Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Teredo Tunneling Driver Problem Following Sushi Leads Infection


  • This topic is locked This topic is locked
77 replies to this topic

#1 RevD

RevD

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 31 December 2015 - 06:03 PM

I was (or so I thought) a good way through removing Sushi Leads from my computer when I lost internet access. The device manager shows a problem with the Teredo Tunneling Pseudo-Interface. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by RevD (administrator) on DELL-PC (31-12-2015 16:38:59)
Running from G:\
Loaded Profiles: RevD (Available Profiles: RevG & RevD)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_014010192] => [X]
HKLM-x32\...\Run: [ospd_us_037010192] => [X]
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-08] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [S-1-5-21-1718968445-368283017-3712501571-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-1718968445-368283017-3712501571-1003] => http=127.0.0.1:8800
Winsock: Catalog9 01 C:\Windows\SysWOW64\Hattag.dll [289112 2015-12-31] ()
Winsock: Catalog9 02 C:\Windows\SysWOW64\Hattag.dll [289112 2015-12-31] ()
Winsock: Catalog9 03 C:\Windows\SysWOW64\Hattag.dll [289112 2015-12-31] ()
Winsock: Catalog9 04 C:\Windows\SysWOW64\Hattag.dll [289112 2015-12-31] ()
Winsock: Catalog9 15 C:\Windows\SysWOW64\Hattag.dll [289112 2015-12-31] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\Hattag64.dll [768344 2015-12-31] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\Hattag64.dll [768344 2015-12-31] ()
Winsock: Catalog9-x64 03 C:\Windows\system32\Hattag64.dll [768344 2015-12-31] ()
Winsock: Catalog9-x64 04 C:\Windows\system32\Hattag64.dll [768344 2015-12-31] ()
Winsock: Catalog9-x64 15 C:\Windows\system32\Hattag64.dll [768344 2015-12-31] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{15C63527-7129-4CBA-82FF-170AE8EC9D7D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{15C63527-7129-4CBA-82FF-170AE8EC9D7D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2FA52DB9-C638-470F-91E2-8256A74C87A2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{642D8A2C-D719-430D-9194-1475900FF68E}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DE32D5B8-0866-48B0-87B5-6937CDA503E6}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DE32D5B8-0866-48B0-87B5-6937CDA503E6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DEBAB86A-E913-417D-B851-CFDB6A3D296D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F4F2F381-C57A-459A-8AB9-8FCEE2E2D3FD}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F4F2F381-C57A-459A-8AB9-8FCEE2E2D3FD}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{F846DA16-E2A6-448B-B7AE-E9EA53695D8E}: [NameServer] 104.197.191.4
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://webexhelp.webex.com/client/WBXclient-T29L10NSP13EP10-10170/webex/ieatgpc1.cab
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2013-03-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @citrixonline.com/appdetectorplugin -> C:\Users\RevD\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\RevD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @talk.google.com/O1DPlugin -> C:\Users\RevD\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @tools.google.com/Google Update;version=3 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @tools.google.com/Google Update;version=9 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM\...\Firefox\Extensions: [{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}] - C:\Program Files\groover311220152041\Firefox\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2015-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}] - C:\Program Files\groover311220152041\Firefox\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}.xpi => not found
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/webhp?source=search_app"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Webmail Ad Blocker) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2015-08-21]
CHR Extension: (Adblock Plus) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (AmazingTab) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfhabmbbhdcdpnoilchepfojmdeannd [2015-12-31]
CHR Extension: (Motive Extension) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-28]
CHR Extension: (Project Viewer 365-Free) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpghmkgkalhonankenfklpmdgnilapp [2015-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-17] (ANSYS, Inc.) [File not signed]
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-01] (Olof Lagerkvist) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [178712 2010-08-05] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-11-01] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-11-26] (SolidWorks) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2062872 2010-08-05] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 Hattag; C:\Program Files\groover311220152041\Hattag.exe [X]
S2 nosupoqezbt; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\knsjD9FB.tmpfs [X]
S2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [X]
S2 wucotusy; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\hnse9BA.tmp [X]
S2 zutuzuni; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\jnstF251.tmp [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18456 2012-11-01] (Olof Lagerkvist)
R2 bh560eth; C:\Windows\System32\Drivers\bh560eth.sys [105072 2010-11-17] (Blackhawk)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-31] (Cherimoya Ltd)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2013-04-04] (CSR plc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist)
S2 MCSTRM; no ImagePath
S3 mos24ser_QUADPORT; C:\Windows\System32\DRIVERS\mos24ser_QUADPORT.sys [268160 2009-10-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 sdusb2em; C:\Windows\System32\Drivers\sdusb2em.sys [55296 2011-05-02] (Spectrum Digital Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-31 16:38 - 2015-12-31 16:38 - 00000000 ____D C:\FRST
2015-12-31 15:35 - 2015-12-31 15:35 - 00000022 _____ C:\Windows\S.dirmngr
2015-12-31 14:37 - 2015-12-31 14:37 - 00000000 ____D C:\Users\RevD\AppData\Local\CEF
2015-12-31 14:27 - 2015-12-31 14:41 - 00000000 ____D C:\Windows\pss
2015-12-31 14:14 - 2015-12-31 15:28 - 01835070 _____ C:\Windows\ntbtlog.txt
2015-12-31 13:59 - 2015-12-31 13:59 - 00004768 _____ C:\Windows\SysWOW64\Hattag.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00002488 _____ C:\Windows\SysWOW64\HattagOff.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00002488 _____ C:\Windows\system32\HattagOff.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00000000 ____D C:\Windows\system32\syk
2015-12-31 13:59 - 2015-12-31 13:59 - 00000000 ____D C:\Users\RevD\AppData\Roaming\VecegCodso
2015-12-31 13:59 - 2015-12-31 12:43 - 00768344 _____ C:\Windows\system32\Hattag64.dll
2015-12-31 13:59 - 2015-12-31 12:43 - 00289112 _____ C:\Windows\SysWOW64\Hattag.dll
2015-12-31 13:58 - 2015-12-31 13:58 - 00003440 _____ C:\Windows\System32\Tasks\IBUpd
2015-12-31 13:58 - 2015-12-31 13:58 - 00003338 _____ C:\Windows\System32\Tasks\Wohko
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\Company
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\uninst
2015-12-31 13:54 - 2015-12-31 15:36 - 00000342 ____H C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job
2015-12-31 13:54 - 2015-12-31 13:54 - 00004032 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-31 13:54 - 2015-12-31 13:54 - 00003376 _____ C:\Windows\System32\Tasks\DTRLBIWFLJXYQTNS
2015-12-31 13:54 - 2015-12-31 13:54 - 00002852 _____ C:\Windows\System32\Tasks\CHMMFW1
2015-12-31 13:54 - 2015-12-31 13:54 - 00000000 ____D C:\ProgramData\Service1291
2015-12-31 13:54 - 2015-12-31 13:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-31 13:51 - 2015-12-31 13:52 - 00000000 ____D C:\ProgramData\sushileads
2015-12-31 13:51 - 2015-12-31 13:51 - 00001664 _____ C:\ProgramData\tempimage.bmp
2015-12-31 13:48 - 2015-12-31 13:48 - 00002255 _____ C:\Users\RevD\Desktop\Google Chrome.lnk
2015-12-31 13:44 - 2015-12-31 13:44 - 00003510 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-31 13:44 - 2015-12-31 13:41 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-31 13:43 - 2015-12-31 13:43 - 00001819 _____ C:\Users\RevG\Desktop\Note-Up.lnk
2015-12-31 13:40 - 2015-12-31 13:40 - 00003248 _____ C:\Windows\System32\Tasks\IBUpd2
2015-12-31 13:40 - 2015-12-31 13:40 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-12-31 13:38 - 2015-12-31 13:38 - 00000000 ___HD C:\Program Files\AmazingTab
2015-12-31 13:38 - 2015-12-28 18:06 - 00023712 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2015-12-31 12:44 - 2015-12-31 13:58 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-12-29 15:41 - 2015-12-29 15:41 - 00043346 _____ C:\Users\RevD\Desktop\download.pdf
2015-12-21 21:07 - 2015-12-21 21:07 - 00019573 _____ C:\Users\RevD\UTA Donation 2015 eReceipt_Online10232.pdf
2015-12-18 12:38 - 2015-10-08 17:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-18 12:38 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-18 12:38 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-18 12:38 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-18 12:27 - 2015-12-18 12:27 - 00000000 ____D C:\d85badedd717da828a
2015-12-17 18:26 - 2015-12-17 18:26 - 06953984 _____ C:\Users\RevD\Documents\Final.pptx
2015-12-17 16:09 - 2015-12-17 16:09 - 02614522 _____ C:\Users\RevD\Desktop\Theory.pdf
2015-12-15 22:39 - 2015-12-16 12:49 - 00000000 ____D C:\Users\RevD\Desktop\SKU
2015-12-14 18:56 - 2015-12-18 23:01 - 00000000 ____D C:\Windows\rescache
2015-12-14 16:16 - 2015-12-14 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Sun
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\Oracle
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\.oracle_jre_usage
2015-12-14 16:13 - 2015-01-23 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2015-12-14 13:58 - 2015-12-14 13:58 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 11:18 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-11 11:18 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-11 11:18 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-11 11:18 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-11 11:18 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-11 11:18 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-11 11:18 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-11 11:18 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-11 11:18 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-11 11:18 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-11 11:18 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-11 11:18 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-11 11:18 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-11 11:18 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-11 11:17 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-11 11:17 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 11:17 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-11 11:17 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-11 11:17 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-11 11:17 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-11 11:17 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-11 11:17 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 11:17 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 11:17 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 11:17 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 11:17 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-11 11:17 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 11:17 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 11:17 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 11:17 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 11:17 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 11:17 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 11:17 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 11:17 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 11:17 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 11:17 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 11:17 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 11:17 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 11:17 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 11:17 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 11:17 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 11:17 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 11:17 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 11:17 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 11:17 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 11:17 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 11:17 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 11:17 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 11:17 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 11:17 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 11:17 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 11:17 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-11 11:17 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-11 11:17 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-11 11:17 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-11 11:17 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-11 11:17 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-11 11:17 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-11 11:17 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-11 11:17 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-11 11:17 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-11 11:17 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-11 11:17 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-11 11:17 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-11 11:17 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-11 11:17 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-11 11:17 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-11 11:17 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-11 11:17 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-11 11:17 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-11 11:17 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-11 11:17 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-11 11:17 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-11 11:17 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-11 11:17 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-11 11:17 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-11 11:17 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-11 11:17 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-11 11:17 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-11 11:16 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-11 11:16 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-03 15:11 - 2015-12-03 15:11 - 00000569 _____ C:\Users\RevD\Documents\Conference.svt
2015-12-03 13:22 - 2015-12-03 13:22 - 00249078 _____ C:\Users\RevD\Documents\Richardson Office Rent Increase Dec 2015.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-31 16:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2015-12-31 16:36 - 2009-07-13 22:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-31 16:36 - 2009-07-13 22:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-31 16:34 - 2015-06-17 19:21 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job
2015-12-31 16:17 - 2009-07-13 23:13 - 00006250 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-31 16:14 - 2014-01-02 17:34 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job
2015-12-31 16:13 - 2012-11-15 11:49 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002UA.job
2015-12-31 16:06 - 2012-11-01 17:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 15:47 - 2014-05-27 12:01 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003.job
2015-12-31 15:47 - 2012-04-10 13:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-31 15:40 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-31 15:36 - 2012-11-01 17:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-31 15:35 - 2012-03-23 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-31 15:35 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-31 15:26 - 2015-05-30 18:11 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003.job
2015-12-31 15:16 - 2013-04-01 15:06 - 00000000 ____D C:\Users\RevD\AppData\Local\ElevatedDiagnostics
2015-12-31 14:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-31 14:14 - 2015-06-03 09:01 - 00000000 ____D C:\Users\RevD\Desktop\Other Downloads
2015-12-31 14:14 - 2013-05-06 10:56 - 01644032 ___SH C:\Users\RevD\Desktop\Thumbs.db
2015-12-31 13:59 - 2013-04-18 14:19 - 00000000 ___RD C:\Users\RevD\Virtual Machines
2015-12-31 13:59 - 2013-03-28 17:14 - 00001413 _____ C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-31 13:58 - 2014-01-27 17:26 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-12-31 13:56 - 2014-01-27 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-31 11:33 - 2015-05-30 18:11 - 00003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003
2015-12-31 11:33 - 2014-05-27 12:01 - 00003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003
2015-12-31 11:08 - 2014-01-02 17:34 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job
2015-12-31 10:58 - 2012-11-15 11:49 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002Core.job
2015-12-30 21:53 - 2013-03-28 17:14 - 00000000 ____D C:\Users\RevD
2015-12-30 16:05 - 2015-06-17 19:21 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job
2015-12-30 11:11 - 2012-04-10 13:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-30 11:11 - 2012-04-10 13:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 11:11 - 2012-04-10 13:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-22 15:32 - 2013-04-05 19:56 - 00000000 ____D C:\Users\RevD\AppData\Roaming\vlc
2015-12-20 15:42 - 2013-08-06 18:11 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Dropbox
2015-12-20 15:42 - 2013-03-28 17:14 - 00000000 ____D C:\Users\RevD\AppData\Local\Box Sync
2015-12-20 15:41 - 2009-07-13 22:45 - 00342992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-18 16:48 - 2015-04-05 23:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 16:48 - 2015-04-05 23:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 15:16 - 2013-07-19 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-12-17 18:02 - 2015-05-15 10:43 - 00000000 ____D C:\Users\RevD\Desktop\Work Downloads
2015-12-17 14:06 - 2014-09-11 09:09 - 00000000 ____D C:\Users\RevD\Desktop\Misc Docs
2015-12-17 12:06 - 2013-04-02 20:18 - 00000000 ____D C:\Users\RevD\AppData\Local\CutePDF Writer
2015-12-14 16:20 - 2013-11-14 11:12 - 00000000 ____D C:\ProgramData\Oracle
2015-12-14 16:16 - 2013-11-14 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-14 16:16 - 2013-07-16 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-14 16:16 - 2012-03-31 20:59 - 00000000 ____D C:\Program Files\Java
2015-12-14 16:13 - 2013-11-14 11:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-14 13:53 - 2013-03-28 20:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-14 13:53 - 2013-03-28 20:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-12 08:36 - 2012-03-23 20:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-12 08:35 - 2013-03-28 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-12 08:32 - 2013-07-28 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-12-12 08:25 - 2012-03-23 17:09 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 21:39 - 2010-11-20 21:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 01:08 - 2014-01-02 17:34 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA
2015-12-02 01:08 - 2014-01-02 17:34 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core
2015-12-01 20:01 - 2012-11-01 17:39 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-01 20:01 - 2012-11-01 17:39 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2014-02-27 19:52 - 2014-11-19 22:50 - 0000004 _____ () C:\Users\RevD\AppData\Roaming\F5F651
2014-02-27 19:52 - 2014-11-19 22:50 - 0870128 _____ () C:\Users\RevD\AppData\Roaming\mcs.rma
2014-08-19 12:13 - 2014-08-21 14:53 - 0000117 _____ () C:\Users\RevD\AppData\Roaming\TCMStudio6.pref
2014-05-27 12:59 - 2014-05-27 12:59 - 0003550 _____ () C:\Users\RevD\AppData\Local\recently-used.xbel
2012-11-08 19:51 - 2012-11-08 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-31 13:51 - 2015-12-31 13:51 - 0001664 _____ () C:\ProgramData\tempimage.bmp
 
Files to move or delete:
====================
C:\Users\RevD\setup.exe
 
 
Some files in TEMP:
====================
C:\Users\RevG\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RevD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiygwlm.dll
C:\Users\RevD\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\RevD\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\RevD\AppData\Local\Temp\xmlUpdater.exe
C:\Users\RevD\AppData\Local\Temp\_is3B21.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 16:44
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by RevD (2015-12-31 16:39:32)
Running from G:\
Windows 7 Ultimate Service Pack 1 (X64) (2012-03-23 23:31:28)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1718968445-368283017-3712501571-500 - Administrator - Disabled)
Guest (S-1-5-21-1718968445-368283017-3712501571-501 - Limited - Disabled)
RevG (S-1-5-21-1718968445-368283017-3712501571-1001 - Administrator - Enabled) => C:\Users\RevG
HomeGroupUser$ (S-1-5-21-1718968445-368283017-3712501571-1005 - Limited - Enabled)
RevD (S-1-5-21-1718968445-368283017-3712501571-1003 - Administrator - Enabled) => C:\Users\RevD
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{971E08B6-598E-45A2-96AE-0E391B04065B}) (Version: 4.0.7035.0 - Box, Inc.)
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Conexant HDA D330 MDC V.92 Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F) (Version: 7.80.4.0 - Conexant)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
Dropbox (HKU\S-1-5-21-1718968445-368283017-3712501571-1003\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
EPSON WorkForce 840 Series Printer Uninstall (HKLM\...\EPSON WorkForce 840 Series) (Version:  - SEIKO EPSON Corporation)
Free Editor (HKLM\...\{1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1) (Version: 2.0.3 - Blue Labs, LLC)
GoToMeeting 7.8.1.4190 (HKU\S-1-5-21-1718968445-368283017-3712501571-1003\...\GoToMeeting) (Version: 7.8.1.4190 - CitrixOnline)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.05) (Version: 9.05 - Artifex Software Inc.)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version:  - )
Integrated Webcam Driver (1.03.02.0919)   (HKLM\...\Creative OA001) (Version:  - )
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java™ SE Development Kit 7 Update 3 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170030}) (Version: 1.7.0.30 - Oracle)
JavaFX 2.0.3 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-203648764D10}) (Version: 2.0.3 - Oracle Corporation)
JavaFX 2.0.3 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-203648764D10}) (Version: 2.0.3 - Oracle Corporation)
MATLAB R2011b (HKLM\...\Matlab R2011b) (Version: 7.13 - The MathWorks, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
MyFreeCodec (HKU\S-1-5-21-1718968445-368283017-3712501571-1003\...\MyFreeCodec) (Version:  - )
NVIDIA 3D Vision Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
NVIDIA nView 136.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.18 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Plantronics MyHeadset Updater (x64) (HKLM\...\{D85873EE-09C9-4E3D-BC2E-F8DCE2F79ADD}) (Version: 2.8.26503.0 - Plantronics, Inc.)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{710F7B0F-A679-4314-8E69-E868B660FAEA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
pstoedit and importps 3.61 (HKLM\...\pstoedit and importps_is1) (Version: 3.61 - H&W Glunz)
PyQt GPL v4.9.1 for Python v2.7 (x64) (HKLM\...\PyQt GPL v4.9.1 for Python v2.7 (x64)) (Version: 4.9.1-1 - )
Python 2.7 cx_Freeze-4.2.3 (HKLM\...\{1FF62F74-FFC5-484F-8236-70AF2A539533}) (Version: 4.2.3 - Anthony Tuininga)
Python 2.7 pygame-1.9.2pre (64-bit) (HKLM\...\pygame-py2.7) (Version:  - )
Python 2.7.3rc2 (64-bit) (HKLM\...\{B12311BE-6364-4b2a-A49A-551EEE10F3E5}) (Version: 2.7.3122 - Python Software Foundation)
Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB  (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14) (HKLM\...\ACBD450607B9A261AF1F694FAE00A92218E1F94B) (Version: 03/18/2011 2.08.14 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/18/2011 2.08.14) (HKLM\...\6DBBE862580281438868BCDD37A84E63A0FBB067) (Version: 03/18/2011 2.08.14 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3B093C44CA19A7D5324F4A3CEB666DD4EBB257D6) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\5AB23CC5A2E8D3A0AA129214C6F9CE8D7F4874B9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\3911\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1718968445-368283017-3712501571-1003_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {062369D3-1B3C-4489-A9DB-3AA7BDA74919} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-30] (Adobe Systems Incorporated)
Task: {091F3BEB-0684-4471-8633-4115A22C7606} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core => C:\Users\RevD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0CD511D6-1246-498D-99D9-E7F2D35D4A02} - System32\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003 => C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {17C8555D-928B-4B51-B410-E96CD1695B6D} - System32\Tasks\IBUpd => C:\Users\RevD\AppData\Local\TheBrowser\Application\updater.exe
Task: {1F7C1109-61CE-4F49-A492-FB8195F1396A} - System32\Tasks\{825FB58A-EA5C-436A-B7B8-87E0808A36C4} => pcalua.exe -a C:\Users\Dell\AppData\Local\Temp\Temp1_ttermp23.zip\setup.exe
Task: {306E508C-CD03-466A-A322-CB2B38CCD8B7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {4B933AF9-A943-4131-8768-835FCF8E1AD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5044233A-9DC2-48F6-9F20-3A58C8D1C0A5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002UA => C:\Users\Satyam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {599B2AD4-1655-41D9-882B-5FA0430D06F9} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {6EEB1879-267C-49B6-B30B-3FABA1D826FC} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {70743703-9C56-4BD8-A4D5-449CD67CDDB7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA => C:\Users\RevD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {75DBCE40-E5D8-431B-9061-6FCD45357571} - System32\Tasks\DTRLBIWFLJXYQTNS => C:\ProgramData\Service1291\Service1291.exe [2015-12-31] () <==== ATTENTION
Task: {774FB3D6-021F-422A-AD7B-2D0591CD13A9} - System32\Tasks\IBUpd2 => C:\Users\RevD\AppData\Local\BrowserAir\44.5.0.2\updater.exe
Task: {81BC2FDD-400F-408B-B446-7D0E1C9DEB93} - System32\Tasks\{7DF33913-4D1E-4348-8CAF-8F05D3DC5A84} => pcalua.exe -a C:\Users\Dell\Downloads\ttermp23\setup.exe -d C:\Users\Dell\Downloads\ttermp23
Task: {9139EA62-4992-4ABA-BEBD-CC6E84F1DE30} - System32\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003 => C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe [2015-12-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B0262D0E-5185-4723-A8BC-CA1AA40CABDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BC0A7E02-0075-4056-A033-2B828A133EF7} - System32\Tasks\Wohko => C:\PROGRA~1\GROOVE~1\Peihra.bat
Task: {C4CF7190-3590-4E0F-BD07-63EEC436D45F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\RevD\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {C93593C0-C611-4014-AB64-5E0DED655385} - System32\Tasks\CHMMFW1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {CC17E8F7-F2BA-47F7-83C7-5D0403F2E33E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {CE660810-5874-418B-8AE4-1E17E244F615} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA => C:\Users\RevD\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D31E00A1-1691-4AE4-B263-DC919CD0AB55} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core => C:\Users\RevD\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {D3ECF048-178D-4C3C-8E11-2A12C4E4BEED} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {DECD192D-1285-4766-A430-B803EAB7DD6C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002Core => C:\Users\Satyam\AppData\Local\Google\Update\GoogleUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job => C:\Users\RevD\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job => C:\Users\RevD\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003.job => C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\4190\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003.job => C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\4190\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002Core.job => C:\Users\Satyam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002UA.job => C:\Users\Satyam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job => C:\Users\RevD\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job => C:\Users\RevD\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-31 13:59 - 2015-12-31 12:43 - 00768344 _____ () C:\Windows\system32\Hattag64.dll
2010-07-19 17:48 - 2010-07-19 17:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-04-02 20:18 - 2012-10-04 18:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2013-10-07 08:54 - 2013-10-07 08:54 - 00218112 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2012-03-23 20:12 - 2012-02-29 18:02 - 00380736 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-07 08:49 - 2013-10-07 08:49 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2013-10-07 08:47 - 2013-10-07 08:47 - 00037888 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2013-10-07 08:44 - 2013-10-07 08:44 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2013-10-07 08:49 - 2013-10-07 08:49 - 00069632 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2013-10-07 08:49 - 2013-10-07 08:49 - 00628224 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-11.dll
2013-11-07 16:14 - 2013-11-07 16:14 - 00465824 _____ () C:\Program Files (x86)\NTI\NTI Backup Now EZ\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hattag => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1718968445-368283017-3712501571-1003\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2015-12-31 13:41 - 00000967 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^RevD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^RevD^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\Windows\pss\PdaNet Desktop.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BackupNowEZtray => "C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
MSCONFIG\startupreg: BoxSync => "C:\Program Files\Box\Box Sync\BoxSync.exe" -m
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Dropbox Update => "C:\Users\RevD\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\RevD\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_E301EBAE8650A67D29879FF226663852 => "C:\Users\RevD\AppData\Local\BrowserAir\Application\BrowserAir.exe" --no-startup-window
MSCONFIG\startupreg: GoToMeeting => "C:\Users\RevD\AppData\Local\Citrix\GoToMeeting\3911\g2mstart.exe" "/Trigger RunAtLogon"
MSCONFIG\startupreg: HP Officejet Pro 8610 (NET) => "C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe" -deviceID "CN46KC30D1:NW" -scfn "HP Officejet Pro 8610 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
MSCONFIG\startupreg: picon => "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PIconStartup.exe"
MSCONFIG\startupreg: Plantronics MyHeadset Updater => C:\Program Files\Plantronics\MyHeadsetUpdater\MyHeadsetUpdater.exe
MSCONFIG\startupreg: rUpdater agent => C:\Users\RevD\AppData\Roaming\rUpdater Software\rUpdater\rUpdater_agent.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SushiLeadsApplication => C:\Program Files (x86)\sushileads\SushiLeadsApplication.exe
MSCONFIG\startupreg: Virtual Account Numbers => C:\PROGRA~2\VIRTUA~1\CitiVAN.exe /lang=en_RG /dontopenmycards
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{2E5B9276-DF1A-408A-993C-F8FE5C2CF4D3}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{6EECD9EB-2107-49DA-AB1E-B554CF5B34E9}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{82A9BD17-4FD7-4C3B-9646-89CF3BF9A85C}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecompmgr.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecompmgr.exe
FirewallRules: [UDP Query User{E03DF421-AAFB-4DFB-B697-E07B55F32D10}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecompmgr.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecompmgr.exe
FirewallRules: [TCP Query User{ABE9ACCB-CA2E-42F8-9724-F09CFDE9E9A5}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\traceserver.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\traceserver.exe
FirewallRules: [UDP Query User{C5E87BBA-6203-424E-9C0A-9F520F7991AE}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\traceserver.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\traceserver.exe
FirewallRules: [TCP Query User{5F0354BC-9E98-4666-88F6-782854F0B7EF}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecntrl.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecntrl.exe
FirewallRules: [UDP Query User{96A10C98-EABD-4015-9269-9412AB87044F}C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecntrl.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\emulation\analysis\bin\tracecntrl.exe
FirewallRules: [TCP Query User{9DAB2746-F7E3-452B-BE5A-EEB5D3A2E080}C:\program files (x86)\texas instruments\ccsv4\eclipse\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\eclipse\jre\bin\javaw.exe
FirewallRules: [UDP Query User{C91F6DA0-DEC8-4BB8-9A6F-9F67A2793148}C:\program files (x86)\texas instruments\ccsv4\eclipse\jre\bin\javaw.exe] => (Allow) C:\program files (x86)\texas instruments\ccsv4\eclipse\jre\bin\javaw.exe
FirewallRules: [TCP Query User{0292D580-83B1-4C68-A4EC-047892B47E1D}C:\users\dell\desktop\sigma40\sigma40_100hz.exe] => (Allow) C:\users\dell\desktop\sigma40\sigma40_100hz.exe
FirewallRules: [UDP Query User{7653D8F2-D78E-4C02-8F5B-0E6DF1A1C05F}C:\users\dell\desktop\sigma40\sigma40_100hz.exe] => (Allow) C:\users\dell\desktop\sigma40\sigma40_100hz.exe
FirewallRules: [{59B7F905-7A6E-4EED-82D9-EC348915D5DC}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{CDEB3E3B-0808-4B73-98AF-A1C8345DE7FA}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{699E2A4F-27E4-40C3-86DF-149E9B984EA2}C:\ti\ccsv5\eclipse\ccstudio.exe] => (Allow) C:\ti\ccsv5\eclipse\ccstudio.exe
FirewallRules: [UDP Query User{39537246-E872-414B-8798-5C4D566F737E}C:\ti\ccsv5\eclipse\ccstudio.exe] => (Allow) C:\ti\ccsv5\eclipse\ccstudio.exe
FirewallRules: [TCP Query User{C33AB5E5-5A14-4E53-B2E3-E796C420B6D7}C:\ti\ccsv5\eclipse\eclipsec.exe] => (Block) C:\ti\ccsv5\eclipse\eclipsec.exe
FirewallRules: [UDP Query User{9C600102-4187-41FF-919C-EA87A6EDD758}C:\ti\ccsv5\eclipse\eclipsec.exe] => (Block) C:\ti\ccsv5\eclipse\eclipsec.exe
FirewallRules: [{0E7287A3-74DF-41E9-9C48-CF8DF5AE1F98}] => (Allow) LPort=22
FirewallRules: [TCP Query User{7EF628EB-51FC-4468-91E7-F33D919A0769}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{2D0AB6D4-AE08-4879-BC8F-070CB50BF03A}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [TCP Query User{5F27171E-FD66-477B-91E0-D99A43ACC3D5}C:\users\dell\documents\my box files\cpi - saes_aerlyper\software design (032)\sigma40\sdl_sigma40\sdl_sigma40\sigma40_100hz.exe] => (Block) C:\users\dell\documents\my box files\cpi - saes_aerlyper\software design (032)\sigma40\sdl_sigma40\sdl_sigma40\sigma40_100hz.exe
FirewallRules: [UDP Query User{CE58199C-3C3C-49BD-8F71-ADB52CB8D423}C:\users\dell\documents\my box files\cpi - saes_aerlyper\software design (032)\sigma40\sdl_sigma40\sdl_sigma40\sigma40_100hz.exe] => (Block) C:\users\dell\documents\my box files\cpi - saes_aerlyper\software design (032)\sigma40\sdl_sigma40\sdl_sigma40\sigma40_100hz.exe
FirewallRules: [{44BD5BAB-A24E-4B1C-9324-A684CBE2BA50}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{05A0B7D0-AE63-475B-AB98-BB9CC8EA58FF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{793CC15D-61BE-4815-B291-64385C8056E0}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{953754BE-4573-4BD3-8884-63E74F218671}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{7CBFCB46-8CEB-4CC5-8946-90AE45F95264}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{45F9EE05-89EB-4FF4-AF26-3D8BE14720D5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{5E91DA1D-4857-4087-906F-5B8D38D55D14}C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe
FirewallRules: [UDP Query User{E2BC7D93-F3B6-43F0-9D98-3A64F03717EA}C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe
FirewallRules: [TCP Query User{67271E0E-81AD-4E92-8914-623956BC924B}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [UDP Query User{C3FFC4DF-230F-459F-8BE5-B216C4EC7BA9}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [TCP Query User{9A73539D-983B-43FE-8221-4E02AD5443D2}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe] => (Block) C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe
FirewallRules: [UDP Query User{9FAE4177-9FA7-40B8-AD8C-51250A7545A9}C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe] => (Block) C:\program files\ansys inc\v140\framework\bin\win64\ansysfww.exe
FirewallRules: [TCP Query User{E7AA2FE7-75A4-4D73-87B4-12C5C7E1DEC5}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe] => (Block) C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe
FirewallRules: [UDP Query User{83AB926B-3F54-45E7-B817-27AC025D4C9E}C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe] => (Block) C:\program files\ansys inc\v140\aisol\bin\winx64\ansyswbu.exe
FirewallRules: [TCP Query User{17E1993E-BA4B-44D9-8229-AC324DEDE8B8}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [UDP Query User{C68809CC-5CB4-4BEB-A442-BE2EEE8E4452}C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe] => (Block) C:\program files\ansys inc\shared files\licensing\winx64\ansysli_client.exe
FirewallRules: [TCP Query User{0B7E4DD4-08EB-45BA-B9EA-1B99FC115BE7}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe] => (Block) C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe
FirewallRules: [UDP Query User{0F13CB79-295F-4BE8-A2D2-B2D9B563364B}C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe] => (Block) C:\program files\ansys inc\v140\rsm\bin\ans.rsm.jmhost.exe
FirewallRules: [TCP Query User{3617DB0C-E4B0-43BF-B5EF-55FBA5A6EDDF}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe
FirewallRules: [UDP Query User{F15B46A6-226C-46AF-A2CC-1522D0776974}C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\jre\winx64\bin\java.exe
FirewallRules: [TCP Query User{87CA06C9-3A01-42C6-A6A0-F3A1D3AD2E71}C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe
FirewallRules: [UDP Query User{9EA95495-5A9B-404E-BC31-1D3497DAA2A7}C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\tcl\bin\winx64\wish.exe
FirewallRules: [{535FE56B-E2BC-4B3B-8130-9CE1BBC49AC5}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{8D1A3E3B-6757-4557-8F70-E13B933CAC8A}] => (Allow) C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
FirewallRules: [TCP Query User{6BB65355-922D-4709-9383-56467F50ADF0}C:\program files\ansys inc\v140\commonfiles\cad\spatial\winx64\code\bin\readerhostcat5u.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\cad\spatial\winx64\code\bin\readerhostcat5u.exe
FirewallRules: [UDP Query User{E2E5ADC7-8A49-4BF9-A728-3C1463002122}C:\program files\ansys inc\v140\commonfiles\cad\spatial\winx64\code\bin\readerhostcat5u.exe] => (Block) C:\program files\ansys inc\v140\commonfiles\cad\spatial\winx64\code\bin\readerhostcat5u.exe
FirewallRules: [TCP Query User{812E24BC-8237-4F1C-8361-A78EC34755B2}C:\program files\ansys inc\v140\ansys\bin\winx64\ansys.exe] => (Block) C:\program files\ansys inc\v140\ansys\bin\winx64\ansys.exe
FirewallRules: [UDP Query User{78717A67-E099-43F3-BB5C-55414B453CF6}C:\program files\ansys inc\v140\ansys\bin\winx64\ansys.exe] => (Block) C:\program files\ansys inc\v140\ansys\bin\winx64\ansys.exe
FirewallRules: [TCP Query User{D07C5A4B-DB65-4426-A0EC-CC2628263191}C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postgui_ogl.exe] => (Block) C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postgui_ogl.exe
FirewallRules: [UDP Query User{3E907030-B790-448F-BC9F-43909AA32A1E}C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postgui_ogl.exe] => (Block) C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postgui_ogl.exe
FirewallRules: [TCP Query User{7572DB7E-3A1A-4CAE-833B-4CB5CCB182D0}C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postengine.exe] => (Block) C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postengine.exe
FirewallRules: [UDP Query User{CD34F026-D8B7-4CCB-B447-2F1E62C8C6F1}C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postengine.exe] => (Block) C:\program files\ansys inc\v140\cfd-post\bin\winnt-amd64\postengine.exe
FirewallRules: [{7AC0054A-5864-4AD1-BB2B-8B81E2A1E726}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{F2DB353D-3EE8-4FEF-A27F-3B5C146C4E4D}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [TCP Query User{4223D836-1AD7-486A-9898-0F42636E0DF3}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{AD61E682-21A2-4BAC-A924-69AA284457E8}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [TCP Query User{9E75B547-4B96-45DF-8437-8DE251B661A3}C:\program files (x86)\cbd_chat\fwudp.exe] => (Allow) C:\program files (x86)\cbd_chat\fwudp.exe
FirewallRules: [UDP Query User{54A5049C-7541-475D-A1F5-B36457CC0353}C:\program files (x86)\cbd_chat\fwudp.exe] => (Allow) C:\program files (x86)\cbd_chat\fwudp.exe
FirewallRules: [{28E1D327-0065-4EAA-88B1-E44A6DBC6FBB}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{E27BB243-7A3E-4829-BF02-91D0338252A8}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{77ECD16C-33EA-4CC3-BE81-38D0330F41F8}] => (Allow) C:\Users\RevD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{E2BF98FC-E3C2-473C-9533-BB09A8CAD43E}] => (Allow) C:\Users\RevD\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{F7752AF3-0B32-454E-91FC-BE495DEEE8DF}C:\users\RevD\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\RevD\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{90204938-2F3E-43E9-8F00-4AFE3C81182E}C:\users\RevD\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\RevD\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{89DFAA30-E958-4D25-987B-5167867226D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{617C84B6-38C4-461A-9C41-1DD4416B9CDD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4490F20E-E325-48A5-AE09-5D351A9BA6E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6218AE5F-491E-4918-BCB2-AB3AD12B020E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C1E4682-85A3-4401-92EB-EA87C74E24A3}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{67239630-DB73-4CE6-9B71-C38C6DE52D68}] => (Allow) LPort=2869
FirewallRules: [{ECF1B07A-2EA6-498C-9C42-E7B15BC2A1C9}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{43838405-AE7B-40EE-A877-0E78462EA448}C:\program files (x86)\supersync\supersync.exe] => (Allow) C:\program files (x86)\supersync\supersync.exe
FirewallRules: [UDP Query User{6C9E39A8-082D-4A80-B99B-B33814E6D0E1}C:\program files (x86)\supersync\supersync.exe] => (Allow) C:\program files (x86)\supersync\supersync.exe
FirewallRules: [{7C4EF12F-ED95-4269-A69C-63B0A8DB55E4}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{97074C3D-F3BC-4F5C-A939-1C0AF45A01A1}C:\program files (x86)\supersync\supersync.exe] => (Block) C:\program files (x86)\supersync\supersync.exe
FirewallRules: [UDP Query User{48D444B0-4217-4397-8246-F8A4C2095458}C:\program files (x86)\supersync\supersync.exe] => (Block) C:\program files (x86)\supersync\supersync.exe
FirewallRules: [{91FBE467-B49D-42D7-A619-821CE576D93D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{4EA1CFD0-3A9D-4F87-BC10-C1A43D693257}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{1A93B373-C7EF-4ACF-9BD1-94BE49018F12}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{7585CB82-CCC5-4FA7-9399-D9E62E248CFD}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{81A2E44E-E063-4895-9362-68DCF0A2AD35}] => (Allow) LPort=5357
FirewallRules: [{073481B3-410C-4232-B437-4AE0A16EF53D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{516F3547-CAB6-4748-B668-31C49B4E5D69}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{17C313FA-14A7-4E27-A5F7-472E2882B6C7}] => (Allow) C:\Users\RevD\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{BAC9ECD7-81B1-49EE-821D-D0F5B7F5AC50}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩潨瑳獵履楷桮獯畴敳攮數
FirewallRules: [{7C42234A-8CBE-4ACD-B0C4-0E009C74ED4A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩潨瑳獵履楷桮獯畴敳⹟硥e
FirewallRules: [{8545B647-5B3E-4C92-A205-66EC35558EDB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6AF0BB42-7AD5-4B7B-AFBF-D5F5DBD7833F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{3BC1B51D-7E13-4FF4-950C-85DC6843C3DD}] => (Allow) C:\Users\RevD\AppData\Local\TheBrowser\Application\TheBrowser.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom USH
Description: Broadcom USH
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/31/2015 04:17:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (12/31/2015 04:17:28 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (12/31/2015 03:50:02 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
 
Server stack trace: 
   at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at IconOverlayClient.BoxIconOverlay.CreateClient()
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
 
Error: (12/31/2015 03:50:02 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: SyncedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\RevD\Box Sync\_Marketing\Web\March 2011\Search term report.csv'.
 
Error: (12/31/2015 03:50:02 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
 
Server stack trace: 
   at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at IconOverlayClient.BoxIconOverlay.CreateClient()
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
 
Error: (12/31/2015 03:50:02 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: NotSyncedIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\RevD\Box Sync\_Marketing\Web\March 2011\Search term report.csv'.
 
Error: (12/31/2015 03:50:01 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
 
Server stack trace: 
   at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at IconOverlayClient.BoxIconOverlay.CreateClient()
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
 
Error: (12/31/2015 03:50:01 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: ProblemIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\RevD\Box Sync\_Client Accounts\Kymeta\Close Out\Letter regarding conical scanning algorithm.docx'.
 
Error: (12/31/2015 03:50:01 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: System.ServiceModel.CommunicationObjectFaultedException: The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state.
 
Server stack trace: 
   at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
 
Exception rethrown at [0]: 
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
   at IconOverlayClient.BoxIconOverlay.CreateClient()
   at IconOverlayClient.BoxIconOverlay.CanShowOverlay(String path, FILE_ATTRIBUTE attributes)
   at SharpShell.SharpIconOverlayHandler.SharpIconOverlayHandler.SharpShell.Interop.IShellIconOverlayIdentifier.IsMemberOf(String pwszPath, FILE_ATTRIBUTE dwAttrib)
 
Error: (12/31/2015 03:50:01 PM) (Source: SharpShell) (EventID: 0) (User: )
Description: LockedByOtherIconOverlay: IsMemberOf: An exception occured when determining whether to show the overlay for 'C:\Users\RevD\Box Sync\_Client Accounts\Kymeta\Close Out\Letter regarding conical scanning algorithm.docx'.
 
 
System errors:
=============
Error: (12/31/2015 04:39:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:39:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:39:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:39:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:39:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:39:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:38:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:38:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
Error: (12/31/2015 04:38:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Hattag service failed to start due to the following error: 
%%2
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Extreme CPU Q9300 @ 2.53GHz
Percentage of memory in use: 27%
Total physical RAM: 8179.93 MB
Available physical RAM: 5961.97 MB
Total Virtual: 11873.49 MB
Available Virtual: 9902.73 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:6 GB) NTFS
Drive f: (Toshiba Red) (Fixed) (Total:931.41 GB) (Free:39.13 GB) NTFS
Drive g: (XYZ_SHARE) (Removable) (Total:7.45 GB) (Free:7.13 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 847A5CE0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 60A2CBB2)
Partition 1: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 


BC AdBot (Login to Remove)

 


#2 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 31 December 2015 - 06:09 PM

I should add that when I right-click on the Teredo Tunneling Pseudo-Interface device in Device Manager, I get "This device cannot start (Code 10)"



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 31 December 2015 - 09:24 PM

Hi RevD :)

My name is Aura and I'll be assisting you with your issue. Please give me a few hours to review your logs and come up with a reply. In the meantime, can I ask you how you're getting the logs? Do you use a USB Flash Drive to transfer FRST from one computer to another, run it, get the logs and transfer them back to another computer using the USB, or are you proceeding another way?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 31 December 2015 - 11:39 PM

Hello Aura -- thank you for your assistance. I got the logs exactly as you described. I downloaded the FRST files directly to a USB memory stick, moved the stick to the sick computer, ran the logs, with log files written directly to the USB stick, then back to the functioning computer for upload.

 

RevD



#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 01 January 2016 - 12:52 PM

Hi RevD :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • Finally, in the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Alright, so we'll be proceeding using the USB Flash Drive until we can restore your Internet connection. Hopefully, it should only take one FRST fix :)

There's a few samples I would like you to collect so you can upload it once we restore your Internet connection if you don't mind :) Follow the instructions below please.

SsjLsHQ.pngZOEK - Fix Time
Follow the instructions below to perform a fix with ZOEK and post the log.
  • Download zoek.exe and move the executable on the infected computer's Desktop;
  • Create a new text file (.txt), name it zoekscript.txt, open it and copy/paste the following in it:
    C:\Windows\SysWOW64\Hattag.dll;p
    C:\Windows\system32\Hattag64.dll;p
    
  • Once done, save the file and move it on the infected computer's Desktop as well;
  • Drag and drop the zoekscript.txt file on the top zoek.exe;
    51dd31d8563a6-output_TD9fmK.gif
  • For Windows Vista, 7, 8, 8.1 and 10 users, if you get a UAC prompt, accept it;
  • Answer Yes to the window below and ZOEK will run the fix automatically;
    zoek-script-warning.jpg
  • On completion, Notepad will open the zoek-results.log file (this file can be found directly at the root of the C: drive as well). If the computer needs to restart after the fix, Notepad will open after it;
  • Copy and paste the content of zoek-results.log in your next reply;
  • Keep the zipped file it'll create as I'll ask you to do something with it later on;
It's really important that you follow the instructions for ZOEK before following the next set, because we're going to delete the files we just collected, so we won't be able to collect them after.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Download the attached fixlist.txt file, and move it on the infected computer, on your Desktop (or in the same folder as FRST.exe/FRST64.exe);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste that log in your next reply;
After the FRST fix and a restart, let me know if you're able to get online. In your next reply, I should see:
  • Copy/pasted content of the ZOEK fix log;
  • Copy/pasted content of the FRST fix log;
  • If your computer can connect to the Internet after running FRST and restarting it;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 01 January 2016 - 02:07 PM

Hi Yoan -- I have followed your instructions and had no problems. The two files are posted below. My computer is connected to the wireless router but does not have internet connectivity (no IPv4 or IPv6 connectivity). I am still getting the Code 10 from the Teredo Tunneling device.

 

Here is the Zoek-results file:

-----------------------------------

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by RevD on Fri 01/01/2016 at 12:33:37.62.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\RevD\Desktop\zoek.exe
Script used: C:\Users\RevD\Desktop\zoekscript.txt
 
==== System Restore Info ======================
 
1/1/2016 12:34:04 PM Zoek.exe System Restore Point Created Successfully.
 
==== Creating Sample_20160101_1234.zip ======================
 
Copied file C:\Windows\SysWOW64\Hattag.dll to sample\Hattag.dll
Copied file C:\windows\SysNative\Hattag64.dll to sample\Hattag64.dll
sample\Hattag.dll renamed to A014A5B4D01C03227A7F490D70C82981
sample\Hattag64.dll renamed to BF922CE203CC394BAADF3F145207C5B1
 
C:\Users\Public\Desktop\sample_20160101_1234.zip created successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Fri 01/01/2016 at 12:34:25.63 ======================
 
 
And here is the FRST fixlog:
-----------------------------------
 
Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by RevD (2016-01-01 12:54:13) Run:1
Running from C:\Users\RevD\Desktop
Loaded Profiles: RevD (Available Profiles: RevG & RevD)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_014010192] => [X]
HKLM-x32\...\Run: [ospd_us_037010192] => [X]
 
ProxyEnable: [S-1-5-21-1718968445-368283017-3712501571-1003] => Proxy is enabled.
ProxyServer: [S-1-5-21-1718968445-368283017-3712501571-1003] => http=127.0.0.1:8800
cmd: netsh winsock reset
 
Tcpip\..\Interfaces\{15C63527-7129-4CBA-82FF-170AE8EC9D7D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{2FA52DB9-C638-470F-91E2-8256A74C87A2}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{642D8A2C-D719-430D-9194-1475900FF68E}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DE32D5B8-0866-48B0-87B5-6937CDA503E6}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{DEBAB86A-E913-417D-B851-CFDB6A3D296D}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F4F2F381-C57A-459A-8AB9-8FCEE2E2D3FD}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{F846DA16-E2A6-448B-B7AE-E9EA53695D8E}: [NameServer] 104.197.191.4
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
 
FF HKLM\...\Firefox\Extensions: [{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}] - C:\Program Files\groover311220152041\Firefox\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}] - C:\Program Files\groover311220152041\Firefox\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97}.xpi => not found
 
CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D1%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate
CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_rsprck_15_37&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByCtAyB0B0DtAzyyEtByD0F0C0FtN0D0Tzu0StCtAyEyBtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2S0CtB0CyEtBtB0AtBtG0EtByD0AtGyEtB0CtBtG0ByByEtBtG0E0A0EtBzy0Dzy0AyB0CtC0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyDyCtC0EyCtC0BtGtB0F0C0AtGyEzytCtDtG0AyE0AzztGtDtA0F0EtDyE0D0C0DyD0F0F2QtN0A0LzutBtN1B2Z1V1T1S1NzuzyyEyE%26cr%3D2141267711%26a%3Dwncy_rsprck_15_37%26os%3DWindows%2B7%2BUltimate","hxxps://www.google.com/webhp?source=search_app"
 
CHR Extension: (AmazingTab) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfhabmbbhdcdpnoilchepfojmdeannd [2015-12-31]
 
S3 Hattag; C:\Program Files\groover311220152041\Hattag.exe [X]
S2 nosupoqezbt; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\knsjD9FB.tmpfs [X]
S2 wucotusy; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\hnse9BA.tmp [X]
S2 zutuzuni; C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B\jnstF251.tmp [X]
S2 SushiLeadsUpdaterService; C:\Program Files (x86)\sushileads\NpUpdaterService.exe [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-31] (Cherimoya Ltd)
 
C:\Windows\SysWOW64\Hattag.dll
C:\Windows\system32\Hattag64.dll
C:\Windows\System32\drivers\cherimoya.sys
C:\Program Files\groover311220152041
C:\Program Files (x86)\sushileads
C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B
C:\Program Files (x86)\Itibiti Soft Phone
C:\Users\RevD\AppData\Local\TheBrowser
C:\Users\RevD\AppData\Local\BrowserAir
 
2015-12-31 13:59 - 2015-12-31 13:59 - 00004768 _____ C:\Windows\SysWOW64\Hattag.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00002488 _____ C:\Windows\SysWOW64\HattagOff.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00002488 _____ C:\Windows\system32\HattagOff.ini
2015-12-31 13:59 - 2015-12-31 13:59 - 00000000 ____D C:\Windows\system32\syk
2015-12-31 13:59 - 2015-12-31 13:59 - 00000000 ____D C:\Users\RevD\AppData\Roaming\VecegCodso
2015-12-31 13:58 - 2015-12-31 13:58 - 00003440 _____ C:\Windows\System32\Tasks\IBUpd
2015-12-31 13:58 - 2015-12-31 13:58 - 00003338 _____ C:\Windows\System32\Tasks\Wohko
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\Company
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
2015-12-31 13:58 - 2015-12-31 13:58 - 00000000 ____D C:\uninst
2015-12-31 13:54 - 2015-12-31 15:36 - 00000342 ____H C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job
2015-12-31 13:54 - 2015-12-31 13:54 - 00004032 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-12-31 13:54 - 2015-12-31 13:54 - 00003376 _____ C:\Windows\System32\Tasks\DTRLBIWFLJXYQTNS
2015-12-31 13:54 - 2015-12-31 13:54 - 00002852 _____ C:\Windows\System32\Tasks\CHMMFW1
2015-12-31 13:54 - 2015-12-31 13:54 - 00000000 ____D C:\ProgramData\Service1291
2015-12-31 13:54 - 2015-12-31 13:54 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2015-12-31 13:51 - 2015-12-31 13:51 - 00001664 _____ C:\ProgramData\tempimage.bmp
2015-12-31 13:48 - 2015-12-31 13:48 - 00002255 _____ C:\Users\RevD\Desktop\Google Chrome.lnk
2015-12-31 13:44 - 2015-12-31 13:44 - 00003510 _____ C:\Windows\System32\Tasks\SushiLeads
2015-12-31 13:44 - 2015-12-31 13:41 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-31 13:43 - 2015-12-31 13:43 - 00001819 _____ C:\Users\RevG\Desktop\Note-Up.lnk
2015-12-31 13:40 - 2015-12-31 13:40 - 00003248 _____ C:\Windows\System32\Tasks\IBUpd2
2015-12-31 13:40 - 2015-12-31 13:40 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2015-12-31 13:38 - 2015-12-31 13:38 - 00000000 ___HD C:\Program Files\AmazingTab
2015-12-31 13:38 - 2015-12-28 18:06 - 00023712 _____ (Corporation) C:\Windows\system32\Drivers\sdfhgdf.sys
2014-02-27 19:52 - 2014-11-19 22:50 - 0000004 _____ () C:\Users\RevD\AppData\Roaming\F5F651
2014-02-27 19:52 - 2014-11-19 22:50 - 0870128 _____ () C:\Users\RevD\AppData\Roaming\mcs.rma
 
Task: {17C8555D-928B-4B51-B410-E96CD1695B6D} - System32\Tasks\IBUpd => C:\Users\RevD\AppData\Local\TheBrowser\Application\updater.exe
Task: {774FB3D6-021F-422A-AD7B-2D0591CD13A9} - System32\Tasks\IBUpd2 => C:\Users\RevD\AppData\Local\BrowserAir\44.5.0.2\updater.exe
Task: {599B2AD4-1655-41D9-882B-5FA0430D06F9} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {75DBCE40-E5D8-431B-9061-6FCD45357571} - System32\Tasks\DTRLBIWFLJXYQTNS => C:\ProgramData\Service1291\Service1291.exe [2015-12-31] () <==== ATTENTION
Task: C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {BC0A7E02-0075-4056-A033-2B828A133EF7} - System32\Tasks\Wohko => C:\PROGRA~1\GROOVE~1\Peihra.bat
Task: {C4CF7190-3590-4E0F-BD07-63EEC436D45F} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\RevD\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {C93593C0-C611-4014-AB64-5E0DED655385} - System32\Tasks\CHMMFW1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hattag => ""="service"
 
FirewallRules: [{17C313FA-14A7-4E27-A5F7-472E2882B6C7}] => (Allow) C:\Users\RevD\AppData\Local\BrowserAir\Application\BrowserAir.exe
FirewallRules: [{BAC9ECD7-81B1-49EE-821D-D0F5B7F5AC50}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩潨瑳獵履楷桮獯畴敳攮數
FirewallRules: [{7C42234A-8CBE-4ACD-B0C4-0E009C74ED4A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩潨瑳獵履楷桮獯畴敳⹟硥e
FirewallRules: [{3BC1B51D-7E13-4FF4-950C-85DC6843C3DD}] => (Allow) C:\Users\RevD\AppData\Local\TheBrowser\Application\TheBrowser.exe
FirewallRules: [{8545B647-5B3E-4C92-A205-66EC35558EDB}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{6AF0BB42-7AD5-4B7B-AFBF-D5F5DBD7833F}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_E301EBAE8650A67D29879FF226663852"
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SushiLeadsApplication"
REG: REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe"
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_014010192 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_037010192 => value removed successfully
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15C63527-7129-4CBA-82FF-170AE8EC9D7D}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2FA52DB9-C638-470F-91E2-8256A74C87A2}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{642D8A2C-D719-430D-9194-1475900FF68E}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE32D5B8-0866-48B0-87B5-6937CDA503E6}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DEBAB86A-E913-417D-B851-CFDB6A3D296D}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F4F2F381-C57A-459A-8AB9-8FCEE2E2D3FD}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F846DA16-E2A6-448B-B7AE-E9EA53695D8E}\\NameServer => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKLM\Software\Mozilla\Firefox\Extensions\\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97} => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5C8EFD10-63D3-407B-85F6-E981AF3E1C97} => value removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfhabmbbhdcdpnoilchepfojmdeannd => moved successfully
Hattag => service removed successfully
nosupoqezbt => service removed successfully
wucotusy => service removed successfully
zutuzuni => service removed successfully
SushiLeadsUpdaterService => service removed successfully
cherimoya => Unable to stop service.
cherimoya => service removed successfully
C:\Windows\SysWOW64\Hattag.dll => moved successfully
C:\Windows\system32\Hattag64.dll => moved successfully
C:\Windows\System32\drivers\cherimoya.sys => moved successfully
"C:\Program Files\groover311220152041" => not found.
"C:\Program Files (x86)\sushileads" => not found.
"C:\Program Files (x86)\4C4C4544-1451591004-5410-8043-B4C04F43484B" => not found.
"C:\Program Files (x86)\Itibiti Soft Phone" => not found.
"C:\Users\RevD\AppData\Local\TheBrowser" => not found.
"C:\Users\RevD\AppData\Local\BrowserAir" => not found.
C:\Windows\SysWOW64\Hattag.ini => moved successfully
C:\Windows\SysWOW64\HattagOff.ini => moved successfully
C:\Windows\system32\HattagOff.ini => moved successfully
C:\Windows\system32\syk => moved successfully
C:\Users\RevD\AppData\Roaming\VecegCodso => moved successfully
C:\Windows\System32\Tasks\IBUpd => moved successfully
C:\Windows\System32\Tasks\Wohko => moved successfully
C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TheBrowser => moved successfully
C:\Users\RevD\AppData\LocalLow\Company => moved successfully
C:\Users\RevD\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} => moved successfully
C:\uninst => moved successfully
C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job => moved successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully
C:\Windows\System32\Tasks\DTRLBIWFLJXYQTNS => moved successfully
C:\Windows\System32\Tasks\CHMMFW1 => moved successfully
C:\ProgramData\Service1291 => moved successfully
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully
C:\ProgramData\tempimage.bmp => moved successfully
C:\Users\RevD\Desktop\Google Chrome.lnk => moved successfully
C:\Windows\System32\Tasks\SushiLeads => moved successfully
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully
C:\Users\RevG\Desktop\Note-Up.lnk => moved successfully
C:\Windows\System32\Tasks\IBUpd2 => moved successfully
C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir => moved successfully
C:\Program Files\AmazingTab => moved successfully
C:\Windows\system32\Drivers\sdfhgdf.sys => moved successfully
C:\Users\RevD\AppData\Roaming\F5F651 => moved successfully
C:\Users\RevD\AppData\Roaming\mcs.rma => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17C8555D-928B-4B51-B410-E96CD1695B6D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17C8555D-928B-4B51-B410-E96CD1695B6D}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{774FB3D6-021F-422A-AD7B-2D0591CD13A9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{774FB3D6-021F-422A-AD7B-2D0591CD13A9}" => key removed successfully
C:\Windows\System32\Tasks\IBUpd2 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599B2AD4-1655-41D9-882B-5FA0430D06F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599B2AD4-1655-41D9-882B-5FA0430D06F9}" => key removed successfully
C:\Windows\System32\Tasks\SushiLeads => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{75DBCE40-E5D8-431B-9061-6FCD45357571}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75DBCE40-E5D8-431B-9061-6FCD45357571}" => key removed successfully
C:\Windows\System32\Tasks\DTRLBIWFLJXYQTNS => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTRLBIWFLJXYQTNS" => key removed successfully
C:\Windows\Tasks\DTRLBIWFLJXYQTNS.job => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC0A7E02-0075-4056-A033-2B828A133EF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC0A7E02-0075-4056-A033-2B828A133EF7}" => key removed successfully
C:\Windows\System32\Tasks\Wohko => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wohko" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4CF7190-3590-4E0F-BD07-63EEC436D45F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4CF7190-3590-4E0F-BD07-63EEC436D45F}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C93593C0-C611-4014-AB64-5E0DED655385}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C93593C0-C611-4014-AB64-5E0DED655385}" => key removed successfully
C:\Windows\System32\Tasks\CHMMFW1 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CHMMFW1" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Hattag" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17C313FA-14A7-4E27-A5F7-472E2882B6C7} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BAC9ECD7-81B1-49EE-821D-D0F5B7F5AC50} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C42234A-8CBE-4ACD-B0C4-0E009C74ED4A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3BC1B51D-7E13-4FF4-950C-85DC6843C3DD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8545B647-5B3E-4C92-A205-66EC35558EDB} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6AF0BB42-7AD5-4B7B-AFBF-D5F5DBD7833F} => value removed successfully
 
========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_E301EBAE8650A67D29879FF226663852" =========
 
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_E301EBAE8650A67D29879FF226663852 (Yes/No)? The operation completed successfully.
 
========= End of Reg: =========
 
 
========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SushiLeadsApplication" =========
 
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SushiLeadsApplication (Yes/No)? The operation completed successfully.
 
========= End of Reg: =========
 
 
========= REG DELETE "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe" =========
 
Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe (Yes/No)? The operation completed successfully.
 
========= End of Reg: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 12:54:20 ====


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 01 January 2016 - 02:42 PM

I am still getting the Code 10 from the Teredo Tunneling device.


This adapter is only used for translations of IPv4 and IPv6 packets. Uninstalling it, disabling it, etc. doesn't cut your access to the Internet. The problem lies elsewhere, most likely in a Proxy that keeps on being added back to your system, preventing it from getting online.

At the beginning of this thread, you said that you lost access to the Internet while removing a Sushi Leads infection, is that right? How did you go about it? What tool/program did you run or what steps did you take to remove it? Do you have any logs that were produced, which you could copy/paste here for me to verify?

Also, I would like you to run a new FRST scan, so we can see if anything reappeared after the fix (like the Proxy) and/or items we marked for deletion earlier are still present on the system.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.
  • Right-click on the executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • Check the Addition.txt option;
  • Click on the Scan button;
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files;
  • Copy and paste the content of FRST.txt in your next reply, and attach Addition.txt to it;
In your next reply, I should see:
  • Explanation on how you tried to remove the Sushi Leads infection, and copy/pasted logs of tools/programs you ran if you have any;
  • Copy/pasted content of the FRST.txt log;
  • Copy/pasted content of the Addition.txt log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 01 January 2016 - 03:19 PM

Hi Yoan -- I was slow recognize that I had a big problem, so my recollection here of the sequence of events may not be perfect. When it was clear that I had a program that I hadn't asked for I went into Add/Remove Programs in the Control Panel and removed Sushi Leads. It came back quickly, so I went back in there and removed it and several other programs that had been added that day. About the time I realized that wasn't working either is when the internet connection stopped. Somewhere in this process I booted to Safe Mode and ran an executable from the command prompt that allowed me to stop all programs in the startup folder from running. This involved simply checking one "stop all" box or unchecking each program one by one as listed in the table that was displayed (not sure which I did but result is the same I believe). That at least allowed me to boot normally without anything running (or so it seems). 

 

Here is FRST log. The Addition log is attached. 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by RevD (administrator) on DELL-PC (01-01-2016 13:55:17)
Running from C:\Users\RevD\Desktop
Loaded Profiles: RevD (Available Profiles: RevG & RevD)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(NTI Corporation) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_monitor.exe
(Flexera Software, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\lmgrd.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(ANSYS, Inc.) C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansyslmd.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
ShellIconOverlayIdentifiers: [    BoxSyncFileLocked] -> {2a607da5-abe8-358e-a881-c0f5faf2d3a5} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncFileLockedByOther] -> {f7d2951f-0b6b-346c-99ec-69cffc30a364} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncNotSynced] -> {5ea95e3d-3e46-3812-b03c-49785fa67d41} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncProblem] -> {a88b7184-bfa1-3d14-8efb-2225df9699bc} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [    BoxSyncSynced] -> {c89f9943-8f58-3eca-bd55-a658f53b2f48} => C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\RevD\AppData\Roaming\Dropbox\bin\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014-07-08] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{15C63527-7129-4CBA-82FF-170AE8EC9D7D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{DE32D5B8-0866-48B0-87B5-6937CDA503E6}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{F4F2F381-C57A-459A-8AB9-8FCEE2E2D3FD}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKU\S-1-5-21-1718968445-368283017-3712501571-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files (x86)\Virtual Account Numbers\CitiVANHelper.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
Toolbar: HKLM-x32 - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files (x86)\Virtual Account Numbers\CitiVANToolbar.dll [2015-07-14] (Orbiscom Ltd. All rights reserved.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://webexhelp.webex.com/client/WBXclient-T29L10NSP13EP10-10170/webex/ieatgpc1.cab
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll [2013-03-26] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2012-02-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @citrixonline.com/appdetectorplugin -> C:\Users\RevD\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-08-30] (Citrix Online)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @talk.google.com/GoogleTalkPlugin -> C:\Users\RevD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @talk.google.com/O1DPlugin -> C:\Users\RevD\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @tools.google.com/Google Update;version=3 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-1718968445-368283017-3712501571-1003: @tools.google.com/Google Update;version=9 -> C:\Users\RevD\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-05-28] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\RevD\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files (x86)\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files (x86)\Virtual Account Numbers [2015-11-19] [not signed]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java™ Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Webmail Ad Blocker) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhfdchmklhpcngcgjmpdbjakdggkkjp [2015-08-21]
CHR Extension: (Adblock Plus) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-24]
CHR Extension: (Google Search) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Motive Extension) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2013-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Cisco WebEx Extension) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-05-28]
CHR Extension: (Project Viewer 365-Free) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmpghmkgkalhonankenfklpmdgnilapp [2015-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\RevD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [edfhabmbbhdcdpnoilchepfojmdeannd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2013-04-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [4954112 2011-10-17] (ANSYS, Inc.) [File not signed]
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent) [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [32144 2015-12-01] (Box, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [218112 2013-10-07] () [File not signed]
R2 ImDskSvc; C:\Windows\system32\imdsksvc.exe [11776 2012-11-01] (Olof Lagerkvist) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [178712 2010-08-05] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NTI BackupNowEZSvr; C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [46072 2013-11-07] (NTI Corporation)
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2012-11-01] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2012-11-26] (SolidWorks) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2062872 2010-08-05] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AWEAlloc; C:\Windows\System32\DRIVERS\awealloc.sys [18456 2012-11-01] (Olof Lagerkvist)
R2 bh560eth; C:\Windows\System32\Drivers\bh560eth.sys [105072 2010-11-17] (Blackhawk)
S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2011-11-04] (www.winchiphead.com)
S3 CSRBC; C:\Windows\System32\Drivers\csrbcx64.sys [38400 2013-04-04] (CSR plc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R2 ImDisk; C:\Windows\System32\DRIVERS\imdisk.sys [39464 2012-11-02] (Olof Lagerkvist)
S2 MCSTRM; no ImagePath
S3 mos24ser_QUADPORT; C:\Windows\System32\DRIVERS\mos24ser_QUADPORT.sys [268160 2009-10-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 sdusb2em; C:\Windows\System32\Drivers\sdusb2em.sys [55296 2011-05-02] (Spectrum Digital Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2010-08-31] (Jungo)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-01 13:55 - 2016-01-01 13:55 - 00020244 _____ C:\Users\RevD\Desktop\FRST.txt
2016-01-01 12:54 - 2016-01-01 12:54 - 00022811 _____ C:\Users\RevD\Desktop\Fixlog.txt
2016-01-01 12:53 - 2015-12-31 16:45 - 02370560 _____ (Farbar) C:\Users\RevD\Desktop\FRST64.exe
2016-01-01 12:34 - 2016-01-01 12:34 - 00460410 _____ C:\Users\Public\Desktop\sample_20160101_1234.zip
2016-01-01 12:28 - 2016-01-01 12:28 - 00000000 ____D C:\zoek_backup
2016-01-01 12:27 - 2016-01-01 12:24 - 01309184 _____ C:\Users\RevD\Desktop\zoek.exe
2015-12-31 16:38 - 2016-01-01 13:55 - 00000000 ____D C:\FRST
2015-12-31 15:35 - 2016-01-01 12:56 - 00000022 _____ C:\Windows\S.dirmngr
2015-12-31 14:37 - 2015-12-31 14:37 - 00000000 ____D C:\Users\RevD\AppData\Local\CEF
2015-12-31 14:27 - 2015-12-31 14:41 - 00000000 ____D C:\Windows\pss
2015-12-31 14:14 - 2015-12-31 15:28 - 01835070 _____ C:\Windows\ntbtlog.txt
2015-12-31 13:51 - 2015-12-31 13:52 - 00000000 ____D C:\ProgramData\sushileads
2015-12-29 15:41 - 2015-12-29 15:41 - 00043346 _____ C:\Users\RevD\Desktop\download.pdf
2015-12-21 21:07 - 2015-12-21 21:07 - 00019573 _____ C:\Users\RevD\UTA Donation 2015 eReceipt_Online10232.pdf
2015-12-18 12:38 - 2015-10-08 17:22 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-18 12:38 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-18 12:38 - 2015-10-08 17:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-18 12:38 - 2015-10-08 17:17 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2015-12-18 12:38 - 2015-10-08 13:13 - 00419928 _____ C:\Windows\SysWOW64\locale.nls
2015-12-18 12:38 - 2015-10-08 12:52 - 00419928 _____ C:\Windows\system32\locale.nls
2015-12-18 12:27 - 2015-12-18 12:27 - 00000000 ____D C:\d85badedd717da828a
2015-12-17 18:26 - 2015-12-17 18:26 - 06953984 _____ C:\Users\RevD\Documents\TALON SRR Final.pptx
2015-12-17 16:09 - 2015-12-17 16:09 - 02614522 _____ C:\Users\RevD\Desktop\Three-Phase Motor Control Theory.pdf
2015-12-15 22:39 - 2015-12-16 12:49 - 00000000 ____D C:\Users\RevD\Desktop\SKU
2015-12-14 18:56 - 2015-12-18 23:01 - 00000000 ____D C:\Windows\rescache
2015-12-14 16:16 - 2015-12-14 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Sun
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\AppData\LocalLow\Oracle
2015-12-14 16:13 - 2015-12-14 16:13 - 00000000 ____D C:\Users\RevD\.oracle_jre_usage
2015-12-14 16:13 - 2015-01-23 17:49 - 00111016 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2015-12-14 13:58 - 2015-12-14 13:58 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 11:18 - 2015-11-20 12:54 - 03170304 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00709632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-11 11:18 - 2015-11-20 12:54 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-11 11:18 - 2015-11-20 12:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-11 11:18 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-11 11:18 - 2015-11-20 12:34 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-12-11 11:18 - 2015-11-20 12:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-11 11:18 - 2015-11-10 12:55 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-11 11:18 - 2015-11-10 12:55 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-11 11:18 - 2015-11-10 12:55 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-11 11:18 - 2015-11-10 12:39 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-11 11:18 - 2015-11-10 12:37 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-11 11:18 - 2015-11-10 11:47 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-11 11:18 - 2015-11-05 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-12-11 11:18 - 2015-11-05 13:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-12-11 11:18 - 2015-11-03 13:04 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-12-11 11:18 - 2015-11-03 12:56 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-12-11 11:17 - 2015-11-11 15:12 - 00387792 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-11 11:17 - 2015-11-11 14:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-11 11:17 - 2015-11-11 12:53 - 01735680 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-11 11:17 - 2015-11-11 12:53 - 00525312 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-11 11:17 - 2015-11-11 12:39 - 01242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-11 11:17 - 2015-11-11 12:39 - 00487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-11 11:17 - 2015-11-11 10:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-11 11:17 - 2015-11-11 10:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-11 11:17 - 2015-11-11 09:44 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-12-11 11:17 - 2015-11-11 09:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-11 11:17 - 2015-11-11 09:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-11 11:17 - 2015-11-11 09:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-11 11:17 - 2015-11-11 08:57 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-12-11 11:17 - 2015-11-09 18:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-12-11 11:17 - 2015-11-09 18:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-11 11:17 - 2015-11-09 18:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-12-11 11:17 - 2015-11-09 18:12 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-12-11 11:17 - 2015-11-09 18:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-12-11 11:17 - 2015-11-09 18:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-11 11:17 - 2015-11-09 18:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-11 11:17 - 2015-11-09 18:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-12-11 11:17 - 2015-11-09 18:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-12-11 11:17 - 2015-11-09 18:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-11 11:17 - 2015-11-09 18:03 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-12-11 11:17 - 2015-11-09 18:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-11 11:17 - 2015-11-09 18:02 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-12-11 11:17 - 2015-11-09 17:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-12-11 11:17 - 2015-11-09 17:47 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-12-11 11:17 - 2015-11-09 17:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-11 11:17 - 2015-11-09 17:44 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-12-11 11:17 - 2015-11-09 17:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-11 11:17 - 2015-11-09 17:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-11 11:17 - 2015-11-09 17:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-11 11:17 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-12-11 11:17 - 2015-11-09 17:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-11 11:17 - 2015-11-09 17:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-11 11:17 - 2015-11-09 17:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-11 11:17 - 2015-11-08 16:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-12-11 11:17 - 2015-11-08 16:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-12-11 11:17 - 2015-11-08 16:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-11 11:17 - 2015-11-08 16:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-12-11 11:17 - 2015-11-08 16:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-12-11 11:17 - 2015-11-08 16:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-12-11 11:17 - 2015-11-08 16:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-12-11 11:17 - 2015-11-08 16:06 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-12-11 11:17 - 2015-11-08 16:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-11 11:17 - 2015-11-08 16:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-12-11 11:17 - 2015-11-08 16:01 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-12-11 11:17 - 2015-11-08 16:01 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-12-11 11:17 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-11 11:17 - 2015-11-08 15:48 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-12-11 11:17 - 2015-11-08 15:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-11 11:17 - 2015-11-08 15:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-12-11 11:17 - 2015-11-08 15:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-11 11:17 - 2015-11-08 15:29 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-12-11 11:17 - 2015-11-08 15:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-11 11:17 - 2015-11-08 15:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-11 11:17 - 2015-11-08 15:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-11 11:17 - 2015-11-08 15:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-11 11:17 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-12-11 11:17 - 2015-11-08 15:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-11 11:17 - 2015-11-08 14:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-11 11:17 - 2015-11-08 14:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-11 11:17 - 2015-11-08 14:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-11 11:17 - 2015-11-05 13:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2015-12-11 11:17 - 2015-11-05 13:02 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshrm.dll
2015-12-11 11:17 - 2015-11-05 03:53 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-11 11:16 - 2015-11-03 13:04 - 00241664 _____ (Microsoft Corporation) C:\Windows\system32\els.dll
2015-12-11 11:16 - 2015-11-03 12:55 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2015-12-03 15:11 - 2015-12-03 15:11 - 00000569 _____ C:\Users\RevD\Documents\Conference.svt
2015-12-03 13:22 - 2015-12-03 13:22 - 00249078 _____ C:\Users\RevD\Documents\Richardson Office Rent Increase Dec 2015.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-01 13:54 - 2015-06-17 19:21 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job
2016-01-01 13:53 - 2015-05-30 18:11 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003.job
2016-01-01 13:53 - 2014-05-27 12:01 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003.job
2016-01-01 13:53 - 2012-04-10 13:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-01 13:14 - 2014-01-02 17:34 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA.job
2016-01-01 13:13 - 2012-11-15 11:49 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002UA.job
2016-01-01 13:06 - 2012-11-01 17:39 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-01 13:00 - 2009-07-13 23:13 - 00006250 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-01 12:58 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF
2016-01-01 12:56 - 2012-11-01 17:39 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-01 12:56 - 2012-03-23 20:12 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-01 12:56 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-01 12:56 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-01 12:54 - 2009-07-13 22:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-01 12:54 - 2009-07-13 22:45 - 00026768 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-31 17:34 - 2012-03-23 20:26 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-31 15:16 - 2013-04-01 15:06 - 00000000 ____D C:\Users\RevD\AppData\Local\ElevatedDiagnostics
2015-12-31 14:31 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2015-12-31 14:14 - 2015-06-03 09:01 - 00000000 ____D C:\Users\RevD\Desktop\Other Downloads
2015-12-31 14:14 - 2013-05-06 10:56 - 01644032 ___SH C:\Users\RevD\Desktop\Thumbs.db
2015-12-31 13:59 - 2013-04-18 14:19 - 00000000 ___RD C:\Users\RevD\Virtual Machines
2015-12-31 13:59 - 2013-03-28 17:14 - 00001413 _____ C:\Users\RevD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-31 13:58 - 2014-01-27 17:26 - 00000000 ___HD C:\Windows\system32\CanonIJ Uninstaller Information
2015-12-31 13:56 - 2014-01-27 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-31 11:33 - 2015-05-30 18:11 - 00003682 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1718968445-368283017-3712501571-1003
2015-12-31 11:33 - 2014-05-27 12:01 - 00003586 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1718968445-368283017-3712501571-1003
2015-12-31 11:08 - 2014-01-02 17:34 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job
2015-12-31 10:58 - 2012-11-15 11:49 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1002Core.job
2015-12-30 21:53 - 2013-03-28 17:14 - 00000000 ____D C:\Users\RevD
2015-12-30 16:05 - 2015-06-17 19:21 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core.job
2015-12-30 11:11 - 2012-04-10 13:00 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-30 11:11 - 2012-04-10 13:00 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-30 11:11 - 2012-04-10 13:00 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-22 15:32 - 2013-04-05 19:56 - 00000000 ____D C:\Users\RevD\AppData\Roaming\vlc
2015-12-20 15:42 - 2013-08-06 18:11 - 00000000 ____D C:\Users\RevD\AppData\Roaming\Dropbox
2015-12-20 15:42 - 2013-03-28 17:14 - 00000000 ____D C:\Users\RevD\AppData\Local\Box Sync
2015-12-20 15:41 - 2009-07-13 22:45 - 00342992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-18 16:48 - 2015-04-05 23:11 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-12-18 16:48 - 2015-04-05 23:11 - 00000000 ___SD C:\Windows\system32\GWX
2015-12-18 15:16 - 2013-07-19 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-12-17 18:02 - 2015-05-15 10:43 - 00000000 ____D C:\Users\RevD\Desktop\Work Downloads
2015-12-17 14:06 - 2014-09-11 09:09 - 00000000 ____D C:\Users\RevD\Desktop\Misc Docs
2015-12-17 12:06 - 2013-04-02 20:18 - 00000000 ____D C:\Users\RevD\AppData\Local\CutePDF Writer
2015-12-14 16:20 - 2013-11-14 11:12 - 00000000 ____D C:\ProgramData\Oracle
2015-12-14 16:16 - 2013-11-14 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-14 16:16 - 2013-07-16 14:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-14 16:16 - 2012-03-31 20:59 - 00000000 ____D C:\Program Files\Java
2015-12-14 16:13 - 2013-11-14 11:11 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-14 13:53 - 2013-03-28 20:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-14 13:53 - 2013-03-28 20:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-12 08:35 - 2013-03-28 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-12 08:32 - 2013-07-28 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-12-12 08:25 - 2012-03-23 17:09 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-08 21:39 - 2010-11-20 21:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 01:08 - 2014-01-02 17:34 - 00003878 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003UA
2015-12-02 01:08 - 2014-01-02 17:34 - 00003482 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1718968445-368283017-3712501571-1003Core
 
==================== Files in the root of some directories =======
 
2014-08-19 12:13 - 2014-08-21 14:53 - 0000117 _____ () C:\Users\RevD\AppData\Roaming\TCMStudio6.pref
2014-05-27 12:59 - 2014-05-27 12:59 - 0003550 _____ () C:\Users\RevD\AppData\Local\recently-used.xbel
2012-11-08 19:51 - 2012-11-08 19:51 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\RevD\setup.exe
 
 
Some files in TEMP:
====================
C:\Users\RevG\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\RevD\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiygwlm.dll
C:\Users\RevD\AppData\Local\Temp\npp.6.7.8.2.Installer.exe
C:\Users\RevD\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\RevD\AppData\Local\Temp\xmlUpdater.exe
C:\Users\RevD\AppData\Local\Temp\_is3B21.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-30 16:44
 
==================== End of FRST.txt ============================

 

 

Attached Files



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 01 January 2016 - 04:11 PM

Alright, thank you for the information :)

Right now, here's why your Internet connection is broken.

Error: (01/01/2016 01:54:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5

Error: (01/01/2016 01:54:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5

Error: (01/01/2016 01:54:00 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5

Error: (01/01/2016 01:54:00 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5

Error: (01/01/2016 01:53:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: 
%%5

Error: (01/01/2016 01:53:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The DHCP Client service terminated with the following error: 
%%5
These are critical services needed to get online, and right now they cannot start and look like they are broke. We'll run Farbar Service Scan to see what it can tell us about these services, and where do you repair them if needed.

Q9GdiYj.pngFarbar Service Scanner (FSS)
Follow the instructions below to run Farbar Service Scanner and provide a log.
  • Download Farbar Service Scanner and move the executable to your Desktop;
  • Right-click on FSS.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check every options:
    • Internet Services;
    • Windows Firewall;
    • System Restore;
    • Security Center/Action Center;
    • Windows Update;
    • Windows Defender;
    • Other Services;
    KUTc3I2.png
  • Once done, click on the Scan button to launch a scan;
  • On completion, a Notepad file called FSS.txt (saved where FSS.exe was ran) will open. Copy and paste the content of this file in your next reply and post it;
Your next reply should contain:
  • Copy/pasted content of the FSS log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 01 January 2016 - 04:34 PM

Here is the FSS scan log as requested:

-------------------------------------------------

 

Farbar Service Scanner Version: 10-06-2014
Ran by RevD (administrator) on 01-01-2016 at 15:28:43
Running from "C:\Users\RevD\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
 
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 02 January 2016 - 10:48 AM

Alright so according to FSS, your DHCP service is intact (which means that it's not damaged), but it cannot start. Click on the Windows Start Menu, then enter cmd in the Search Area, and right-click on the cmd icon that will appear, then select Run as Administrator. In the command prompt, enter the following command:

sc start dhcp
Are you being returned a success or error message? If it's a success message, are you able to access the Internet now? If it's an error message, can you copy/paste it here so I can see it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 02 January 2016 - 07:26 PM

I have attached the screen shot of the message that I got when I ran the command as instructed. I did not get an internet connection.

Attached Files



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 03 January 2016 - 11:53 AM

Basically, your DHCP service is hanging on startup (which means that it's failing to initialize and keep on trying in a loop). Let's see if Windows Repair AIO can solve that issue for us :)

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.
  • Boot in Safe Mode with Networking;
  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Reset Service Permissions;
    • Remove Policies Set By Infections;
    • Repair Network;
    • Restore Important Windows Services;
    • Set Windows Services To Default Startup;
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;
  • A log will open after the reboot, please copy/paste it's content here;
In your next reply, I should see:
  • Copy/pasted content of the Windows Repair AIO log;
  • If you can access the Internet or not after running Windows Repair AIO and restarting normally;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 RevD

RevD
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:43 PM

Posted 03 January 2016 - 01:59 PM

Hello Yoan. Things are getting better. I successfully downloaded the windows repair folder and it ran without problems. The Windows Network Control panel says I have internet access but I am not seeing any websites with my browser (Chrome version 47.0.2526.106). I tried another web application and it stalled as well.

 

Here are the log (there were three):

 

Tweaking.com - Windows Repair v3.7.3
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: DELL-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\RevD
Current Profile SID: S-1-5-21-1718968445-368283017-3712501571-1003
Current Profile Classes: S-1-5-21-1718968445-368283017-3712501571-1003_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\RevD\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:02:59
 
Process Count: 27
Commit Total: 1.30 GB
Commit Limit: 12.30 GB
Commit Peak: 1.32 GB
Handle Count: 6538
Kernel Total: 275.93 MB
Kernel Paged: 226.07 MB
Kernel Non Paged: 49.86 MB
System Cache: 492.38 MB
Thread Count: 336
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.99 GB
Memory Used: 1.33 GB(16.6984%)
Memory Avail.: 6.65 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.99 GB
Memory Used: 1.20 GB(15.0331%)
Memory Avail.: 6.79 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (1/3/2016 12:42:11 PM)
 
03 - Reset Service Permissions
   Start (1/3/2016 12:42:12 PM)
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2016 12:42:30 PM)
 
10 - Remove Policies Set By Infections
   Start (1/3/2016 12:42:30 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2016 12:42:40 PM)
 
13 - Repair Network
   Start (1/3/2016 12:42:40 PM)
 
Decompressing & Updating Windows Permission File C:\Users\RevD\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.16 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2016 12:42:46 PM)
 
26 - Restore Important Windows Services
   Start (1/3/2016 12:42:46 PM)
 
Decompressing & Updating Windows Permission File C:\Users\RevD\Desktop\tweaking.com_windows_repair_aio\Tweaking.com - Windows Repair\files\permissions\7\services.7z
Done,  0.17 seconds.
 
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2016 12:42:57 PM)
 
27 - Set Windows Services To Default Startup
   Start (1/3/2016 12:42:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/3/2016 12:43:01 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (1/3/2016 12:43:01 PM)
   Total Repair Time: 00:00:51
 
 
...YOU MUST RESTART YOUR SYSTEM...
 
 
 
 
Repair Network Log
-------------------------
 
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Ok.
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
The following command was not found: int isatap reset all.
 
 
Reset of all TCP parameters OK!
Ok.
 
The following command was not found: int teredo reset all.
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
Windows IP Configuration
 
Registration of DNS records failed: The RPC server is unavailable.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
Ok.
 
There's no user specified settings to be reset.
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
The following command was not found: int 6to4 reset all.
There's no user specified settings to be reset.
 
There's no user specified settings to be reset.
 
 
The following command was not found: int isatap reset all.
 
 
Reset of all TCP parameters OK!
Ok.
 
The following command was not found: int teredo reset all.
 
Windows IP Configuration
 
Could not flush the DNS Resolver Cache: Function failed during execution.
 
 
Windows IP Configuration
 
Registration of DNS records failed: The RPC server is unavailable.
 
 
 
 
Services_Set_Permissions_Error_Log
------------------------------------------------
 
ERROR: Writing Security Info to <DPS> failed with: Access is denied.
ERROR: Writing Security Info to <EFS> failed with: Access is denied.
ERROR: Writing Security Info to <gpsvc> failed with: Access is denied.
ERROR: Writing Security Info to <idsvc> failed with: Access is denied.
ERROR: Writing Security Info to <MsMpSvc> failed with: Access is denied.
ERROR: Writing Security Info to <NisSrv> failed with: Access is denied.
ERROR: Writing Security Info to <WatAdminSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdiServiceHost> failed with: Access is denied.
ERROR: Writing Security Info to <WdiSystemHost> failed with: Access is denied.
 


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:43 PM

Posted 05 January 2016 - 06:15 AM

but I am not seeing any websites with my browser (Chrome version 47.0.2526.106). I tried another web application and it stalled as well.


When you go on Google Chrome and try to access a website (lets say BleepingComputer.com), what error message is being returned? Basically, what I'm asking for is the error string, and also any information found under the Details button. For example:
swlzI8y.png

This being said, I would like you to run FSS again, followed by MiniToolBox so we can see if the DHCP service was indeed fixed (and if so, what is preventing you from getting online) or not.

Q9GdiYj.pngFarbar Service Scanner (FSS)
Follow the instructions below to run Farbar Service Scanner and provide a log.
  • Download Farbar Service Scanner and move the executable to your Desktop;
  • Right-click on FSS.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check every options:
    • Internet Services;
    • Windows Firewall;
    • System Restore;
    • Security Center/Action Center;
    • Windows Update;
    • Windows Defender;
    • Other Services;
    KUTc3I2.png
  • Once done, click on the Scan button to launch a scan;
  • On completion, a Notepad file called FSS.txt (saved where FSS.exe was ran) will open. Copy and paste the content of this file in your next reply and post it;
3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
In your next reply, I should see:
  • What you meant by "things are getting betting";
  • The error message you are receiving when trying to access a website with Google Chrome;
  • Copy/pasted content of the FSS log;
  • Copy/pasted content of the MiniToolBox log;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users