-F6139379CBFB}) (Version: 15.02.0000 - Rockwell Software, Inc.)
RSLogix 5000 v16.04.00 (CPR 9) (HKLM-x32\...\{30010416-EC33-11D6-A408-F6139379CBFB}) (Version: 16.04.00 - Rockwell Automation, Inc.)
RSLogix 5000 v17.01.00 (CPR 9 SR 1) (HKLM-x32\...\{30010117-EC33-11D6-A408-F6139379CBFB}) (Version: 17.01.00 - Rockwell Automation, Inc.)
RSLogix 5000 v18.02.00 (CPR 9 SR 2) (HKLM-x32\...\{30010218-EC33-11D6-A408-F6139379CBFB}) (Version: 18.02.00 - Rockwell Automation, Inc.)
RSLogix 5000 v19.01.00 (CPR 9 SR 3) (HKLM-x32\...\{30010119-EC33-11D6-A408-F6139379CBFB}) (Version: 19.01.00 - Rockwell Automation, Inc.)
RSView ME 6.10.00.9 (CPR 9 SR 4) (HKLM-x32\...\RSView Studio) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Tag Data Monitor Tool (HKLM-x32\...\{3D1F0E21-FE2D-480A-B2A0-4D9CB1BE6774}) (Version: 2.0.3 - Rockwell Automation)
Tag Upload Download Tool (HKLM-x32\...\{F114066A-DFCB-443E-A6FB-82922F6CC88A}) (Version: 2.6.4 - Rockwell Automation)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Translate PLC-5_SLC 2.0 (HKLM-x32\...\{6EF053F0-150E-4227-8BE2-1EAB082FF7DE}) (Version: 1.0.8 - Rockwell Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WM Recorder (HKLM-x32\...\WM Recorder14.12.2) (Version: 14.12.2 - AllAlex, Inc)
X7Magic Setup (HKLM-x32\...\{F4616B4B-700B-46D9-9F3B-46B986B49B36}) (Version: 7.1.5 - Dell Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{57FA2D12-D22D-490A-805A-5CB48E84F12A}\InprocServer32 -> C:\Program Files (x86)\Beyond Compare 3\BCShellEx64.dll (Scooter Software)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
07-11-2014 13:27:01 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2014-11-07 06:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {12F9DF3F-4522-4F29-9C9E-9930E2A544DE} - System32\Tasks\Security Center Update - 3414797000 => C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe <==== ATTENTION
Task: {1559492C-DA49-4670-ACD9-A76082C3E967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {19EFB4E7-A227-44BC-B49A-968FFA141469} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {4DE2081C-4974-4AE7-8B32-22820BC21CCE} - System32\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {604CED65-C384-4402-B89E-0D6D40E7F722} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HSNY_LAN-jadvani HSCMH-JADVANI.hazenandsawyer.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {67D75034-1F9C-4C74-B63B-7D6FA056B830} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {6CC08F7A-4783-4D52-8C57-D53C3D44B2CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {6E7C6238-382A-4C09-AD11-52D86CCA9B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {6F8C5855-5FC8-4B95-89C8-0B74D664729D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {9D4A76AE-DE9D-4578-BB06-79A363639958} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {AF60F463-DBC9-496B-8717-757F2B8A53E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CE882B2D-9018-4703-A00A-400195541848} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {d8881d19-6628-485d-bf42-ed78e9a8887f} HSCMH-JADVANI.hazenandsawyer.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {D17A5E38-B897-4D04-A67C-F44D4A9DAFDD} - System32\Tasks\Security Center Update - 3127520538 => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [2014-11-07] () <==== ATTENTION
Task: {FCCD8832-051B-48E0-A206-8A10336FC6D1} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core.job => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA.job => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-02-02 13:08 - 2011-02-02 13:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-09-16 12:50 - 2014-09-16 12:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-04-26 20:37 - 2011-07-25 08:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-11-07 07:02 - 2014-11-07 07:02 - 00293570 _____ () C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
2014-09-25 12:31 - 2014-09-25 12:31 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\startupfolder: C:^Users^jadvani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
MSCONFIG\startupreg: FileOpenBroker => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-588203353-3606038767-738393484-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-588203353-3606038767-738393484-1003 - Limited - Enabled)
Guest (S-1-5-21-588203353-3606038767-738393484-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2014 09:15:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Security Center Server - 3414797000 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/06/2014 09:15:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
 
Details:
AddWin32ServiceFiles: Unable to back up image of service Security Center Server - 3127520538 since QueryServiceConfig API failed
 
System Error:
The system cannot find the file specified.
.
 
Error: (11/06/2014 06:39:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Faulting module name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Exception code: 0xc0000005
Fault offset: 0x0000fd8b
Faulting process id: 0x6a30
Faulting application start time: 0xicguerv.exe0
Faulting application path: icguerv.exe1
Faulting module path: icguerv.exe2
Report Id: icguerv.exe3
 
Error: (11/06/2014 06:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Faulting module name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Exception code: 0xc0000005
Fault offset: 0x0000fd8b
Faulting process id: 0x5500
Faulting application start time: 0xicguerv.exe0
Faulting application path: icguerv.exe1
Faulting module path: icguerv.exe2
Report Id: icguerv.exe3
 
Error: (11/06/2014 05:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll_unloaded, version: 0.0.0.0, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000007fee6bddee0
Faulting process id: 0x1a6c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
 
Error: (11/06/2014 05:24:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE6BDDEE0
 
Error: (11/06/2014 04:42:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/06/2014 02:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_d4e2471e.exe, version: 0.0.0.0, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x108c
Faulting application start time: 0xUpdateFlashPlayer_d4e2471e.exe0
Faulting application path: UpdateFlashPlayer_d4e2471e.exe1
Faulting module path: UpdateFlashPlayer_d4e2471e.exe2
Report Id: UpdateFlashPlayer_d4e2471e.exe3
 
Error: (11/06/2014 02:07:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_ec7ae713.exe, version: 0.0.0.0, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x17c4
Faulting application start time: 0xUpdateFlashPlayer_ec7ae713.exe0
Faulting application path: UpdateFlashPlayer_ec7ae713.exe1
Faulting module path: UpdateFlashPlayer_ec7ae713.exe2
Report Id: UpdateFlashPlayer_ec7ae713.exe3
 
Error: (11/06/2014 09:36:06 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/13/2014 00:49:21 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
 
Error: (11/13/2014 00:48:54 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HSNY_LAN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/13/2014 00:48:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (11/13/2014 00:46:46 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: 
a) Name Resolution failure on the current domain controller. 
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
 
Error: (11/13/2014 00:46:45 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HSNY_LAN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/13/2014 00:46:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (11/13/2014 00:46:02 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/13/2014 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1069
 
Error: (11/13/2014 00:46:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/13/2014 00:46:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error: 
%%1069
 
 
Microsoft Office Sessions:
=========================
Error: (08/15/2013 04:39:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126040 seconds with 15540 seconds of active time.  This session ended with a crash.
 
Error: (08/07/2013 06:20:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 146 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (02/01/2013 11:07:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10681 seconds with 3480 seconds of active time.  This session ended with a crash.
 
Error: (12/20/2012 11:34:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17483 seconds with 1800 seconds of active time.  This session ended with a crash.
 
Error: (11/07/2012 01:13:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5146 seconds with 600 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-06 19:42:23.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-06 19:42:23.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-11-06 12:17:32.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 11:57:06.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 11:33:17.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 11:14:20.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 10:56:23.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 10:34:18.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-11-06 10:03:56.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-05-17 09:46:16.957
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 15%
Total physical RAM: 24533.05 MB
Available physical RAM: 20637.02 MB
Total Pagefile: 61330.23 MB
Available Pagefile: 57250.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (System) (Fixed) (Total:297.76 GB) (Free:88.11 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2EE72E2B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 001D75AF)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
 
==================== End Of Log ============================
 

Log file: ComboFix.txt
 
ComboFix 14-10-29.01 - JAdvani 11/06/2014  18:49:17.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.24533.20606 [GMT -5:00]
Running from: c:\users\jadvani\Downloads\ComboFix.exe
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\pst
c:\program files (x86)\pst\Binaries\CenterOneStub.dll
c:\program files (x86)\pst\Binaries\ConfigDataServer.dll
c:\program files (x86)\pst\Binaries\Features.xml
c:\program files (x86)\pst\Binaries\FTViewWarning.html
c:\program files (x86)\pst\Binaries\FTVSWarning.exe
c:\program files (x86)\pst\Binaries\images\CPUT_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\HICRC_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\OtherTools_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\images\PSTGroup_CurrentImage.jpg
c:\program files (x86)\pst\Binaries\MonitorCompList.txt
c:\program files (x86)\pst\Binaries\PDL.dll
c:\program files (x86)\pst\Binaries\PPRStandard.dll
c:\program files (x86)\pst\Binaries\PSTLicenseAgreement.html
c:\program files (x86)\pst\Binaries\RACurrTray.exe
c:\program files (x86)\pst\Binaries\RADTConfig.zip
c:\program files (x86)\pst\Binaries\RAISEUpdater.exe
c:\program files (x86)\pst\Binaries\RAISEUpdater.log
c:\program files (x86)\pst\Binaries\RAISEUpdater_Last.log
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsst.exe.config
c:\program files (x86)\pst\Binaries\RAISEUpdaterAsstLog.txt
c:\program files (x86)\pst\Binaries\RAMediator.dll
c:\program files (x86)\pst\Binaries\RegisterUser.exe
c:\program files (x86)\pst\Binaries\RUIForJava.dll
c:\program files (x86)\pst\Binaries\RUIHost.exe
c:\program files (x86)\pst\Binaries\Security.dll
c:\program files (x86)\pst\Binaries\Symx.Security.RegisterUser.Business.dll
c:\program files (x86)\pst\Binaries\UpdateDetails\CCW_DialogText_Dev.html
c:\program files (x86)\pst\Binaries\UpdateDetails\CCW_DialogText_Std.html
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermMain.html
c:\program files (x86)\pst\Binaries\UpdateDetails\PSTPermNoAccess.html
c:\program files (x86)\pst\Binaries\UpdateDetails\Startup_CurrentUpdater.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_CPUTandShared.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_HICRC.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_OtherToolsHeader.html
c:\program files (x86)\pst\Binaries\UpdateDetails\UpdateDetails_UpdateAll.html
c:\program files (x86)\pst\Binaries\UpdaterDll.dll
c:\program files (x86)\pst\Binaries\UpdaterDllNT.dll
c:\program files (x86)\pst\Binaries\UpdaterInfo.xml
c:\program files (x86)\pst\Binaries\UpdaterWorker.dll
c:\program files (x86)\pst\Binaries\UpdtAsst.xml
c:\program files (x86)\pst\RuntimeCache\bmp.eri
c:\program files (x86)\pst\RuntimeCache\bmp\cu_ccw.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_centerone.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_current.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_ecadworks.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_genericra.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_iab.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_mcsstar.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_motionanalyzer.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_proposalworks.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_pst.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_railbuilder.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_safetyautomationbuilder.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_seminarbuilder.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_trcs.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_udd.bmp
c:\program files (x86)\pst\RuntimeCache\bmp\cu_xworks.bmp
c:\program files (x86)\pst\RuntimeCache\bmp01.eri
c:\program files (x86)\pst\RuntimeCache\bmp03.eri
c:\program files (x86)\pst\RuntimeCache\bmp04.eri
c:\program files (x86)\pst\RuntimeCache\bmp05.eri
c:\program files (x86)\pst\RuntimeCache\bmp06.eri
c:\program files (x86)\pst\RuntimeCache\bmp07.eri
c:\program files (x86)\pst\RuntimeCache\bmp10.eri
c:\program files (x86)\pst\RuntimeCache\bmp11.eri
c:\program files (x86)\pst\RuntimeCache\bmp13.eri
c:\program files (x86)\pst\RuntimeCache\bmp14.eri
c:\program files (x86)\pst\RuntimeCache\bmp15.eri
c:\program files (x86)\pst\RuntimeCache\bmp16.eri
c:\program files (x86)\pst\RuntimeCache\cfg.eri
c:\program files (x86)\pst\RuntimeCache\cfg\CITUI.cfg
c:\program files (x86)\pst\RuntimeCache\cfg\javaui.cfg
c:\program files (x86)\pst\RuntimeCache\cfg00.eri
c:\program files (x86)\pst\RuntimeCache\cfg11.eri
c:\program files (x86)\pst\RuntimeCache\config.eri
c:\program files (x86)\pst\RuntimeCache\config15.eri
c:\program files (x86)\pst\RuntimeCache\css.eri
c:\program files (x86)\pst\RuntimeCache\css\LibStyles.css
c:\program files (x86)\pst\RuntimeCache\css\LibStylesIE6.css
c:\program files (x86)\pst\RuntimeCache\css\styles.css
c:\program files (x86)\pst\RuntimeCache\css\UIBoxes.css
c:\program files (x86)\pst\RuntimeCache\css\UIBoxesIE6.css
c:\program files (x86)\pst\RuntimeCache\css\UISCCRStyles.css
c:\program files (x86)\pst\RuntimeCache\css\UIStyles.css
c:\program files (x86)\pst\RuntimeCache\css\UIStylesIE7.css
c:\program files (x86)\pst\RuntimeCache\css02.eri
c:\program files (x86)\pst\RuntimeCache\css04.eri
c:\program files (x86)\pst\RuntimeCache\css07.eri
c:\program files (x86)\pst\RuntimeCache\css09.eri
c:\program files (x86)\pst\RuntimeCache\css13.eri
c:\program files (x86)\pst\RuntimeCache\css16.eri
c:\program files (x86)\pst\RuntimeCache\csv\ModName2RegKey.csv
c:\program files (x86)\pst\RuntimeCache\dat.eri
c:\program files (x86)\pst\RuntimeCache\dat\GAFOI.dat
c:\program files (x86)\pst\RuntimeCache\dat\RAISEUser.dat
c:\program files (x86)\pst\RuntimeCache\dat05.eri
c:\program files (x86)\pst\RuntimeCache\dat14.eri
c:\program files (x86)\pst\RuntimeCache\dll.eri
c:\program files (x86)\pst\RuntimeCache\dll00.eri
c:\program files (x86)\pst\RuntimeCache\dll01.eri
c:\program files (x86)\pst\RuntimeCache\dll02.eri
c:\program files (x86)\pst\RuntimeCache\dll04.eri
c:\program files (x86)\pst\RuntimeCache\dll05.eri
c:\program files (x86)\pst\RuntimeCache\dll07.eri
c:\program files (x86)\pst\RuntimeCache\dll08.eri
c:\program files (x86)\pst\RuntimeCache\dll14.eri
c:\program files (x86)\pst\RuntimeCache\dll15.eri
c:\program files (x86)\pst\RuntimeCache\exe.eri
c:\program files (x86)\pst\RuntimeCache\exe00.eri
c:\program files (x86)\pst\RuntimeCache\exe07.eri
c:\program files (x86)\pst\RuntimeCache\exe09.eri
c:\program files (x86)\pst\RuntimeCache\exe12.eri
c:\program files (x86)\pst\RuntimeCache\exe13.eri
c:\program files (x86)\pst\RuntimeCache\gif.eri
c:\program files (x86)\pst\RuntimeCache\gif\2posRight.gif
c:\program files (x86)\pst\RuntimeCache\gif\3posleft.gif
c:\program files (x86)\pst\RuntimeCache\gif\3posMiddle.gif
c:\program files (x86)\pst\RuntimeCache\gif\3posRight.gif
c:\program files (x86)\pst\RuntimeCache\gif\4posFarLeft.gif
c:\program files (x86)\pst\RuntimeCache\gif\4posFarRight.gif
c:\program files (x86)\pst\RuntimeCache\gif\4posLeft.gif
c:\program files (x86)\pst\RuntimeCache\gif\4posRight.gif
c:\program files (x86)\pst\RuntimeCache\gif\ABLogo.gif
c:\program files (x86)\pst\RuntimeCache\gif\addToCart.gif
c:\program files (x86)\pst\RuntimeCache\gif\ball_blue.gif
c:\program files (x86)\pst\RuntimeCache\gif\blackbkg.gif
c:\program files (x86)\pst\RuntimeCache\gif\brandbar.gif
c:\program files (x86)\pst\RuntimeCache\gif\bullet.gif
c:\program files (x86)\pst\RuntimeCache\gif\camera.gif
c:\program files (x86)\pst\RuntimeCache\gif\cancel.gif
c:\program files (x86)\pst\RuntimeCache\gif\check.gif
c:\program files (x86)\pst\RuntimeCache\gif\closebutt.gif
c:\program files (x86)\pst\RuntimeCache\gif\cornerend.gif
c:\program files (x86)\pst\RuntimeCache\gif\cornerstart.gif
c:\program files (x86)\pst\RuntimeCache\gif\critical.gif
c:\program files (x86)\pst\RuntimeCache\gif\current_lores.gif
c:\program files (x86)\pst\RuntimeCache\gif\current_transparent.gif
c:\program files (x86)\pst\RuntimeCache\gif\HLPGLOBE.GIF
c:\program files (x86)\pst\RuntimeCache\gif\informational.gif
c:\program files (x86)\pst\RuntimeCache\gif\LibHeader.gif
c:\program files (x86)\pst\RuntimeCache\gif\LibHeadergrey.gif
c:\program files (x86)\pst\RuntimeCache\gif\LibTemplate.gif
c:\program files (x86)\pst\RuntimeCache\gif\light-ok.gif
c:\program files (x86)\pst\RuntimeCache\gif\light-stop.gif
c:\program files (x86)\pst\RuntimeCache\gif\light-warn.gif
c:\program files (x86)\pst\RuntimeCache\gif\listenthinksolve-horz.gif
c:\program files (x86)\pst\RuntimeCache\gif\modify.gif
c:\program files (x86)\pst\RuntimeCache\gif\msg-down.gif
c:\program files (x86)\pst\RuntimeCache\gif\msg-up.gif
c:\program files (x86)\pst\RuntimeCache\gif\question.gif
c:\program files (x86)\pst\RuntimeCache\gif\ra_arch.gif
c:\program files (x86)\pst\RuntimeCache\gif\RaisePower.gif
c:\program files (x86)\pst\RuntimeCache\gif\RALogo.gif
c:\program files (x86)\pst\RuntimeCache\gif\ralogo_61.gif
c:\program files (x86)\pst\RuntimeCache\gif\ralogo_shadow.gif
c:\program files (x86)\pst\RuntimeCache\gif\red-ear-left.gif
c:\program files (x86)\pst\RuntimeCache\gif\red-ear-right.GIF
c:\program files (x86)\pst\RuntimeCache\gif\redsquare.gif
c:\program files (x86)\pst\RuntimeCache\gif\Rockwell.gif
c:\program files (x86)\pst\RuntimeCache\gif\RockwellLogo.gif
c:\program files (x86)\pst\RuntimeCache\gif\spacer.gif
c:\program files (x86)\pst\RuntimeCache\gif\spindown-active.GIF
c:\program files (x86)\pst\RuntimeCache\gif\spindown.GIF
c:\program files (x86)\pst\RuntimeCache\gif\spinup-active.GIF
c:\program files (x86)\pst\RuntimeCache\gif\spinup.GIF
c:\program files (x86)\pst\RuntimeCache\gif\taboffcorner.gif
c:\program files (x86)\pst\RuntimeCache\gif\Thumbs.db
c:\program files (x86)\pst\RuntimeCache\gif\transback.gif
c:\program files (x86)\pst\RuntimeCache\gif\transparent.GIF
c:\program files (x86)\pst\RuntimeCache\gif\warning.gif
c:\program files (x86)\pst\RuntimeCache\gif00.eri
c:\program files (x86)\pst\RuntimeCache\gif01.eri
c:\program files (x86)\pst\RuntimeCache\gif02.eri
c:\program files (x86)\pst\RuntimeCache\gif03.eri
c:\program files (x86)\pst\RuntimeCache\gif04.eri
c:\program files (x86)\pst\RuntimeCache\gif05.eri
c:\program files (x86)\pst\RuntimeCache\gif06.eri
c:\program files (x86)\pst\RuntimeCache\gif07.eri
c:\program files (x86)\pst\RuntimeCache\gif08.eri
c:\program files (x86)\pst\RuntimeCache\gif09.eri
c:\program files (x86)\pst\RuntimeCache\gif10.eri
c:\program files (x86)\pst\RuntimeCache\gif11.eri
c:\program files (x86)\pst\RuntimeCache\gif12.eri
c:\program files (x86)\pst\RuntimeCache\gif13.eri
c:\program files (x86)\pst\RuntimeCache\gif14.eri
c:\program files (x86)\pst\RuntimeCache\gif15.eri
c:\program files (x86)\pst\RuntimeCache\gif16.eri
c:\program files (x86)\pst\RuntimeCache\html.eri
c:\program files (x86)\pst\RuntimeCache\html05.eri
c:\program files (x86)\pst\RuntimeCache\html07.eri
c:\program files (x86)\pst\RuntimeCache\html08.eri
c:\program files (x86)\pst\RuntimeCache\html09.eri
c:\program files (x86)\pst\RuntimeCache\html10.eri
c:\program files (x86)\pst\RuntimeCache\html14.eri
c:\program files (x86)\pst\RuntimeCache\html15.eri
c:\program files (x86)\pst\RuntimeCache\html16.eri
c:\program files (x86)\pst\RuntimeCache\ico\PST.ico
c:\program files (x86)\pst\RuntimeCache\jar.eri
c:\program files (x86)\pst\RuntimeCache\jar\accessories-obf.jar
c:\program files (x86)\pst\RuntimeCache\jar\accessories.jar
c:\program files (x86)\pst\RuntimeCache\jar\family-obf.jar
c:\program files (x86)\pst\RuntimeCache\jar\family.jar
c:\program files (x86)\pst\RuntimeCache\jar\simple-obf.jar
c:\program files (x86)\pst\RuntimeCache\jar\simple.jar
c:\program files (x86)\pst\RuntimeCache\jar\standard-obf.jar
c:\program files (x86)\pst\RuntimeCache\jar\standard.jar
c:\program files (x86)\pst\RuntimeCache\jar05.eri
c:\program files (x86)\pst\RuntimeCache\jar06.eri
c:\program files (x86)\pst\RuntimeCache\jar11.eri
c:\program files (x86)\pst\RuntimeCache\jpg.eri
c:\program files (x86)\pst\RuntimeCache\jpg\banner-coffee.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\blankBox.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\cybercafe_03.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\DfltSplashPhoto.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\oNormal.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\oRed.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\Preferred.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\PrmDlgCurrLogo.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\PST_lores.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\RA_Logo_2color.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\RALogo.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\ResetBtn.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\Thumbs.db
c:\program files (x86)\pst\RuntimeCache\jpg\xNormal.jpg
c:\program files (x86)\pst\RuntimeCache\jpg\xRed.jpg
c:\program files (x86)\pst\RuntimeCache\jpg01.eri
c:\program files (x86)\pst\RuntimeCache\jpg05.eri
c:\program files (x86)\pst\RuntimeCache\jpg07.eri
c:\program files (x86)\pst\RuntimeCache\jpg09.eri
c:\program files (x86)\pst\RuntimeCache\jpg10.eri
c:\program files (x86)\pst\RuntimeCache\jpg11.eri
c:\program files (x86)\pst\RuntimeCache\jpg13.eri
c:\program files (x86)\pst\RuntimeCache\jpg14.eri
c:\program files (x86)\pst\RuntimeCache\jpg16.eri
c:\program files (x86)\pst\RuntimeCache\js.eri
c:\program files (x86)\pst\RuntimeCache\js\cfgPageHelp.js
c:\program files (x86)\pst\RuntimeCache\js\HierarchicalBrowser.js
c:\program files (x86)\pst\RuntimeCache\js\idler.js
c:\program files (x86)\pst\RuntimeCache\js\model.js
c:\program files (x86)\pst\RuntimeCache\js\modelmobile.js
c:\program files (x86)\pst\RuntimeCache\js\modelPropElem.js
c:\program files (x86)\pst\RuntimeCache\js\UI.js
c:\program files (x86)\pst\RuntimeCache\js\UIHelp.js
c:\program files (x86)\pst\RuntimeCache\js\UIHelpMobile.js
c:\program files (x86)\pst\RuntimeCache\js\UIMobile.js
c:\program files (x86)\pst\RuntimeCache\js\utilities.js
c:\program files (x86)\pst\RuntimeCache\js\xpath.js
c:\program files (x86)\pst\RuntimeCache\js\xpathmobile.js
c:\program files (x86)\pst\RuntimeCache\js01.eri
c:\program files (x86)\pst\RuntimeCache\js03.eri
c:\program files (x86)\pst\RuntimeCache\js04.eri
c:\program files (x86)\pst\RuntimeCache\js07.eri
c:\program files (x86)\pst\RuntimeCache\js08.eri
c:\program files (x86)\pst\RuntimeCache\js12.eri
c:\program files (x86)\pst\RuntimeCache\js13.eri
c:\program files (x86)\pst\RuntimeCache\js15.eri
c:\program files (x86)\pst\RuntimeCache\js16.eri
c:\program files (x86)\pst\RuntimeCache\lsx.eri
c:\program files (x86)\pst\RuntimeCache\lsx\HI_CRC.lsx
c:\program files (x86)\pst\RuntimeCache\lsx\Shared.lsx
c:\program files (x86)\pst\RuntimeCache\lsx04.eri
c:\program files (x86)\pst\RuntimeCache\lsx14.eri
c:\program files (x86)\pst\RuntimeCache\master.eri
c:\program files (x86)\pst\RuntimeCache\png.eri
c:\program files (x86)\pst\RuntimeCache\png\ABLogo_blue.png
c:\program files (x86)\pst\RuntimeCache\png\addToCart_blue.png
c:\program files (x86)\pst\RuntimeCache\png\arrow_closed_blue.png
c:\program files (x86)\pst\RuntimeCache\png\arrow_closed_white.png
c:\program files (x86)\pst\RuntimeCache\png\arrow_opened_blue.png
c:\program files (x86)\pst\RuntimeCache\png\arrow_opened_white.png
c:\program files (x86)\pst\RuntimeCache\png\Cancel_blue.png
c:\program files (x86)\pst\RuntimeCache\png\EMail_blue.png
c:\program files (x86)\pst\RuntimeCache\png\Just_Bar.png
c:\program files (x86)\pst\RuntimeCache\png\Modify_blue.png
c:\program files (x86)\pst\RuntimeCache\png05.eri
c:\program files (x86)\pst\RuntimeCache\png07.eri
c:\program files (x86)\pst\RuntimeCache\png08.eri
c:\program files (x86)\pst\RuntimeCache\png10.eri
c:\program files (x86)\pst\RuntimeCache\png12.eri
c:\program files (x86)\pst\RuntimeCache\png13.eri
c:\program files (x86)\pst\RuntimeCache\png14.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc00.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc01.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc02.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc03.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc05.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc06.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc07.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc09.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc10.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc11.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc12.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc13.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc14.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc15.eri
c:\program files (x86)\pst\RuntimeCache\pr__hicrc16.eri
c:\program files (x86)\pst\RuntimeCache\spt.eri
c:\program files (x86)\pst\RuntimeCache\spt\raisedflt.spt
c:\program files (x86)\pst\RuntimeCache\spt06.eri
c:\program files (x86)\pst\RuntimeCache\xml.eri
c:\program files (x86)\pst\RuntimeCache\xml\DefaultCfg.xml
c:\program files (x86)\pst\RuntimeCache\xml\ModName2RegKey.xml
c:\program files (x86)\pst\RuntimeCache\xml07.eri
c:\program files (x86)\pst\RuntimeCache\xml09.eri
c:\program files (x86)\pst\RuntimeCache\xml15.eri
c:\program files (x86)\pst\RuntimeCache\xsl.eri
c:\program files (x86)\pst\RuntimeCache\XSL\AccessoryUI.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\AccessoryUI2.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\alertviewer.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\AttrSelector.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\AttrState.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\Heading.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\HeadingFilter.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\ImageViewer.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\MsgGizmos.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\PIDAssistUI.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\pii.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\SCCRUI.xsl
c:\program files (x86)\pst\RuntimeCache\XSL\StandardUI.xsl
c:\program files (x86)\pst\RuntimeCache\xsl01.eri
c:\program files (x86)\pst\RuntimeCache\xsl02.eri
c:\program files (x86)\pst\RuntimeCache\xsl05.eri
c:\program files (x86)\pst\RuntimeCache\xsl07.eri
c:\program files (x86)\pst\RuntimeCache\xsl09.eri
c:\program files (x86)\pst\RuntimeCache\xsl11.eri
c:\program files (x86)\pst\RuntimeCache\xsl12.eri
c:\program files (x86)\pst\RuntimeCache\xsl14.eri
c:\program files (x86)\pst\RuntimeCache\xsl15.eri
c:\program files (x86)\pst\RuntimeCache\xsl16.eri
c:\program files (x86)\pst\RuntimeCache\xslt.eri
c:\program files (x86)\pst\RuntimeCache\xslt\attributeExtract.xslt
c:\program files (x86)\pst\RuntimeCache\xslt\ConfigSummary.xslt
c:\program files (x86)\pst\RuntimeCache\xslt\copy.xslt
c:\program files (x86)\pst\RuntimeCache\xslt\HierarchicalBrowser.xslt
c:\program files (x86)\pst\RuntimeCache\xslt\ra.xslt
c:\program files (x86)\pst\RuntimeCache\xslt12.eri
c:\program files (x86)\pst\RuntimeCache\xslt14.eri
c:\program files (x86)\pst\RuntimeCache\xslt15.eri
c:\program files (x86)\pst\Servers\DynHtmlSupSrv\DynHtmlSupSrv.dll
c:\program files (x86)\pst\Servers\PBTarSrv\pbtarsrv.dll
c:\users\jadvani\AppData\Local\assembly\tmp
c:\users\jadvani\AppData\Local\bcikmao.dll
c:\users\jadvani\AppData\Local\Microsoft\Windows\Temporary Internet Files\Fiddler_15-50-10.htm
c:\users\jadvani\AppData\Local\Microsoft\Windows\Temporary Internet Files\WSD-e10e2a50-d133-4421-96c6-f2077f92e349.0064
c:\users\jadvani\AppData\Roaming\.#
c:\users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe
c:\windows\SysWow64\UNWISE.EXE
c:\windows\Tasks\Security Center Update - 3127520538.job
c:\windows\Tasks\Security Center Update - 3414797000.job
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SecurityCenterServer3127520538
-------\Service_SecurityCenterServer3414797000
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-07 to 2014-11-07  )))))))))))))))))))))))))))))))
.
.
2014-11-07 11:39 . 2014-11-07 11:42 -------- d-----w- c:\users\jadvani\AppData\Roaming\Idyzyqzu
2014-11-07 00:44 . 2014-11-07 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-07 00:44 . 2014-11-07 00:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-11-06 23:37 . 2014-11-07 00:08 -------- d-----w- c:\programdata\OicniGcayl
2014-11-06 22:28 . 2014-11-06 23:33 270 ----a-w- c:\users\jadvani\clear.bat
2014-11-06 22:02 . 2014-11-06 22:12 -------- d-----w- C:\FRST
2014-11-06 19:08 . 2012-05-23 20:57 293570 ----a-w- c:\windows\SysWow64\iwipgosyo.exe
2014-11-06 19:08 . 2014-11-06 19:08 -------- d-----w- c:\users\jadvani\AppData\Roaming\Ywykduxe
2014-11-06 19:08 . 2014-10-01 02:41 293570 ----a-w- c:\windows\SysWow64\tiezzayxga.exe
2014-11-04 23:47 . 2014-11-04 23:47 -------- d-----w- c:\programdata\ATI
2014-11-04 23:47 . 2014-11-04 23:47 -------- d-----w- c:\programdata\AMD
2014-11-04 23:47 . 2014-11-04 23:47 -------- d-----w- c:\program files (x86)\AMD AVT
2014-11-04 23:47 . 2014-11-04 23:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-11-04 23:29 . 2014-11-04 23:29 -------- d-----w- c:\program files\AMD
2014-11-04 23:26 . 2014-11-04 23:26 -------- d-----w- c:\program files\Common Files\ATI Technologies
2014-11-04 22:41 . 2014-11-06 19:54 -------- d-----w- c:\users\jadvani\AppData\Roaming\FrameworkUpdate7
2014-11-03 11:46 . 2014-11-03 11:46 523294 ----a-w- C:\sav752D.tmp
2014-10-20 11:30 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-20 11:28 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-20 11:28 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-20 11:28 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-20 11:28 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-20 11:28 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-20 11:28 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-20 11:22 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-20 11:22 . 2014-10-10 02:05 507392 ----a-w- c:\windows\system32\aepdu.dll
2014-10-20 11:22 . 2014-10-10 02:00 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-10-20 11:16 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-20 11:16 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-20 11:14 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-20 11:13 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-20 11:13 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-20 11:09 . 2014-07-17 02:07 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-10-20 11:09 . 2014-07-17 01:39 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
2014-10-20 11:09 . 2014-07-17 02:07 22016 ----a-w- c:\windows\system32\credssp.dll
2014-10-20 11:09 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2014-10-20 11:09 . 2014-07-17 01:39 17408 ----a-w- c:\windows\SysWow64\credssp.dll
2014-10-20 11:09 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-10-20 11:09 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-10-20 11:09 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe
2014-10-20 11:09 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll
2014-10-20 11:09 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll
2014-10-20 11:09 . 2014-07-17 02:07 681984 ----a-w- c:\windows\system32\termsrv.dll
2014-10-20 11:08 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-20 11:08 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-10-20 11:08 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-20 11:08 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-07 11:45 . 2014-11-07 11:45 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C86E47A-5BA3-494D-99B0-6EFBB4808E28}\offreg.dll
2014-11-04 19:30 . 2011-11-18 18:10 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-14 19:59 . 2014-11-06 18:17 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C86E47A-5BA3-494D-99B0-6EFBB4808E28}\mpengine.dll
2014-10-14 19:59 . 2014-11-04 15:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-03 15:02 . 2011-11-18 19:15 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-06 11:10 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-06 11:10 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-24 12:53 . 2012-07-10 11:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 12:53 . 2012-07-10 11:07 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-18 10:19 . 2014-11-04 16:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{12625070-B749-454B-9159-31F922854213}\gapaengine.dll
2014-09-18 10:19 . 2012-06-12 19:20 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-15 23:21 . 2014-09-15 23:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-15 23:19 . 2014-09-15 23:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2012-05-24 02:45 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2012-05-24 02:45 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2012-05-24 02:45 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2012-05-24 02:45 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2012-05-24 03:31 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2012-05-24 03:32 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2012-05-24 03:13 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2012-05-24 03:23 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:31 . 2012-05-24 03:29 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2012-05-24 03:01 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2012-05-24 03:41 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2012-05-24 02:54 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-09-15 22:18 . 2014-09-15 22:18 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-09-15 22:18 . 2014-09-15 22:18 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-09-15 22:18 . 2014-09-15 22:18 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-09-15 22:03 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2012-05-24 02:47 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-09 22:11 . 2014-09-29 10:39 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-29 10:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-30 15:39 . 2012-07-17 19:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-29 12:43 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-29 12:43 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-19 16:28 . 2011-11-21 16:12 44392 ------w- c:\windows\system32\GovAppLog.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:50 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:50 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:50 1729232 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lync"="c:\program files (x86)\Microsoft Office\Office15\lync.exe" [2014-09-25 19089056]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-05-24 393216]
"OicniGcayl"="c:\programdata\OicniGcayl\OicniGcayl.dat" [2014-11-07 299008]
"Ufgoekgabazerya"="c:\users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe" [2012-05-23 293570]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"Ufgoekgabazerya"="c:\users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe" [2012-05-23 293570]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u msoidssp livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GOVsrv8;Goverlan Service v8;c:\program files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE;c:\program files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EventServer;Rockwell Event Server;c:\program files (x86)\Common Files\Rockwell\EventServer.exe;c:\program files (x86)\Common Files\Rockwell\EventServer.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LogReceiver;LogReceiver;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe;c:\program files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [x]
R3 NmspHost;Rockwell Namespace Services;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe;c:\program files (x86)\Common Files\Rockwell\NmspHost.exe [x]
R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\O2MDFw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDFw7x64.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdcyHost;Rockwell Redundancy Services;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe;c:\program files (x86)\Common Files\Rockwell\RdcyHost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]
R3 tcm;tcm;c:\windows\system32\drivers\tcm.sys;c:\windows\SYSNATIVE\drivers\tcm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$CHROMATRACE;SQL Server Agent (CHROMATRACE);c:\program files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\SQLAGENT.EXE [x]
R4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\DRIVERS\VirtualBackplane.sys;c:\windows\SYSNATIVE\DRIVERS\VirtualBackplane.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 DFEPService;Dell Feature Enhancement Pack Service;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe;c:\program files\Dell\Feature Enhancement Pack\DFEPService.exe [x]
S2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x]
S2 FactoryTalk Gateway;FactoryTalk Gateway;c:\program files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe;c:\program files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [x]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe;c:\program files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x]
S2 msoidsvc;Microsoft Online Services Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE;c:\program files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [x]
S2 MSSQL$CHROMATRACE;SQL Server (CHROMATRACE);c:\program files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe [x]
S2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [x]
S2 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys;c:\windows\SYSNATIVE\Drivers\SWIPsec.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys;c:\windows\SYSNATIVE\drivers\accelern.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7x64.sys;c:\windows\SYSNATIVE\drivers\O2MDRw7x64.sys [x]
S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7x64.sys;c:\windows\SYSNATIVE\drivers\o2sdjw7x64.sys [x]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 12:53]
.
2014-11-07 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924.job
- c:\program files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29 17:23]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 14:17]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10 14:17]
.
2014-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core.job
- c:\users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 10:57]
.
2014-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA.job
- c:\users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 10:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-16 17:55 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-16 17:55 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-16 17:55 2334416 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2011-07-25 686704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-02-21 698712]
"Ufgoekgabazerya"="c:\users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe" [2012-05-23 293570]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://apod.nasa.gov/apod/astropix.html
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 7 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
IE: Open with PDF Professional 7 - c:\program files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: hazenandsawyer.com
Trusted Zone: microsoft.com
Trusted Zone: sharepoint.com\*.hazenandsawyer
Trusted Zone: sharepoint.com\hazenandsawyer
Trusted Zone: sharepoint.com\hazenandsawyer-my
Trusted Zone: sharepoint.com@ssl\hazenandsawyer
TCP: DhcpNameServer = 192.168.46.9 192.168.13.9 172.30.2.3
TCP: Interfaces\{1FD07FE0-0E44-4EDE-A05E-C0917351D0D3}\E45445745414254333: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{3E3C9735-23A1-4FFF-A11B-E4432FC00C23}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{427EF8A8-EDA0-4008-894E-53BCD227CF2D}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{7EF41D73-919A-4541-9ECE-466910984CA0}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{AD806CA5-6E81-4C0C-AFC6-8422055D2133}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{E244EA7A-0C70-4EBB-82D5-66765953A94D}: NameServer = 8.8.8.8,8.8.8.8
TCP: Interfaces\{FD6B9AAE-C2FE-4853-B1A5-F4208CBDD80E}: NameServer = 8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
Wow6432Node-HKCU-Run-Asydzokeysot - c:\users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe
Wow6432Node-HKCU-Run-graxuzsh - c:\windows\enipulax.dll
Wow6432Node-HKLM-Run-Asydzokeysot - c:\users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe
Notify-bcikmao - c:\users\jadvani\AppData\Local\bcikmao.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Asydzokeysot - c:\users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe
AddRemove-CouponBar5.0.0.5 - c:\program files (x86)\Coupons.com CouponBar\uninstall.exe
AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
c:\program files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
c:\program files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft Office\Office15\MsoSync.exe
c:\windows\SysWOW64\CCM\CcmExec.exe
c:\program files (x86)\Microsoft Office\Office15\UcMapi.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-11-07  06:52:47 - machine was rebooted
ComboFix-quarantined-files.txt  2014-11-07 11:52
.
Pre-Run: 91,977,449,472 bytes free
Post-Run: 94,342,127,616 bytes free
.
- - End Of File - - 48493CD880C2710179A7F8F963951DDB
 


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 13 November 2014 - 06:13 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   2.26KB   3 downloads

 

 

How is the machine running after the this fix?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 November 2014 - 07:20 AM

How is the machine running after the this fix?

 

Better, but something still isn't right. It's very sluggish and I noticed that I've still got two svchost.exe processes consuming over 500MB and 255MB of RAM. How do you suggest we proceed?

 

Here's the Fixlog.txt file from the FRST fix:

 


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by jadvani at 2014-11-13 19:00:10 Run:1
Running from C:\Users\jadvani\Desktop
Loaded Profile: jadvani (Available profiles: jadvani & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\...\Run: [Asydzokeysot] => "C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe"
HKLM\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [293570 2014-11-07] ()
HKLM-x32\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
Winlogon\Notify\bcikmao-x32: C:\Users\jadvani\AppData\Local\bcikmao.dll
C:\Users\jadvani\AppData\Local\bcikmao.dll
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [OicniGcayl] => regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat"
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [293570 2014-11-07] ()
C:\ProgramData\OicniGcayl\OicniGcayl.dat
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://apod.nasa.gov/apod/astropix.html
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-510924518-477319906-751859383-66924\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ->  No File
DPF: HKLM-x32 {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} http://99.177.171.62:4549/cab/OCXChecker_8000.cab
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
S2 GOVsrv; "C:\Program Files (x86)\PJ Technologies\GOVsrv\GovSrv.EXE" [X]
S2 GOVsrv8; "C:\Program Files (x86)\PJ Technologies\GOVsrv8\GOVsrv8.EXE" [X]
C:\Users\jadvani\clear.bat
C:\Users\jadvani\AppData\Local\Temp\Quarantine.exe
C:\Users\jadvani\AppData\Local\Temp\sqlite3.dll
Task: {12F9DF3F-4522-4F29-9C9E-9930E2A544DE} - System32\Tasks\Security Center Update - 3414797000 => C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe <==== ATTENTION
Task: {D17A5E38-B897-4D04-A67C-F44D4A9DAFDD} - System32\Tasks\Security Center Update - 3127520538 => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe [2014-11-07] () <==== ATTENTION
2014-11-07 07:02 - 2014-11-07 07:02 - 00293570 _____ () C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Asydzokeysot => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
"C:\Users\jadvani\AppData\Roaming\Idyzyqzu\icguerv.exe" => File/Directory not found.
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe => Moved successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bcikmao" => Key deleted successfully.
"C:\Users\jadvani\AppData\Local\bcikmao.dll" => File/Directory not found.
HKU\S-1-5-21-510924518-477319906-751859383-66924\Software\Microsoft\Windows\CurrentVersion\Run\\OicniGcayl => value deleted successfully.
HKU\S-1-5-21-510924518-477319906-751859383-66924\Software\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
C:\ProgramData\OicniGcayl\OicniGcayl.dat => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-510924518-477319906-751859383-66924\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => Key deleted successfully.
"HKCR\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{ADACAA8F-3595-47FE-9C31-9C7471B9BEC7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{ADACAA8F-3595-47FE-9C31-9C7471B9BEC7}" => Key deleted successfully.
FF Plugin HKU\S-1-5-21-510924518-477319906-751859383-66924: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation) => Error: No automatic fix found for this entry.
GOVsrv => Service deleted successfully.
GOVsrv8 => Service deleted successfully.
C:\Users\jadvani\clear.bat => Moved successfully.
C:\Users\jadvani\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\jadvani\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{12F9DF3F-4522-4F29-9C9E-9930E2A544DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12F9DF3F-4522-4F29-9C9E-9930E2A544DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3414797000 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3414797000" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D17A5E38-B897-4D04-A67C-F44D4A9DAFDD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D17A5E38-B897-4D04-A67C-F44D4A9DAFDD}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 3127520538 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3127520538" => Key deleted successfully.
Could not move "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe" => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-13 19:05:21)<=

C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe => Is moved successfully.

==== End of Fixlog ====

 

 

Thx,

Jason



#9 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 November 2014 - 07:40 AM

I ran a scan of Microsoft Forefront Endpoint and I came up with two "threats"

 

PWS:Win32/Zbot - Severe - Suspended Status

TrojanProxy:Win32/Buntu.F - Severe - Active Status

 

I'm going to tell it to Remove them and see what happens.


Edited by Lakee911, 14 November 2014 - 10:12 AM.


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 14 November 2014 - 12:39 PM

 

I ran a scan of Microsoft Forefront Endpoint and I came up with two "threats"

 

PWS:Win32/Zbot - Severe - Suspended Status

TrojanProxy:Win32/Buntu.F - Severe - Active Status

 

I'm going to tell it to Remove them and see what happens.

Can you tell me the file it is saying is infected? It may be picking up FRST quarantine folder.


Edited by fireman4it, 14 November 2014 - 12:39 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 November 2014 - 01:23 PM

 

 

I ran a scan of Microsoft Forefront Endpoint and I came up with two "threats"

 

PWS:Win32/Zbot - Severe - Suspended Status

TrojanProxy:Win32/Buntu.F - Severe - Active Status

 

I'm going to tell it to Remove them and see what happens.

Can you tell me the file it is saying is infected? It may be picking up FRST quarantine folder.

 

 

Fireman,

 

  I don't know how to make it tell me exactly what file is infected. where is that?

 

  After I ran it, I told it to remove like I said and then I rebooted and I'm running it again now. The machine is REALLY slow now, but I can see that it's giving me the warning that it's possibly infected. I won't know what's up until it's done.

 

Thanks,
Jason



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 14 November 2014 - 01:30 PM

Please run FRST as you did the first time you ran it and post the FRST.txt.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 14 November 2014 - 03:07 PM

Please run FRST as you did the first time you ran it and post the FRST.txt.

 

Here we go. Addition.txt included below too. Oh, and when I shutdown Windows installed 28 updates :( Need to re-run?

 

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by jadvani (administrator) on HSCMH-JADVANI on 14-11-2014 14:54:57
Running from C:\Users\jadvani\Desktop
Loaded Profile: jadvani (Available profiles: jadvani & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe
(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe
(FileOpen Systems Inc.) C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(SonicWALL, Inc.) C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Ufgoekgabazerya] => "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-09-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19089056 2014-09-25] (Microsoft Corporation)
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2012-05-23] (AMD)
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [OicniGcayl] => regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat"
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Ufgoekgabazerya] => "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe"
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Google Update] => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-13] (Google Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x980BB18768A8CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1082
Tcpip\Parameters: [DhcpNameServer] 192.168.46.9 192.168.13.9 172.30.2.3
Tcpip\..\Interfaces\{3E3C9735-23A1-4FFF-A11B-E4432FC00C23}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{427EF8A8-EDA0-4008-894E-53BCD227CF2D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{7EF41D73-919A-4541-9ECE-466910984CA0}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{AD806CA5-6E81-4C0C-AFC6-8422055D2133}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{E244EA7A-0C70-4EBB-82D5-66765953A94D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{FD6B9AAE-C2FE-4853-B1A5-F4208CBDD80E}: [NameServer] 8.8.8.8,8.8.8.8
FireFox:
========
FF ProfilePath: C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\jadvani\AppData\Local\Citrix\Plugins\94\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Extension: FlashGot - C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-01-09]
FF Extension: Greasemonkey - C:\Users\jadvani\AppData\Roaming\Mozilla\Firefox\Profiles\69bnq360.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-09]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-10-30]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\jadvani\AppData\Local\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (DocuCom PDF Plus) - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Profile: C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-26]
CHR Extension: (YouTube) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-13]
CHR Extension: (Google Search) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-13]
CHR Extension: (Google Wallet) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2013-12-06]
CHR Extension: (Gmail) - C:\Users\jadvani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-13]
CHR HKLM-x32\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files (x86)\Logitech\Harmony Remote Driver\harmony_chrome.crx [2013-09-11]
CHR StartMenuInternet: Google Chrome - C:\Users\jadvani\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1122568 2010-05-17] (Acresso Software Inc.)
R2 FactoryTalk Gateway; C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [387432 2010-08-26] (Rockwell Automation, Inc.)
R2 FileOpenManagerSvc; C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe [334720 2012-04-30] (FileOpen Systems Inc.)
R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [152936 2011-05-31] (Rockwell Automation, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [80232 2011-06-24] (Rockwell Automation, Inc.)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2024864 2010-08-17] (Microsoft Corp.)
R2 MSSQL$CHROMATRACE; c:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 MSSQL$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 OpcEnum; C:\windows\SysWOW64\OpcEnum.exe [98304 2005-11-25] (OPC Foundation) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
S3 PrintNotify; C:\windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll [2676736 2013-07-27] (Microsoft Corporation) [File not signed]
S3 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [106344 2011-07-26] (Rockwell Automation, Inc.)
S3 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [212328 2011-07-26] (Rockwell Automation, Inc.)
S3 RSLinx; C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE [1996408 2010-09-24] (Rockwell Automation, Inc.)
S3 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [246120 2011-06-24] (Rockwell Automation, Inc.)
S3 smstsmgr; C:\windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
S4 SQLAgent$CHROMATRACE; c:\Program Files\Microsoft SQL Server\MSSQL10.CHROMATRACE\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S4 SQLAgent$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf64.sys [132184 2011-08-03] (Citrix Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 MpKsl924b1149; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77D49735-4E81-4C34-B145-786DAB05AA30}\MpKsl924b1149.sys [45352 2014-11-14] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 prepdrvr; C:\windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2009-04-17] ()
R1 VirtualBackplane; C:\Windows\System32\DRIVERS\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 nptpauus; \??\C:\windows\system32\drivers\nptpauus.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 14:54 - 2014-11-14 14:55 - 00024049 _____ () C:\Users\jadvani\Desktop\FRST.txt
2014-11-13 12:35 - 2014-11-13 12:45 - 00000000 ____D () C:\AdwCleaner
2014-11-07 07:02 - 2014-11-13 19:01 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\Ywykduxe
2014-11-07 06:52 - 2014-11-07 06:52 - 00063388 _____ () C:\ComboFix.txt
2014-11-06 18:46 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-06 18:46 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-06 18:46 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-06 18:46 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-06 18:41 - 2014-11-07 06:53 - 00000000 ____D () C:\Qoobox
2014-11-06 18:40 - 2014-11-07 06:50 - 00000000 ____D () C:\windows\erdnt
2014-11-06 18:39 - 2014-11-06 18:39 - 05591672 ____R (Swearware) C:\Users\jadvani\Downloads\ComboFix.exe
2014-11-06 18:37 - 2014-11-13 19:00 - 00000000 ____D () C:\ProgramData\OicniGcayl
2014-11-06 17:52 - 2014-11-06 17:52 - 01188194 _____ () C:\Users\jadvani\Downloads\ProcessExplorer.zip
2014-11-06 17:32 - 2014-11-06 17:32 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor (2).zip
2014-11-06 17:32 - 2014-11-06 17:32 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor (1).zip
2014-11-06 17:21 - 2014-11-14 14:51 - 00000374 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-11-06 17:06 - 2014-11-06 17:06 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\jadvani\Downloads\rkill.exe
2014-11-06 17:03 - 2014-11-06 17:05 - 02114560 _____ (Farbar) C:\Users\jadvani\Desktop\FRST64.exe
2014-11-06 17:02 - 2014-11-14 14:55 - 00000000 ____D () C:\FRST
2014-11-06 14:09 - 2014-11-06 14:09 - 01121208 _____ () C:\Users\jadvani\Downloads\ProcessMonitor.zip
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\ProgramData\ATI
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\ProgramData\AMD
2014-11-04 18:47 - 2014-11-04 18:47 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-11-04 18:46 - 2014-11-04 18:46 - 00056548 _____ () C:\windows\SysWOW64\CCCInstall_201411041846457570.log
2014-11-04 18:46 - 2014-11-04 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD FirePro Control Center
2014-11-04 18:29 - 2014-11-04 18:29 - 00000000 ____D () C:\Program Files\AMD
2014-11-04 18:26 - 2014-11-04 18:26 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-11-04 17:42 - 2014-11-04 17:50 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-04 17:42 - 2014-11-04 17:50 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-04 17:41 - 2014-11-06 14:54 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\FrameworkUpdate7
2014-11-04 17:13 - 2014-11-04 17:13 - 00891224 _____ (AMD) C:\Users\jadvani\Downloads\amddriverdownloader (1).exe
2014-11-04 14:25 - 2014-11-04 14:25 - 00891224 _____ (AMD) C:\Users\jadvani\Downloads\amddriverdownloader.exe
2014-11-04 13:38 - 2014-11-04 13:41 - 286582040 _____ (AMD Inc.) C:\Users\jadvani\Downloads\amd-catalyst-14-9-win7-win8.1-64bit-dd-ccc-whql.exe
2014-11-03 07:26 - 2014-11-03 07:26 - 00307391 _____ () C:\Users\jadvani\Documents\Attic-model1.skp
2014-11-03 06:51 - 2014-11-03 07:26 - 00231927 _____ () C:\Users\jadvani\Documents\attic-only.dwg
2014-11-03 06:51 - 2014-11-03 06:51 - 00232283 _____ () C:\Users\jadvani\Documents\attic-only.bak
2014-11-03 06:46 - 2014-11-03 06:46 - 00523294 _____ () C:\sav752D.tmp
2014-10-23 09:26 - 2014-10-23 09:37 - 00000000 ____D () C:\Users\jadvani\Desktop\New folder (2)
2014-10-21 14:17 - 2014-10-21 14:24 - 00000000 ____D () C:\Users\jadvani\AppData\OICE_15_974FA576_32C1D314_2F8F
2014-10-20 06:30 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-20 06:28 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-20 06:28 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-20 06:22 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-20 06:22 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-20 06:22 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-20 06:21 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-20 06:21 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-20 06:21 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-20 06:21 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-20 06:21 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-20 06:21 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-20 06:21 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-20 06:21 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-20 06:21 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-20 06:21 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-20 06:21 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-20 06:21 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-20 06:21 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-20 06:21 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-20 06:21 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-20 06:21 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-20 06:21 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-20 06:21 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-20 06:21 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-20 06:21 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-20 06:21 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-20 06:21 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-20 06:21 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-20 06:21 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-20 06:21 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-20 06:21 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-20 06:21 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-20 06:21 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-20 06:21 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-20 06:21 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-20 06:21 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-20 06:21 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-20 06:21 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-20 06:21 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-20 06:21 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-20 06:21 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-20 06:21 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-20 06:21 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-20 06:21 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-20 06:21 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-20 06:21 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-20 06:21 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-20 06:21 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-20 06:21 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-20 06:21 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-20 06:21 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-20 06:21 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-20 06:21 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-20 06:21 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-20 06:21 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-20 06:21 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-20 06:21 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-20 06:16 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-20 06:16 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-20 06:14 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-20 06:13 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-20 06:13 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-20 06:09 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-20 06:09 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-20 06:09 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-20 06:09 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-20 06:09 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-20 06:09 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-20 06:09 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-20 06:08 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-20 06:08 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-20 06:08 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-20 06:08 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-17 07:13 - 2014-10-17 07:13 - 00013266 _____ () C:\Users\jadvani\Documents\ITAVLC Receipt.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-14 14:55 - 2012-05-07 06:35 - 01379262 _____ () C:\windows\WindowsUpdate.log
2014-11-14 14:54 - 2012-07-05 14:19 - 00000461 _____ () C:\windows\SMSCFG.ini
2014-11-14 14:53 - 2012-08-21 06:07 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 14:51 - 2012-05-10 09:17 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 14:50 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-14 14:50 - 2009-07-13 23:51 - 00009197 _____ () C:\windows\setupact.log
2014-11-14 12:59 - 2012-05-10 09:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 12:38 - 2014-03-24 10:46 - 00000542 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924.job
2014-11-14 12:38 - 2012-06-13 05:57 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA.job
2014-11-14 10:22 - 2009-07-13 23:45 - 00024832 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 10:22 - 2009-07-13 23:45 - 00024832 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 10:17 - 2011-11-21 10:30 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-14 07:43 - 2014-01-03 08:38 - 00009842 _____ () C:\Users\jadvani\Documents\Dates.xlsx
2014-11-14 07:38 - 2012-06-13 05:57 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core.job
2014-11-14 07:36 - 2009-07-14 00:32 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-11-14 07:33 - 2012-06-13 05:57 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA
2014-11-14 07:33 - 2012-06-13 05:57 - 00003498 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core
2014-11-14 07:21 - 2014-06-16 07:33 - 724288512 _____ () C:\Users\jadvani\Documents\Clarksville Flood Recovery.pst
2014-11-14 07:21 - 2012-07-12 15:54 - 300688384 _____ () C:\Users\jadvani\Documents\Personal Folders.pst
2014-11-14 07:09 - 2009-07-14 00:13 - 00991242 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-14 07:08 - 2012-09-21 06:35 - 00001866 _____ () C:\Users\jadvani\Desktop\ElectricalGroup-MW.lnk
2014-11-14 07:08 - 2012-05-21 10:56 - 00000306 _____ () C:\windows\system32\ricdb.ini
2014-11-14 07:08 - 2012-05-21 10:55 - 00000000 ___HD () C:\ProgramData\RICOH_DRV
2014-11-14 07:08 - 2012-05-11 08:48 - 00001902 _____ () C:\Users\jadvani\Desktop\Shortcut to Midwest Phone List-CINCINNATI OFFICE ONLY.lnk
2014-11-14 07:07 - 2012-05-11 11:43 - 00000419 _____ () C:\windows\BRWMARK.INI
2014-11-14 07:07 - 2012-05-11 11:43 - 00000027 _____ () C:\windows\BRPP2KA.INI
2014-11-14 06:57 - 2012-05-07 13:08 - 00002574 __RSH () C:\Users\jadvani\ntuser.pol
2014-11-14 06:57 - 2012-05-07 13:08 - 00000000 ____D () C:\Users\jadvani
2014-11-14 06:56 - 2012-05-07 07:42 - 00000264 _____ () C:\windows\system32\config\netlogon.ftl
2014-11-13 12:46 - 2011-11-18 14:36 - 00480454 _____ () C:\windows\PFRO.log
2014-11-07 06:42 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini
2014-11-07 06:39 - 2009-07-13 21:34 - 185073664 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 18350080 _____ () C:\windows\system32\config\SYSTEM.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak
2014-11-07 06:39 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-11-06 21:26 - 2014-09-30 12:05 - 00004978 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HSNY_LAN-jadvani HSCMH-JADVANI.hazenandsawyer.com
2014-11-06 18:08 - 2012-05-07 08:20 - 00000000 ____D () C:\temp
2014-11-06 16:32 - 2013-08-08 09:20 - 00000000 ___RD () C:\Users\jadvani\Dropbox
2014-11-06 14:12 - 2013-08-15 05:36 - 00000000 ____D () C:\windows\system32\MRT
2014-11-06 14:04 - 2012-09-14 09:12 - 00002330 ____H () C:\Users\jadvani\Documents\Default.rdp
2014-11-06 13:27 - 2013-08-08 09:13 - 00000000 ____D () C:\Users\jadvani\AppData\Roaming\Dropbox
2014-11-06 13:21 - 2009-07-13 21:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-11-06 13:17 - 2009-07-14 00:08 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-11-06 09:45 - 2014-06-23 13:56 - 00004976 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {d8881d19-6628-485d-bf42-ed78e9a8887f} HSCMH-JADVANI.hazenandsawyer.com
2014-11-06 09:23 - 2012-05-10 08:06 - 00000000 ____D () C:\Users\jadvani\AppData\Local\Deployment
2014-11-06 08:59 - 2012-05-07 07:44 - 00023666 __RSH () C:\ProgramData\ntuser.pol
2014-11-04 18:47 - 2012-05-08 09:15 - 00000000 ____D () C:\Library
2014-11-04 18:45 - 2012-11-06 11:19 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-11-04 18:02 - 2012-05-08 09:15 - 00000000 ____D () C:\Projects
2014-11-04 17:33 - 2012-04-26 20:37 - 00053256 _____ () C:\windows\DPINST.LOG
2014-11-04 13:24 - 2012-11-07 14:46 - 00000084 _____ () C:\windows\FW.INI
2014-11-04 10:44 - 2012-05-08 10:57 - 1328436764 _____ () C:\windows\MEMORY.DMP
2014-11-04 10:44 - 2012-05-08 10:57 - 00000000 ____D () C:\windows\Minidump
2014-11-03 06:42 - 2012-05-08 13:05 - 00000000 ____D () C:\Users\jadvani\AppData\Local\cache
2014-10-30 06:25 - 2011-11-18 13:10 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-10-29 12:23 - 2014-03-24 10:46 - 00003576 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924
2014-10-24 12:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Help
2014-10-24 12:37 - 2011-11-21 09:03 - 00000000 ____D () C:\Diskeeper
2014-10-23 10:54 - 2012-05-10 09:17 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 10:54 - 2012-05-10 09:17 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-23 05:38 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\spool
2014-10-23 05:33 - 2009-07-13 23:45 - 00585560 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-22 06:27 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-21 14:31 - 2012-05-07 13:08 - 00169824 _____ () C:\Users\jadvani\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-21 14:31 - 2011-11-18 15:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-20 08:01 - 2014-05-06 15:33 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-20 06:30 - 2013-06-28 15:19 - 00002163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Forefront Endpoint Protection.lnk
2014-10-20 06:30 - 2013-06-28 15:19 - 00001945 _____ () C:\windows\epplauncher.mif
2014-10-20 06:29 - 2013-06-28 15:19 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-20 06:29 - 2012-05-07 12:19 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-20 06:28 - 2013-09-03 07:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-20 06:18 - 2009-07-13 21:34 - 00000478 _____ () C:\windows\win.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 10:30
==================== End Of Log ============================

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by jadvani at 2014-11-14 14:56:25
Running from C:\Users\jadvani\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.33 - STMicroelectronics)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.5.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AutoCAD MEP 2011 - English (HKLM\...\AutoCAD MEP 2011 - English) (Version: 6.5.49.0 - Autodesk)
AutoCAD MEP 2011 - English (Version: 6.5.353.0 - Autodesk) Hidden
AutoCAD MEP 2011 - English Version 3 (HKLM\...\AutoCAD MEP 2011 - English Version 3) (Version: 1 - Autodesk)
AutoCAD MEP 2011 Language Pack - English (Version: 18.1.49.0 - Autodesk) Hidden
AutoCAD MEP 2012 - English (HKLM\...\AutoCAD MEP 2012 - English) (Version: 6.7.49.0 - Autodesk)
AutoCAD MEP 2012 - English (Version: 6.7.207.0 - Autodesk) Hidden
AutoCAD MEP 2012 - English SP 2 (HKLM\...\AutoCAD MEP 2012 - English SP 2) (Version: 1 - Autodesk)
AutoCAD MEP 2012 Language Pack - English (Version: 18.2.51.0 - Autodesk) Hidden
AutoCAD P&ID 2011 (HKLM-x32\...\AutoCAD P&ID 2011) (Version: 5.0.37.00 - Autodesk)
AutoCAD P&ID 2011 (Version: 5.0.37.00 - Autodesk) Hidden
AutoCAD P&ID 2011 Language Pack - English (Version: 5.0.37.00 - Autodesk) Hidden
AutoCAD P&ID 2012 - English (HKLM\...\AutoCAD P&ID 2012 - English) (Version: 6.0.39.00 - Autodesk)
AutoCAD P&ID 2012 - English (Version: 6.0.39.00 - Autodesk) Hidden
AutoCAD P&ID 2012 Language Pack - English (Version: 6.0.39.00 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}) (Version: 2.0.90 - Autodesk)
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 (HKLM\...\Autodesk Inventor Fusion 2012) (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Material Library 2011 (HKLM-x32\...\{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Base Image library (HKLM-x32\...\{CD1E078C-A6B9-47DA-B035-6365C85C7832}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2011 Medium Image library (HKLM-x32\...\{975951E7-14D0-49AF-A630-89680D12D7F6}) (Version: 2.0.0.49 - Autodesk)
Autodesk Material Library 2012 (HKLM-x32\...\{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}) (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (HKLM-x32\...\{65420DC9-306E-4371-905F-F4DC3B418E52}) (Version: 2.5.0.8 - Autodesk)
Autodesk Navisworks Freedom 2012 (HKLM\...\Autodesk Navisworks Freedom 2012) (Version: 9.0.69.686 - Autodesk)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686 - Autodesk) Hidden
Autodesk Navisworks Freedom 2012 English Language Pack (HKLM\...\{78040857-9518-0409-91B0-9F429CBF0835}) (Version: 9.0.69.686 - Autodesk)
Beyond Compare Version 3.3.4 (HKLM-x32\...\BeyondCompare3_is1) (Version:  - Scooter Software)
CamStudio OSS Desktop Recorder (HKLM-x32\...\{FD9C31B6-F572-414D-81E3-89368C97A125}_is1) (Version: 2.6 Beta r294 - CamStudio Open Source Dev Team)
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ChromaTrace (HKLM-x32\...\{2B9CA095-D2F5-4C85-8E0A-A958CF9125B8}) (Version: 6.0.0 - Chromalox)
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{BD9555FF-C3B6-4654-BE94-C4E3EDD731D2}) (Version: 8.29.3202 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Configuration Manager Client (x32 Version: 4.00.6487.2000 - Microsoft Corporation) Hidden
ControlFLASH (HKLM-x32\...\{DCD8385B-79FA-4C6D-8B20-5177A75460C7}) (Version: 9.00.015 - Rockwell Software)
CostWorks 2012 (HKLM-x32\...\{5AA35D3D-8462-4BF3-9EC3-A5B219DEE433}) (Version: 15.16.0000 - RSMeans)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{975DFE7C-8E56-45BC-A329-401E6B1F8102}) (Version: 1.3 - Dell Inc.)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.000 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.28 - Creative Technology Ltd)
DeviceNet Node Commissioning Tool (HKLM-x32\...\{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}) (Version: 1.0.0 - Rockwell Software)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Extreme Picture Finder 3.15 (HKLM-x32\...\Extreme Picture Finder_is1) (Version: 3.15 - Extreme Internet Software)
FactoryTalk Activation Manager 3.40 (CPR 9 SR 4) (HKLM-x32\...\{70A1D2A6-A0B1-4D42-96FD-9832085575A1}) (Version: 3.40.00.0046 - Rockwell Automation, Inc.)
FactoryTalk Diagnostics 2.40 (CPR 9 SR 4) (HKLM-x32\...\{6809A6B0-6A86-4520-8744-95ED21007590}) (Version: 2.40.00.0011 - Rockwell Automation, Inc.)
FactoryTalk Gateway 3.03.00000 (CPR 9 SR 3) (HKLM-x32\...\{844C71E7-45B8-421A-AC46-EC344F63E59B}) (Version: 3.03.00000 - Rockwell Automation, Inc.)
FactoryTalk Services Platform 2.40 (CPR 9 SR 4) (HKLM-x32\...\{A134675D-D0F7-4D78-B218-3D39B59410EF}) (Version: 2.40.00.0011 - Rockwell Automation, Inc.)
FactoryTalk® View Machine Edition 6.10.00 (CPR 9 SR 4) (HKLM-x32\...\{ADE57A5D-6AC7-4F5B-925E-52FC60F77ECF}) (Version: 6.10.00.9 (CPR 9 SR 4) - Rockwell Automation, Inc.)
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.4.5.6 - Telerik)
Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
FileOpen Client (x64) (HKLM\...\{B239E0BC-D88A-47B1-935B-9707C7EB9CC9}) (Version: 3.0.83.920 - FileOpen Systems, Inc.)
Firmware Upgrade Wizard for PanelView Plus 6 700-1500 (HKLM-x32\...\{5A1F1645-DF39-4297-AEDB-6609949A59DB}) (Version: 6.10.20120418 - Rockwell Automation)
Franklin County Download Manager (HKCU\...\7a85fbf0e00cdf02) (Version: 1.0.0.36 - Franklin County Auditor Office)
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKCU\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
harmon.ie for SharePoint (HKLM-x32\...\{36ccadbe-6938-4c5f-9b3a-e751ce107555}) (Version: 4.0.2133 - harmon.ie)
Harmony Browser Plug-in (HKLM-x32\...\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}) (Version: 2.0 - Logitech)
HASP Device Drivers (HKLM-x32\...\HASP Device Drivers) (Version:  - )
Heavy Industries Consultant Resource Catalogs (HKLM-x32\...\{3DBF5909-D00B-440C-BD6B-6C3C9C3E0505}) (Version: 1.00.0000 - Rockwell Automation)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
HydraVision (x32 Version: 4.2.218.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.40.1161 - Intel Corporation)
Java 7 Update 11 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.110 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Logix CPU Security Tool (HKLM-x32\...\{9AE0E408-37BC-4B89-B768-252DE878CE7A}) (Version: 3.0.0 - Rockwell Automation)
Logix5000 Clock Update Tool (HKLM-x32\...\{B8EB09E7-2123-450F-9765-0C2526CBFC05}) (Version: 2.4.0 - Rockwell Software)
Logix5000 Task Monitor (HKLM-x32\...\{5E171324-7299-4107-96D6-7584635962D5}) (Version: 2.4.0 - Rockwell Automation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Forefront Endpoint Protection (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM-x32\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{389F8A7A-8611-42E8-8169-20D2BAF0C595}) (Version: 8.0.6362.215 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio Standard 2007 (HKLM-x32\...\VISSTD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{5D62CA9E-C68A-4BED-A1E9-7D38D9DDC2DB}) (Version: 7.250.4122.0 - Microsoft Corporation)
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM-x32\...\{95140000-0052-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.28.0 - Dell)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyHarmony (HKCU\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Netwaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.59 - BVRP Software, Inc)
NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version:  - )
Nuance PDF Converter Enterprise 7 (HKLM\...\{F51B8275-3FC2-4EF8-951D-303FA62D785A}) (Version: 7.20.6153 - Nuance Communications, Inc.)
Nuance PDF Converter Enterprise 7 (HKLM-x32\...\{F51B8275-3FC2-4EF8-951D-303FA62D785A}) (Version: 7.20.6153 - Nuance Communications, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlook Reminder Tool (HKLM-x32\...\{44765A95-CF30-4066-8310-289F805F196F}) (Version: 1.0.0 - Three Keys)
PaperPort Image Printer 64-bit (HKLM\...\{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}) (Version: 1.00.0000 - Nuance Communications, Inc.)
Parker Isysnet Analog Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ASCII Module Profile (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden
PID Calculation Program (HKLM-x32\...\PID Calculation Program) (Version:  - )
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reservationless-Plus VoIP (HKLM-x32\...\{96CEF81A-0D4A-442E-AA50-4666FE7A2E7A}) (Version: 5.12.4.496 - InterCall, Inc.)
Rockwell Automation 1440 XM Dynamic Measurement Module Profile (x32 Version: 1.07.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles (x32 Version: 2.02.1.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles 2 (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ASCII Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profile, DeviceLogix (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 4 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Specialty Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles 2 (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ASCII Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profile, DeviceLogix (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles (x32 Version: 6.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 4 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile (x32 Version: 3.00.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Specialty Module Profiles (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 CNet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Ethernet Bridge Module Profile (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 HART Module Profiles (x32 Version: 2.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Remote I/O Interface Module Profile (x32 Version: 1.05.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 5.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 ASCII Module Profiles (x32 Version: 1.06.5.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Boolean Module Profiles (x32 Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Controller Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 1.02.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Embedded Module Profiles (x32 Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Specialty Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1783 Ethernet Managed Switch Module Profile (x32 Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1791DS Discrete Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1799 Embedded Discrete Module Profile (x32 Version: 1.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2097 Kinetix Module Profiles (x32 Version: 1.01.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 48MS Vision Sensor Module Profiles (x32 Version: 1.01.19.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 5XRF RFID Reader Module Profiles (x32 Version: 1.02.24.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 2.01.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 4.01.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.03.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 1.04.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO EtherNet Safety Module Profiles (x32 Version: 3.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Driver Package x64 (HKLM-x32\...\{274CD5B9-27A7-47B8-B58D-2550B887F62D}) (Version: 1.1.4 - Rockwell Automation.)
Rockwell Automation Drives PowerFlex 4 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 2 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 3 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives SCANport Module Profiles (x32 Version: 3.01.48.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation EtherNet/IP Tap Family Module Profiles (x32 Version: 2.06.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Generic Safety Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Kinetix CIP Motion Drive Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation PowerFlex CIP Motion Drive Module Profiles (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Stratix 8000/8300 Module Profiles (x32 Version: 4.01.13.0 - Rockwell Automation, Inc.) Hidden
Rockwell Windows Firewall Configuration Utility 1.00.06 (HKLM-x32\...\{01D8D3AA-2A4F-4085-9CC3-61E389D86D29}) (Version: 1.00.06.0004 - Rockwell Automation, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.1 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RSLinx Classic 2.57.00 CPR 9 SR 3 (HKLM-x32\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.57.00.14 CPR 9 SR 3 - Rockwell Automation, Inc.)
RSLinx Enterprise 5.40.00000 (CPR 9 SR 4) (HKLM-x32\...\{C8302E7B-5433-4AB9-B45D-569998B56E68}) (Version: 5.40.00000 - Rockwell Automation, Inc.)
RSLogix 5 English 7.40.00 (CPR 9) (HKLM-x32\...\{1866FCD2-4DFE-4E79-90B0-E4707DA753D9}) (Version: 7.40.00 - Rockwell Automation, Inc.)
RSLogix 500 English 8.40.00 (CPR 9) (HKLM-x32\...\{436D42D9-1809-40C5-9A82-D2ED2F8EF58C}) (Version: 8.40.00 - Rockwell Automation Inc)
RSLogix 5000 Compare (HKLM-x32\...\{D6088EA7-1828-40AF-A684-3C1AD67FDE68}) (Version: 3.20.00 - Rockwell Software)
RSLogix 5000 DeviceNet Tag Generator (HKLM-x32\...\{B100A292-14C5-4E41-AE27-0229BFBFDA9F}) (Version: 1.0.105 - Rockwell Automation,Inc.)
RSLogix 5000 IEC61131-3 Translation Tool (HKLM-x32\...\{517AA455-8CC9-4281-87A4-865E71947DC9}) (Version: 1.0.0 - Rockwell Automation, Inc.)
RSLogix 5000 Module Profile Core (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates (x32 Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Setup Utility (x32 Version: 7.00.2213.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Online Books v19.00.00 (HKLM-x32\...\{20010019-D5FD-11DA-A128-000C29473C90}) (Version: 19.00.00 - Rockwell Automation, Inc.)
RSLogix 5000 Setup Installer (x32 Version: 4.02.0000 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Start Page Media v19.00.00 (HKLM-x32\...\{10000019-D5FD-11DA-A128-000C29473C90}) (Version: 19.00.00 - Rockwell Automation, Inc.)
RSLogix 5000 System Updates (x32 Version: 18.02.1209 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 v13.04 (HKLM-x32\...\{30010413-EC33-11D6-A408-F6139379CBFB}) (Version: 13.04.0000 - Rockwell Software, Inc.)
RSLogix 5000 v15.02 (HKLM-x32\...\{30010215-EC33-11D6-A408-F6139379CBFB}) (Version: 15.02.0000 - Rockwell Software, Inc.)
RSLogix 5000 v16.04.00 (CPR 9) (HKLM-x32\...\{30010416-EC33-11D6-A408-F6139379CBFB}) (Version: 16.04.00 - Rockwell Automation, Inc.)
RSLogix 5000 v17.01.00 (CPR 9 SR 1) (HKLM-x32\...\{30010117-EC33-11D6-A408-F6139379CBFB}) (Version: 17.01.00 - Rockwell Automation, Inc.)
RSLogix 5000 v18.02.00 (CPR 9 SR 2) (HKLM-x32\...\{30010218-EC33-11D6-A408-F6139379CBFB}) (Version: 18.02.00 - Rockwell Automation, Inc.)
RSLogix 5000 v19.01.00 (CPR 9 SR 3) (HKLM-x32\...\{30010119-EC33-11D6-A408-F6139379CBFB}) (Version: 19.01.00 - Rockwell Automation, Inc.)
RSView ME 6.10.00.9 (CPR 9 SR 4) (HKLM-x32\...\RSView Studio) (Version:  - )
ScanSoft PaperPort 11 (HKLM-x32\...\{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}) (Version: 11.2.0000 - Nuance Communications, Inc.)
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SonicWALL Global VPN Client (HKLM\...\{2B0BD3DD-EF7E-43EE-AC58-061E412BFFEF}) (Version: 4.7.3 - SonicWALL)
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Tag Data Monitor Tool (HKLM-x32\...\{3D1F0E21-FE2D-480A-B2A0-4D9CB1BE6774}) (Version: 2.0.3 - Rockwell Automation)
Tag Upload Download Tool (HKLM-x32\...\{F114066A-DFCB-443E-A6FB-82922F6CC88A}) (Version: 2.6.4 - Rockwell Automation)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)
Translate PLC-5_SLC 2.0 (HKLM-x32\...\{6EF053F0-150E-4227-8BE2-1EAB082FF7DE}) (Version: 1.0.8 - Rockwell Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0053-0000-0000-0000000FF1CE}_VISSTD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8800 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WM Recorder (HKLM-x32\...\WM Recorder14.12.2) (Version: 14.12.2 - AllAlex, Inc)
X7Magic Setup (HKLM-x32\...\{F4616B4B-700B-46D9-9F3B-46B986B49B36}) (Version: 7.1.5 - Dell Inc.)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{57FA2D12-D22D-490A-805A-5CB48E84F12A}\InprocServer32 -> C:\Program Files (x86)\Beyond Compare 3\BCShellEx64.dll (Scooter Software)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{6D7AE628-FF41-4CD3-91DD-34825BB1A251}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{B77E471C-FBF3-4CB5-880F-D7528AD4B349}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{C92FB640-AD4D-498A-9979-A51A2540C977}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{D70E31AD-2614-49F2-B0FC-ACA781D81F3E}\localserver32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD MEP 2012\acadficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jadvani\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points  =========================
14-11-2014 00:15:35 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-07 06:42 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1559492C-DA49-4670-ACD9-A76082C3E967} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {19EFB4E7-A227-44BC-B49A-968FFA141469} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {4DE2081C-4974-4AE7-8B32-22820BC21CCE} - System32\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924 => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {604CED65-C384-4402-B89E-0D6D40E7F722} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HSNY_LAN-jadvani HSCMH-JADVANI.hazenandsawyer.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {67D75034-1F9C-4C74-B63B-7D6FA056B830} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {6CC08F7A-4783-4D52-8C57-D53C3D44B2CE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13] (Google Inc.)
Task: {6E7C6238-382A-4C09-AD11-52D86CCA9B9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-10] (Google Inc.)
Task: {6F8C5855-5FC8-4B95-89C8-0B74D664729D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {9D4A76AE-DE9D-4578-BB06-79A363639958} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {AF60F463-DBC9-496B-8717-757F2B8A53E2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {CE882B2D-9018-4703-A00A-400195541848} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {d8881d19-6628-485d-bf42-ed78e9a8887f} HSCMH-JADVANI.hazenandsawyer.com => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {FCCD8832-051B-48E0-A206-8A10336FC6D1} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-510924518-477319906-751859383-66924.job => C:\Program Files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924Core.job => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-510924518-477319906-751859383-66924UA.job => C:\Users\jadvani\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-02-02 13:08 - 2011-02-02 13:08 - 00018656 _____ () C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
2014-09-16 12:50 - 2014-09-16 12:50 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-08-23 12:52 - 2010-08-23 12:52 - 00803312 _____ () C:\Program Files\Roxio\Roxio Burn\RBVirtualFolder64.dll
2012-04-26 20:37 - 2011-07-25 08:43 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2014-09-25 12:31 - 2014-09-25 12:31 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2013-10-17 11:23 - 2013-10-17 11:23 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: O2FLASH => 2
MSCONFIG\startupfolder: C:^Users^jadvani^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DFEPApplication => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
MSCONFIG\startupreg: FileOpenBroker => C:\Program Files\FileOpen\Services\FileOpenBroker64.exe
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
========================= Accounts: ==========================
Administrator (S-1-5-21-588203353-3606038767-738393484-500 - Administrator - Enabled) => C:\Users\Administrator
ASPNET (S-1-5-21-588203353-3606038767-738393484-1003 - Limited - Enabled)
Guest (S-1-5-21-588203353-3606038767-738393484-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2014 07:07:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: CLI.Combined.HydraVision.Aspects.Runtime.ni.dll, version: 4.5.5371.30949, time stamp: 0x54171dee
Exception code: 0xc0000005
Fault offset: 0x000000000002dee0
Faulting process id: 0x1874
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Error: (11/14/2014 07:07:01 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE64CDEE0
Error: (11/06/2014 09:15:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Security Center Server - 3414797000 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/06/2014 09:15:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Security Center Server - 3127520538 since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (11/06/2014 06:39:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Faulting module name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Exception code: 0xc0000005
Fault offset: 0x0000fd8b
Faulting process id: 0x6a30
Faulting application start time: 0xicguerv.exe0
Faulting application path: icguerv.exe1
Faulting module path: icguerv.exe2
Report Id: icguerv.exe3
Error: (11/06/2014 06:37:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Faulting module name: icguerv.exe, version: 0.0.0.0, time stamp: 0x503bbb6d
Exception code: 0xc0000005
Fault offset: 0x0000fd8b
Faulting process id: 0x5500
Faulting application start time: 0xicguerv.exe0
Faulting application path: icguerv.exe1
Faulting module path: icguerv.exe2
Report Id: icguerv.exe3
Error: (11/06/2014 05:24:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CCC.exe, version: 4.5.0.0, time stamp: 0x53ad0dcc
Faulting module name: amdmantle64.dll_unloaded, version: 0.0.0.0, time stamp: 0x5417637b
Exception code: 0xc0000005
Fault offset: 0x000007fee6bddee0
Faulting process id: 0x1a6c
Faulting application start time: 0xCCC.exe0
Faulting application path: CCC.exe1
Faulting module path: CCC.exe2
Report Id: CCC.exe3
Error: (11/06/2014 05:24:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CCC.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000007FEE6BDDEE0
Error: (11/06/2014 04:42:16 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (11/06/2014 02:07:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateFlashPlayer_d4e2471e.exe, version: 0.0.0.0, time stamp: 0x539d7a76
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00004542
Faulting process id: 0x108c
Faulting application start time: 0xUpdateFlashPlayer_d4e2471e.exe0
Faulting application path: UpdateFlashPlayer_d4e2471e.exe1
Faulting module path: UpdateFlashPlayer_d4e2471e.exe2
Report Id: UpdateFlashPlayer_d4e2471e.exe3

System errors:
=============
Error: (11/14/2014 02:54:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (11/14/2014 02:54:20 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (SN0026561256).
Error: (11/14/2014 02:53:34 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
Error: (11/14/2014 02:51:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{1CCB96F4-B8AD-4B43-9688-B273F58E0910}{AD65A69D-3831-40D7-9629-9B0B50A93843}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (11/14/2014 02:51:04 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HSNY_LAN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (11/14/2014 02:50:25 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Error: (11/14/2014 02:50:23 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain HSNY_LAN due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (11/14/2014 02:50:11 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:16:20 PM on ‎11/‎14/‎2014 was unexpected.
Error: (11/14/2014 00:12:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (11/14/2014 10:22:37 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: HSNY_LAN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Microsoft Office Sessions:
=========================
Error: (08/15/2013 04:39:52 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 126040 seconds with 15540 seconds of active time.  This session ended with a crash.
Error: (08/07/2013 06:20:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 146 seconds with 60 seconds of active time.  This session ended with a crash.
Error: (02/01/2013 11:07:41 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10681 seconds with 3480 seconds of active time.  This session ended with a crash.
Error: (12/20/2012 11:34:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 17483 seconds with 1800 seconds of active time.  This session ended with a crash.
Error: (11/07/2012 01:13:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5146 seconds with 600 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-14 07:19:33.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2014-11-14 07:09:48.481
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2014-11-06 19:42:23.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2014-11-06 19:42:23.640
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2012-11-06 12:17:32.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2012-11-06 11:57:06.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2012-11-06 11:33:17.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2012-11-06 11:14:20.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2012-11-06 10:56:23.221
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
  Date: 2012-11-06 10:34:18.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 13%
Total physical RAM: 24533.05 MB
Available physical RAM: 21262.16 MB
Total Pagefile: 61330.23 MB
Available Pagefile: 57835.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:297.76 GB) (Free:87.09 GB) NTFS
Drive e: () (Removable) (Total:1.86 GB) (Free:1.85 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2EE72E2B)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=297.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 001D75AF)
Partition 1: (Active) - (Size=1.9 GB) - (Type=06)
==================== End Of Log ============================
 

Edited by Lakee911, 14 November 2014 - 03:21 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:44 PM

Posted 15 November 2014 - 12:27 AM

1.

 

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.15KB   1 downloads

 

2.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

 

3.

 

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 Lakee911

Lakee911
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 17 November 2014 - 09:12 AM

  1. I uninstalled Microsoft Forefront Endpoint Protection since I was unable to turn it off.
  2. I ran FRST64 with your fixlist.txt and posted the fixlog.txt file below.
  3. I obtained a copy of Malwarebytes Anti-Malware from the link and installed it. It downloaded a new version upon update. I did a scan and I’ve posted the log file below.
  4. I obtained Emsisoft Emergency Kit from your link and installed it. It updated and I ran it and my computer locked (15min time out) and upon unlocking it froze. I had to reboot it and then I ran the scan again. The log file a2scan_141116-194159.txt is also below.
  5. I rebooted the machine once we ran all the scanners hoping that it is clean.
  6. I noticed that svchost.exe was again consuming a boatload of memory so I ran another scan of Malwarebytes Anti-Malware. It took only about 15min and then came up clean! Svchost.exe is still taking up lots of memory, though. I killed the process and it came back in short time. What gives? I ran tasklist /svc from the command line and the PID from svchost.exe that is consuming the memory is responsible for the following services, “AudioEndpointBuilder, IPBusEnum, Netman, PcaSvc, SysMain, TrkWks, UmRdpService, UxSms, Wlansvc, [and] wudfsvc.” I’m running the Emisoft Smart Scan at the moment … seeing what it comes up with.

 

 

fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by jadvani at 2014-11-16 16:18:57 Run:2
Running from C:\Users\jadvani\Desktop
Loaded Profile: jadvani (Available profiles: jadvani & Administrator)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [Ufgoekgabazerya] => "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe"
C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
HKLM-x32\...\Run: [Ufgoekgabazerya] => C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [OicniGcayl] => regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat"
HKU\S-1-5-21-510924518-477319906-751859383-66924\...\Run: [Ufgoekgabazerya] => "C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe"
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll No File
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 nptpauus; \??\C:\windows\system32\drivers\nptpauus.sys [X]
C:\Users\jadvani\AppData\Roaming\Ywykduxe
CustomCLSID: HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jadvani\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
"C:\Users\jadvani\AppData\Roaming\Ywykduxe\ewiftes.exe" => File/Directory not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
HKU\S-1-5-21-510924518-477319906-751859383-66924\Software\Microsoft\Windows\CurrentVersion\Run\\OicniGcayl => value deleted successfully.
HKU\S-1-5-21-510924518-477319906-751859383-66924\Software\Microsoft\Windows\CurrentVersion\Run\\Ufgoekgabazerya => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}" => Key deleted successfully.
"HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator" => Key deleted successfully.
C:\Users\jadvani\AppData\Roaming\CATALI~1\NPBCSK~1.DLL => Moved successfully.
catchme => Service deleted successfully.
nptpauus => Service deleted successfully.
C:\Users\jadvani\AppData\Roaming\Ywykduxe => Moved successfully.
"HKU\S-1-5-21-510924518-477319906-751859383-66924_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
 
==== End of Fixlog ====

Malwarebytes Anti-Malware Log:


Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/16/2014
Scan Time: 4:25:05 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.16.06
Rootkit Database: v2014.11.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jadvani
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 446043
Time Elapsed: 20 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.CouponBar.A, HKU\S-1-5-21-510924518-477319906-751859383-66924-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{8660E5B3-6C41-44DE-8503-98D99BBECD41}, Quarantined, [f87e49f3413bfd397c4e3f7b22e0936d], 
 
Registry Values: 1
Trojan.Ransom.Gen, HKU\S-1-5-21-510924518-477319906-751859383-66924-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|OicniGcayl, regsvr32.exe "C:\ProgramData\OicniGcayl\OicniGcayl.dat", Quarantined, [4d297bc18defe65099609214b4503dc3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 11
Trojan.Zemot, C:\Windows\Installer\{79553499-6DAB-4062-9023-3D536948DA00}\msiexec.exe, Quarantined, [3640e953a1db8fa7980c627eda27fd03], 
Trojan.Zemot, C:\Windows\Installer\{5A1915B9-AF23-48E0-8092-2F254FFC0B3B}\msiexec.exe, Quarantined, [f87ebe7e90ecaf8713913ea27e83728e], 
Trojan.Agent.ED, C:\Windows\Installer\{54EC95AB-C680-4698-AE06-0615DEB3D847}\msiexec.exe, Quarantined, [c8ae76c6384445f1a018c41cc73ad52b], 
Trojan.Agent.ED, C:\Windows\Installer\{FA53C7E2-0635-460E-BD03-DC8D0C4E731F}\msiexec.exe, Quarantined, [195d0c30de9ecc6a91279848ae539967], 
Trojan.MalPack, C:\Windows\Installer\{3902CB08-DDDA-4704-B7F0-3287A4F1EEB4}\msiexec.exe, Quarantined, [b4c259e3641885b161ad6c7421e002fe], 
Trojan.Dropper, C:\Windows\Installer\{D063D775-E940-48E6-BBD7-F5C0758FC571}\msiexec.exe, Quarantined, [255171cb33492e084a4b07d859a8d52b], 
Trojan.MalPack, C:\Windows\Installer\{06E9321F-4B7A-4A46-B1E2-6109CCE350AB}\msiexec.exe, Quarantined, [0373be7e3f3d5dd960ae8e52966bfa06], 
Trojan.Krypt, C:\Windows\Installer\{76407BB0-44B5-4AD3-934A-29A068A998E3}\msiexec.exe, Quarantined, [e6900d2f7b013df905e5924e2ed3ae52], 
Trojan.MalPack, C:\Windows\Installer\{C1367466-9315-4A10-9ED1-8D920237E498}\msiexec.exe, Quarantined, [64124af20b71ad899e0e38a82bd6bb45], 
Trojan.Dropper, C:\Windows\Installer\{24A4E825-0828-44EC-A515-A08B1E14E2C3}\msiexec.exe, Quarantined, [0274b98378041f172b6a8b54986919e7], 
Trojan.Ransom.Gen, C:\ProgramData\OicniGcayl\OicniGcayl.dat, Quarantined, [4d297bc18defe65099609214b4503dc3], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

a2scan_141116-194159.txt

Emsisoft Emergency Kit - Version 9.0
Last update: 11/16/2014 5:13:49 PM
User account: HSNY_LAN\jadvani
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start:           11/16/2014 7:41:59 PM
C:\Program Files (x86)\coupons                detected: Application.AppInstall (A)
C:\windows\couponprinter.ocx                detected: Application.AdCoup (A)
C:\FRST\Quarantine\C\ProgramData\OicniGcayl\OicniGcayl.dat.xBAD    detected: Trojan.GenericKD.1962341 (B)
C:\Windows\System32\MRT\5612279E-542C-454D-87FE-92E7CBFDCF0F\Samples\{9E271256-2C54-4D45-87FE-92E7CBFDCF0F}\{E0793661-08DF-228B-F7AA-36CBEC310DF8}-icguerv.exe -> (Quarantine-PE)     detected: Trojan.Generic.12101461 (B)
 
Scanned               588682
Found   4
 
Scan end:            11/17/2014 7:37:29 AM
Scan time:           11:55:30
 
C:\Windows\System32\MRT\5612279E-542C-454D-87FE-92E7CBFDCF0F\Samples\{9E271256-2C54-4D45-87FE-92E7CBFDCF0F}\{E0793661-08DF-228B-F7AA-36CBEC310DF8}-icguerv.exe             Quarantined Trojan.Generic.12101461 (B)
C:\FRST\Quarantine\C\ProgramData\OicniGcayl\OicniGcayl.dat.xBAD    Quarantined Trojan.GenericKD.1962341 (B)
C:\windows\couponprinter.ocx                Quarantined Application.AdCoup (A)
C:\Program Files (x86)\coupons                Quarantined Application.AppInstall (A)
 
Quarantined      4

Edited by Lakee911, 17 November 2014 - 09:20 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users