Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My home network is infected [Closed]


  • This topic is locked This topic is locked

#1
achint

achint

    Member

  • Member
  • PipPip
  • 12 posts

Hey guys. The internet at my parents' home is infected. My (work) laptop has had no issues till date. Then I came here and have been using the home wifi. And there's clearly an infection.

 

Symptoms:

 

1) Random clicks around the text or while selecting some text or even somewhere in the background (even on sites like Youtube, Huffington Post, Reddit, Facebook and Twitter) result in a new tab opening ads (download flash, some video player, etc. - I immediately close the tab). The links that these tabs open are:

 

http://www.totaladpe...ay.php?r=425636

 

http://www.totaladpe...424196767620742

 

http://ad-type.googl...10345&f=popup-u

 

http://www.totaladpe...209161370061338

 

2) Similar behavior for when I use my phone connected to the same wifi network. I can't open any link at all on FB and Twitter because it redirects the landing page to some 3rd party website (which even makes the phone vibrate notification style).

 

3) My data limit got breached. I do use a lot of data - and I recently downloaded some torrents (kat.ph + utorrent), but I've done that before coming here (and I've been here only for a week) and it's never been a problem. I feel that something else is definitely using up the data.

 

4) My sister (who lives here) has been facing the same issue for quite some time now on her laptop. No one else uses the wifi except for Dad and that too only for gmail (using our laptops).

 

5) When I use my telco's internet on my laptop (hotspot from my phone) or just internet on my phone, this problem does not happen. Additionally, when I'm connected to my office's VPN, this problem doesn't happen. This is just with my home wifi. I'm starting to think that my router may be infected (is that possible?)

 

What I've done so far:

 

1) I deleted all my unknown cookies and run scans on mine and my sister's laptops (and cleaned all cookies and cache on my phone as well)

 

2) I downloaded and installed Malwarebytes - scanned and it found nothing

 

The problem continues. Please help.

 

===

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by aparekh (administrator) on APAREKH-W7N1 (10-08-2015 17:14:19)
Running from C:\Users\aparekh\Desktop
Loaded Profiles: aparekh (Available Profiles: aparekh & a32421)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Kontiki Inc.) C:\Program Files (x86)\Kontiki\KService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\HIPS\VIGUARD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(© 2015 Microsoft Corporation) C:\Users\aparekh\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Cisco Systems, Inc) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Kontiki Inc.) C:\Program Files (x86)\Kontiki\KHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [456808 2014-12-04] ()
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [168152 2014-09-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2823848 2015-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LANDesk Endpoint Security] => C:\Program Files (x86)\LANDesk\LDClient\HIPS\ViGUARD.EXE [3590872 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1174816 2015-01-07] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [kdx] => C:\Program Files (x86)\Kontiki\KHost.exe [1380472 2015-03-24] (Kontiki Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [1] => >net time /DOMAIN /SET
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [GoogleChromeAutoLaunch_E5C0C1F6B45F0D5BC272F63C0DBEC393] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [BingSvc] => C:\Users\aparekh\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Cisco Jabber] => C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe [87040 2015-05-22] (Cisco Systems, Inc)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Google Update] => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-04] (Google Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan PROe Tray.lnk [2015-06-17]
ShortcutTarget: CrashPlan PROe Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/SK2M_FRPage
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2012-04-13] (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2014-04-17] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2012-04-13] (Cisco WebEx LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2012-04-13] (Cisco WebEx LLC)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2012-04-13] (Cisco WebEx LLC)
Tcpip\Parameters: [DhcpNameServer] 37.220.8.189 31.3.252.73
Tcpip\..\Interfaces\{62A7C5F8-4EA1-47E7-85AA-F7C8771939E1}: [DhcpNameServer] 172.21.195.101 172.21.195.102
Tcpip\..\Interfaces\{780EEA35-E119-495C-9D3E-2A5A4BEC112F}: [DhcpNameServer] 37.220.8.189 31.3.252.73
 
FireFox:
========
FF ProfilePath: C:\Users\aparekh\AppData\Roaming\Mozilla\Firefox\Profiles\lop2x3j8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.85.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.85.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: @tools.google.com/Google Update;version=3 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: @tools.google.com/Google Update;version=9 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/bjninstallplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\bjnplugin\2.100.95.8\npbjninstallplugin_2.100.95.8.dll [2015-07-21] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/bjnplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\bjnplugin\2.100.95.8\npbjnplugin_2.100.95.8.dll [2015-07-21] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/rbjninstallplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\rbjnplugin\2.100.102.8\nprbjninstallplugin_2.100.102.8.dll [2015-07-31] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/rbjnplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\rbjnplugin\2.100.102.8\nprbjnplugin_2.100.102.8.dll [2015-07-31] (Blue Jeans)
FF user.js: detected! => C:\Users\aparekh\AppData\Roaming\Mozilla\Firefox\Profiles\lop2x3j8.default\user.js [2015-06-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-25] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\aparekh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-25] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WebEx\Productivity Tools
FF Extension: ocplugin - C:\Program Files (x86)\WebEx\Productivity Tools [2015-06-10]
 
Chrome: 
=======
CHR Profile: C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Cast) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-04]
CHR Extension: (Google Search) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Zomato) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpkojgbclmcfkcangfplnaakcmgoambl [2015-06-15]
CHR Extension: (Google Sheets) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (AdBlock) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (Okta Secure Web Authentication Plug-in) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\glnpjglilkicbckjpbgcfkogebgllemb [2015-06-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (TabCloud) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2015-06-15]
CHR Extension: (Gmail) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Profile: C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-17]
CHR Extension: (Google Docs) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (YouTube) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-17]
CHR Extension: (Bing) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-07-17]
CHR Extension: (Google Search) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17]
CHR Extension: (Google Sheets) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-17]
CHR Extension: (Google Wallet) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-17]
CHR Extension: (Gmail) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [170760 2015-01-15] (LANDesk Software, Inc. and its affiliates.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-20] (Code 42 Software) [File not signed]
S4 enstart64; C:\Windows\system32\enstart64.exe [1172992 2015-06-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-12-04] (Intel Corporation)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [239264 2014-09-26] (LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2014-06-20] (LANDesk Software Ltd.) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1600936 2014-12-10] (LANDESK Software, Inc. and its affiliates.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2015-01-07] (Intel Corporation)
R2 KService; C:\Program Files (x86)\Kontiki\KService.exe [5441664 2015-03-24] (Kontiki Inc.)
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [221736 2014-10-02] (LANDESK Software, Inc. and its affiliates.)
R2 LDSecSvc; C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.EXE [2439880 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [239528 2011-06-15] (Microsoft Corp.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-04-17] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-04-17] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-04-17] (Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [681128 2015-01-14] (LANDESK Software, Inc. and its affiliates.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150728.013\BHDrvx64.sys [1650936 2015-08-06] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-04-17] (Symantec Corporation)
R2 CISMBIOS; C:\Windows\system32\drivers\cismbios.sys [22016 2014-06-20] (LANDESK Software, Inc. and its affiliates.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-29] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
S3 enstart64_; C:\Windows\system32\enstart64_.sys [74472 2015-06-10] (Guidance Software Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150807.011\IDSvia64.sys [671448 2015-06-08] (Symantec Corporation)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R0 LDSecDrv; C:\Windows\System32\Drivers\LDSecDrv.sys [217152 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-01-07] (Intel Corporation)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150809.022\ENG64.SYS [138488 2015-06-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150809.022\EX64.SYS [2146040 2015-06-24] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2014-12-16] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2599128 2014-09-12] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [32424 2015-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-18] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-04-17] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-04-17] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-04-17] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-04-17] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-04-17] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-06-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-04-17] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-04-17] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2015-06-10] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2014-04-17] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-10 17:14 - 2015-08-10 17:14 - 00029320 _____ C:\Users\aparekh\Desktop\FRST.txt
2015-08-10 17:13 - 2015-08-10 17:14 - 00000000 ____D C:\FRST
2015-08-10 17:10 - 2015-08-10 17:11 - 02171392 _____ (Farbar) C:\Users\aparekh\Desktop\FRST64.exe
2015-08-10 11:05 - 2015-08-10 11:05 - 05369407 _____ C:\Users\aparekh\Documents\Campus Hire Deck for Colleges.pptx
2015-08-08 02:43 - 2015-08-08 02:43 - 00017598 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e07.hdtv.x264.define.ettv.torrent
2015-08-07 15:48 - 2015-08-07 15:49 - 00000000 ____D C:\Users\aparekh\Documents\JSA on Google Play
2015-08-07 15:17 - 2015-08-07 15:20 - 04799414 _____ C:\Users\aparekh\Downloads\campushire-pitch-082015.pptx
2015-08-07 15:01 - 2015-08-07 15:02 - 04915340 _____ C:\Users\aparekh\Downloads\15.03.03_LI_JobSearch_Trigger Series-R5-welcome.psd
2015-08-06 22:34 - 2015-08-06 22:34 - 00000000 __SHD C:\Users\aparekh\Documents\cache
2015-08-06 22:33 - 2015-08-06 22:34 - 00300792 _____ (Cisco WebEx LLC) C:\Users\aparekh\Downloads\X19fbWVldGluZ3NfMzkzNDkxNTM1NV9YNDdXM0laWEVLTjNIT0ZKSlVJWEYxM1AwWl9XQlgxMV9TREpUU3dBQUFBSUItM2ZpeUVzS21Kd1ZzYw==_webex.exe
2015-08-05 21:18 - 2015-08-05 21:18 - 00105116 _____ C:\Users\aparekh\Downloads\[kat.cr]inside.out.2015.hd.ts.xvid.ac3.hq.hive.cm8.torrent
2015-08-05 10:36 - 2015-08-05 10:36 - 00097907 _____ C:\Users\aparekh\Downloads\Campus Hire Market Sizing & Resourcing 040815.xlsx
2015-08-05 10:35 - 2015-08-05 10:36 - 03361505 _____ C:\Users\aparekh\Downloads\CampusHire - Market Sizing and Resourcing 150804.pptx
2015-08-04 21:23 - 2015-08-04 21:23 - 00284384 _____ C:\Windows\Minidump\080415-10374-01.dmp
2015-08-04 14:31 - 2015-08-04 14:31 - 00147972 _____ C:\Users\aparekh\Downloads\[kat.cr]minions.2015.720p.hdts.x264.aac.cpg.torrent
2015-08-04 09:02 - 2015-08-04 09:02 - 00015823 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e06.hdtv.x264.asap.ettv.torrent
2015-08-04 09:02 - 2015-08-04 09:02 - 00015385 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e05.hdtv.x264.killers.ettv.torrent
2015-08-04 00:27 - 2015-08-04 00:27 - 00017885 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e04.hdtv.x264.killers.ettv.torrent
2015-08-03 22:37 - 2015-08-03 22:37 - 00015635 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e03.hdtv.x264.asap.ettv.torrent
2015-08-03 22:36 - 2015-08-03 22:36 - 00017925 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e02.hdtv.x264.killers.ettv.torrent
2015-08-03 18:22 - 2015-08-03 18:22 - 00026272 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e01.hdtv.x264.proper.lol.ettv.torrent
2015-08-03 17:11 - 2015-08-03 17:11 - 00016463 _____ C:\Users\aparekh\Downloads\[kat.cr]noobsubs.shingeki.no.kyojin.attack.on.titan.ova.1.5.480p.dvd.8bit.aac.mp4.torrent
2015-08-03 16:23 - 2015-08-03 16:23 - 05463622 _____ C:\Users\aparekh\Downloads\Brand Slides For Deep Dive 2014 12 11 0730.pptx
2015-08-03 11:05 - 2015-08-04 10:39 - 00268856 _____ C:\Users\aparekh\Documents\Campus Hire Pitch Deck Inputs.pptx
2015-08-03 10:50 - 2015-08-03 10:50 - 02120728 _____ C:\Users\aparekh\Downloads\Product Review - Campus Hiring - 12 May 2015 - Pre-Readv1.0 (1).pptx
2015-08-03 10:47 - 2015-08-10 00:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-03 10:47 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-03 10:47 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-03 10:47 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-03 10:41 - 2015-08-03 10:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\aparekh\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-02 22:31 - 2015-08-02 22:31 - 00026028 _____ C:\Users\aparekh\Downloads\[kat.cr]shingeki.no.kyojin.1.25.attack.on.titan.season.1.720p.torrent
2015-07-31 18:52 - 2015-07-31 18:52 - 00000000 ____D C:\Users\aparekh\Tracing
2015-07-31 18:49 - 2015-08-01 19:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-31 18:49 - 2015-07-31 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-31 18:48 - 2015-07-31 18:52 - 40660096 _____ (Skype Technologies S.A.) C:\Users\aparekh\Downloads\SkypeSetupFull (1).exe
2015-07-29 01:32 - 2015-07-30 12:44 - 00034329 _____ C:\Users\aparekh\Documents\Mash-Pilot-Colleges.xlsx
2015-07-27 11:52 - 2015-07-27 11:51 - 00273504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00175712 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00175712 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-27 11:51 - 2015-07-27 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-27 11:51 - 2015-07-27 11:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-24 15:10 - 2015-07-24 15:10 - 00000000 ____D C:\Users\aparekh\AppData\Local\CEF
2015-07-24 10:42 - 2015-07-15 08:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-24 10:42 - 2015-07-15 08:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-24 10:42 - 2015-07-15 07:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-24 10:42 - 2015-07-15 07:22 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-24 10:42 - 2015-06-27 08:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-24 10:42 - 2015-06-27 08:13 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-24 10:42 - 2015-06-27 07:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-24 10:42 - 2015-06-27 07:09 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-24 10:41 - 2015-07-03 02:51 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-24 10:41 - 2015-07-03 02:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-24 10:41 - 2015-07-03 02:20 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-24 10:41 - 2015-07-03 02:19 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-24 10:41 - 2015-07-03 02:16 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-24 10:41 - 2015-07-03 02:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-24 10:41 - 2015-07-03 01:53 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-24 10:41 - 2015-07-03 01:49 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-24 10:41 - 2015-07-03 01:42 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-24 10:41 - 2015-07-03 01:25 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-24 10:41 - 2015-07-03 00:50 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-24 10:41 - 2015-07-03 00:29 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-24 01:30 - 2015-07-24 01:30 - 00012679 _____ C:\Users\aparekh\Downloads\[kat.cr]silicon.valley.season.2.720p.hdtv.x264.shaanig.torrent
2015-07-23 15:40 - 2015-07-23 15:40 - 00953220 _____ C:\Users\aparekh\Downloads\Dumbledore_Update.pptx
2015-07-23 11:24 - 2015-07-24 12:22 - 00621056 _____ C:\Users\aparekh\Downloads\ready-reckoner-2015.xls
2015-07-23 10:42 - 2015-06-11 23:26 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-23 10:42 - 2015-06-11 22:46 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-23 10:42 - 2015-06-11 22:45 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-23 10:42 - 2015-06-02 05:37 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-23 10:42 - 2015-06-02 05:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-23 10:41 - 2015-07-23 10:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-23 10:41 - 2015-06-25 23:39 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-23 10:41 - 2015-06-25 23:13 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-23 10:41 - 2015-06-21 01:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-23 10:41 - 2015-06-21 01:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-23 10:41 - 2015-06-21 01:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-23 10:41 - 2015-06-21 01:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-23 10:41 - 2015-06-21 01:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-23 10:41 - 2015-06-21 01:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-23 10:41 - 2015-06-21 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-23 10:41 - 2015-06-21 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-23 10:41 - 2015-06-21 01:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-23 10:41 - 2015-06-21 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-23 10:41 - 2015-06-21 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-23 10:41 - 2015-06-21 00:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-23 10:41 - 2015-06-21 00:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-23 10:41 - 2015-06-21 00:43 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-23 10:41 - 2015-06-21 00:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-23 10:41 - 2015-06-21 00:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-23 10:41 - 2015-06-21 00:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-23 10:41 - 2015-06-21 00:18 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-23 10:41 - 2015-06-21 00:18 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-23 10:41 - 2015-06-21 00:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-23 10:41 - 2015-06-21 00:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-23 10:41 - 2015-06-20 23:56 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-23 10:41 - 2015-06-20 23:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-23 10:41 - 2015-06-19 23:55 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-23 10:41 - 2015-06-19 23:55 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-23 10:41 - 2015-06-19 23:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-23 10:41 - 2015-06-19 23:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-23 10:41 - 2015-06-19 23:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-23 10:41 - 2015-06-19 23:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-23 10:41 - 2015-06-19 23:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-23 10:41 - 2015-06-19 23:43 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-23 10:41 - 2015-06-19 23:43 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-23 10:41 - 2015-06-19 23:33 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-23 10:41 - 2015-06-19 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-23 10:41 - 2015-06-19 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-23 10:41 - 2015-06-19 23:22 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-23 10:41 - 2015-06-19 23:21 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-23 10:41 - 2015-06-19 23:10 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-23 10:41 - 2015-06-19 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-23 10:41 - 2015-06-19 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-23 10:41 - 2015-06-19 22:45 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-23 10:41 - 2015-06-19 22:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-23 10:32 - 2015-07-23 18:37 - 00114688 _____ C:\Users\aparekh\Downloads\ready-reckoner-2014.xls
2015-07-22 15:19 - 2015-07-22 15:20 - 00242712 _____ C:\Users\aparekh\Downloads\Firefox Setup Stub 39.0.exe
2015-07-21 16:40 - 2015-07-21 16:40 - 02704896 _____ C:\Users\aparekh\Downloads\Reealty Buff 6-4-15.ppt
2015-07-16 20:45 - 2015-07-16 20:45 - 00016454 _____ C:\Users\aparekh\Downloads\[kat.cr]louie.s05e08.hdtv.x264.lol.ettv.torrent
2015-07-16 20:45 - 2015-07-16 20:45 - 00012418 _____ C:\Users\aparekh\Downloads\[kat.cr]louie.s05e07.hdtv.x264.lol.ettv.torrent
2015-07-15 21:31 - 2015-08-04 21:23 - 830602922 _____ C:\Windows\MEMORY.DMP
2015-07-15 21:31 - 2015-08-04 21:23 - 00000000 ____D C:\Windows\Minidump
2015-07-15 21:31 - 2015-07-15 21:31 - 00292096 _____ C:\Windows\Minidump\071515-17035-01.dmp
2015-07-14 12:22 - 2015-07-14 13:12 - 00872497 _____ C:\Users\aparekh\Documents\The_Big_Idea - SKILLING IT.pptx
2015-07-14 12:05 - 2015-07-14 12:05 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
2015-07-14 12:05 - 2015-07-14 12:05 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\BalsamiqMockups3
2015-07-14 12:04 - 2015-07-14 12:04 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2015-07-14 12:04 - 2015-07-14 12:04 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-07-14 12:04 - 2015-07-14 12:04 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-07-14 12:04 - 2015-07-14 12:04 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups 3
2015-07-14 12:01 - 2015-07-14 12:01 - 03858200 _____ C:\Users\aparekh\Downloads\Balsamiq_Mockups_3.1.6.exe
2015-07-14 09:09 - 2015-07-14 09:09 - 02120728 _____ C:\Users\aparekh\Downloads\Product Review - Campus Hiring - 12 May 2015 - Pre-Readv1.0.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-10 17:14 - 2015-07-10 09:48 - 00000000 ____D C:\ProgramData\Kontiki
2015-08-10 17:14 - 2015-06-10 05:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 16:47 - 2015-07-02 11:59 - 00000000 ____D C:\Amazon Backup
2015-08-10 16:47 - 2015-06-10 05:09 - 00472590 _____ C:\Windows\SysWOW64\Gms.log
2015-08-10 16:34 - 2015-07-04 14:22 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA.job
2015-08-10 16:20 - 2015-06-10 05:30 - 00000448 _____ C:\Windows\system32\config\netlogon.ftl
2015-08-10 16:17 - 2015-06-10 05:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 11:26 - 2015-06-10 04:57 - 00000000 ____D C:\ProgramData\vulScan
2015-08-10 09:34 - 2015-06-10 05:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-10 00:34 - 2015-07-04 14:22 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core.job
2015-08-09 23:57 - 2009-07-14 10:15 - 00019328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-09 23:57 - 2009-07-14 10:15 - 00019328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-09 23:52 - 2009-07-14 10:43 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 23:46 - 2015-06-15 20:03 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Skype
2015-08-09 23:46 - 2015-06-09 13:38 - 00006372 _____ C:\Windows\SysWOW64\ldcpu.data
2015-08-09 23:45 - 2015-06-09 13:39 - 00000000 ____D C:\ProgramData\LdSec
2015-08-09 23:45 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 23:45 - 2009-07-14 10:21 - 00061455 _____ C:\Windows\setupact.log
2015-08-09 03:51 - 2015-06-10 04:55 - 00309842 _____ C:\Windows\WindowsUpdate.log
2015-08-09 00:28 - 2015-07-04 18:58 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\uTorrent
2015-08-08 03:31 - 2015-06-15 19:57 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\vlc
2015-08-08 02:44 - 2015-07-04 19:07 - 00000000 ____D C:\PirateBooty
2015-08-07 14:52 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-08-07 10:36 - 2015-06-09 14:11 - 00052332 __RSH C:\ProgramData\ntuser.pol
2015-08-06 22:35 - 2015-06-25 13:59 - 00000000 ____D C:\ProgramData\WebEx
2015-08-06 22:34 - 2015-06-09 14:33 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Webex
2015-08-06 10:12 - 2015-06-09 14:06 - 00000009 _____ C:\Windows\liamowner.txt
2015-08-04 14:04 - 2015-06-24 11:50 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Blue Jeans
2015-08-01 19:12 - 2015-06-16 14:07 - 00000000 ____D C:\Users\aparekh\AppData\Local\JabberWerxCPP
2015-08-01 19:12 - 2015-06-15 20:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-31 18:52 - 2015-06-09 14:33 - 00000000 ____D C:\Users\aparekh
2015-07-27 20:58 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-07-24 22:58 - 2009-07-14 10:15 - 00410248 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-24 15:10 - 2015-06-15 16:43 - 00000000 ____D C:\Users\aparekh\AppData\Local\Adobe
2015-07-24 13:18 - 2015-06-10 05:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-23 10:43 - 2015-06-10 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-23 10:43 - 2015-06-10 05:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-23 10:43 - 2015-06-10 05:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 10:43 - 2012-11-17 06:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-23 10:41 - 2015-06-10 05:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-23 10:41 - 2015-06-10 05:17 - 00000000 ____D C:\ProgramData\Adobe
2015-07-22 21:46 - 2015-06-10 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-22 15:23 - 2015-06-10 05:16 - 00001167 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-22 15:23 - 2015-06-10 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-16 09:12 - 2015-06-10 05:17 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:12 - 2015-06-10 05:17 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 00:29 - 2015-07-04 14:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA
2015-07-16 00:29 - 2015-07-04 14:22 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core
2015-07-14 12:03 - 2015-06-09 14:33 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Adobe
 
==================== Files in the root of some directories =======
 
2015-06-10 04:49 - 2015-06-10 04:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\aparekh\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\aparekh\AppData\Local\Temp\BSvcUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-02 01:46
 
==================== End of log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by aparekh (2015-08-10 17:14:39)
Running from C:\Users\aparekh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
a32421 (S-1-5-21-4218860331-2946997274-1409398923-500 - Administrator - Disabled) => C:\Users\Administrator
g32421 (S-1-5-21-4218860331-2946997274-1409398923-501 - Limited - Disabled)
liadmin (S-1-5-21-4218860331-2946997274-1409398923-1001 - Administrator - Enabled)
liuser (S-1-5-21-4218860331-2946997274-1409398923-1000 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.6 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.6 - Balsamiq SRL) Hidden
bjnplugin (HKLM-x32\...\{D14784B7-700E-4B29-AAC7-60DA86D1D67D}) (Version: 2.100.95.8 - Blue Jeans)
ChromecastApp (HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{231563BB-B062-4173-8C3F-FF109BEB1C54}) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco Jabber (HKLM-x32\...\{AEE363B0-7E60-43B7-8CB9-111ED29E68CD}) (Version: 10.6.4.63238 - Cisco Systems, Inc)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CrashPlan PROe (HKLM\...\{19C5E720-AA4F-4AF5-8AD0-EB7FF7E15D2D}) (Version: 3.6.3 - Code 42 Software)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\{32E600A5-C6F1-38A2-A8CC-B7DEF699D3F1}) (Version: 66.65.49304 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.38.1036 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Java 7 Update 85 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217085FF}) (Version: 7.0.850 - Oracle)
Kontiki ECDN Client (HKLM-x32\...\{F262A5F6-630C-4059-95C5-8CABC3031822}) (Version: 9.1.212.2 - Kontiki)
LANDESK Advance Agent (x32 Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Common Base Agent 8 (x32 Version: 9.60.0.225 - LANDesk Software, Ltd) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{1669699B-087D-4B5A-841D-78D386080A30}) (Version: 1.0.1237.1 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
rbjnplugin (HKLM-x32\...\{7942A69A-528A-4CC3-9A0C-AB2916F3F727}) (Version: 2.100.102.8 - Blue Jeans)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7329 - Realtek Semiconductor Corp.)
SAFE Servlet (x32 Version: 7.09.06.03 - Guidance Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.103 - Synaptics Incorporated)
TUGZip 3.5 (HKLM-x32\...\TUGZip_is1) (Version:  - Christian Kindahl)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebEx Productivity Tools (HKLM-x32\...\{6883C052-5EE4-45F7-9409-F77AEA9EF1E1}) (Version: 2.29.3207 - Cisco WebEx LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-07-2015 10:41:32 Windows Update
23-07-2015 10:42:22 Windows Update
23-07-2015 10:42:39 Windows Update
24-07-2015 10:41:47 Windows Update
24-07-2015 10:42:12 Windows Update
24-07-2015 10:42:27 Windows Update
05-08-2015 19:09:43 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {007D89C8-37C8-4E03-9AC6-BDDB97A142F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {0C0CBEEA-A5F4-4C42-B50A-96D3390A4616} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-04] (Realtek Semiconductor)
Task: {1B2A847F-E4C8-48AB-AB93-A3250D1E9403} - System32\Tasks\{02ABEB50-76F9-4288-9992-B91222D38916} => Chrome.exe http://www.skype.com...LastError=12002
Task: {1C35810D-E336-4C75-84B3-D9977C8230AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2C286D02-B8F1-4702-941A-C0098C9B2653} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-04] (Realtek Semiconductor)
Task: {59EBC86D-15DB-4528-9414-E2A9498AEF50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {5EE263F3-0AFC-43C4-BAB8-78CF1894C734} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [2014-09-26] (LANDESK Software, Inc. and its affiliates.)
Task: {6254D7CC-D3F4-4339-B4E4-DFEC61305A86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-23] (Adobe Systems Incorporated)
Task: {9DFF5355-5F88-4037-85D1-5CC857EECA74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {D7307673-F27D-406F-B80A-C6AA952447D1} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-09-04] (Realtek Semiconductor)
Task: {E8A39FB8-F544-4334-883A-2FD75241AB71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core.job => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA.job => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-09 13:38 - 2014-06-20 11:52 - 00028624 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUHipsClient64.dll
2015-06-09 13:38 - 2014-10-10 17:17 - 00123904 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUENCARCHIVE.DLL
2015-06-10 05:22 - 2012-03-12 03:26 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2014-02-20 04:55 - 2014-02-20 04:55 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-06-17 10:36 - 2015-06-17 10:36 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2013-09-05 13:47 - 2013-09-05 13:47 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 04:53 - 2010-10-21 04:53 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-06-11 12:05 - 2014-06-11 12:05 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-06-10 04:57 - 2014-07-24 18:59 - 00107008 _____ () C:\Program Files (x86)\LANDesk\LDClient\RollingLog.dll
2015-06-09 13:38 - 2014-10-19 02:49 - 00164352 _____ () C:\Program Files (x86)\LANDesk\LDClient\httprequest.dll
2015-06-09 13:38 - 2014-11-13 05:02 - 00801280 _____ () C:\Program Files (x86)\LANDesk\LDClient\tmcdll.dll
2015-06-09 13:38 - 2014-06-20 09:55 - 00106567 _____ () C:\Program Files (x86)\LANDesk\LDClient\ThinstallManageApi.dll
2015-06-09 13:38 - 2014-07-25 19:36 - 00726520 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\BVDC.DLL
2015-06-09 13:38 - 2014-06-20 11:52 - 00028624 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUHipsClient.dll
2013-09-05 13:44 - 2013-09-05 13:44 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 05:15 - 2010-10-21 05:15 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00271872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\JCFCoreUtils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00030720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csflogger.dll
2015-03-18 21:29 - 2015-03-18 21:29 - 01241088 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libxml2.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00101888 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\HttpDownloader.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01208832 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfnetutils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00064000 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\dnsutils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00158208 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\htmlcxx.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00678400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wcl_dll.DLL
2015-05-22 07:25 - 2015-05-22 07:25 - 00690688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginRuntime.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00449536 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\servicesframework.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010240 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginResources.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00283136 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ceb.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00560640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConfigService\ConfigService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00118784 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\SystemMonitor.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 03319296 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\SystemService\SystemService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00513024 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelemetryService\TelemetryService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00553472 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\DesktopShareService\DesktopShareService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 02718720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelephonyService\TelephonyService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00892416 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypmp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00785920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypme.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 08141824 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libpme.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00027136 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaah264codecbase.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00638976 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstreamer-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010240 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\logitech-vt3fix.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00181248 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstaudio-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00051200 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstinterfaces-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00103424 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstpbutils-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00272896 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstbase-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00049664 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\srtp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00067072 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstvideo-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00071168 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstrtp-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00037888 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstapp-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010752 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxybase.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00919552 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxytaf.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01954816 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaf.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00023040 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CDMWrapper.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00258048 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CommunicationsDeviceManager.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00232960 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\accessories_manager.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 05414400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\IMPresenceServices\IMPresenceServices.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00953856 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfcommunicationhistory.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00242688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConversationService\ConversationService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00024064 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\outlook-recordsource-sink.dll
2015-03-18 21:22 - 2015-03-18 21:22 - 00134656 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libexpatw.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00200192 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberUpgradePlugin\JabberUpgradePlugin.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00368640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\ConversationWindowPlugin\ConversationWindowPlugin.dll
2015-05-22 07:18 - 2015-05-22 07:18 - 00044544 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceConnectorPlugin\PresenceConnectorPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00081920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ScreenCapture.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 01577984 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyPlugin\TelephonyPlugin.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00194560 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyRuntime\TelephonyRuntime.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00422400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyDeviceSelectionPlugin\TelephonyDeviceSelectionPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01863168 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\VoicemailService\VoicemailService.dll
2015-05-22 07:15 - 2015-05-22 07:15 - 00544768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceAreaPlugin\PresenceAreaPlugin.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00147968 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\SoundTab\SoundTab.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00389632 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\CommunicationHistoryService\CommunicationHistoryService.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00209408 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\HuntGroupCallPickupPlugin\HuntGroupCallPickupPlugin.dll
2015-05-22 07:19 - 2015-05-22 07:19 - 01902080 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberMeetingPlugin\JabberMeetingPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00347648 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\JabberMeeting.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00032768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Mat_dll.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00052224 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MExpatWrapper.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00079872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\TriSMD.dll
2015-08-05 22:31 - 2015-07-31 11:49 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 22:31 - 2015-07-31 11:49 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
2015-01-07 04:10 - 2015-01-07 04:10 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 13:44 - 2013-09-05 13:44 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-15 05:16 - 2013-02-15 05:16 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2015-07-03 10:39 - 2015-07-03 10:39 - 20930744 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.dll
2015-03-17 01:34 - 2015-03-17 01:34 - 00322208 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll
2015-07-03 10:39 - 2015-07-03 10:39 - 45080248 _____ () C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll
2015-08-05 22:31 - 2015-07-31 11:49 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\Control Panel\Desktop\\Wallpaper -> C:\Users\aparekh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.220.8.189 - 31.3.252.73
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E44FEE45-5E29-484F-B362-B8562E820C60}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{96329B16-C23B-43C1-86BF-F3AFA08133D1}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{446C306F-D27E-43A9-87BD-2841AC7F7060}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{3DFB3B4D-B00E-40D4-9943-28A43FB4A311}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{2BD035A7-21EF-4311-9271-EBFD8BB6C901}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{C77E8882-6654-45AE-9568-8D5DAB32ADC6}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{62166C94-5485-4210-A52E-D95156F2E760}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{3E69B55F-9424-4E8A-9252-DC655C3AB321}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{5EDA954C-7CEE-42E1-923C-5796BE1F5E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9BD9D82-68F1-4F72-A443-086673D94274}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EE7A5AC-CBA9-4BC3-BB2F-AB464A6B35CA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{4E51CEF8-A2C0-4E4A-9601-80D6F7252176}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{F38788DB-F656-49B7-9BE9-73891CA82288}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{15FF8F12-E9C3-4E2C-9B3E-775E1AC1D3AC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{7B870B03-F185-4A66-A216-D71C441E2D2B}] => (Allow) C:\Windows\system32\enstart64.exe
FirewallRules: [{0E049A19-CA28-47BF-B59F-618BB09D23B1}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{1B2EBDDD-866D-4F2C-97B2-4608AF7A2F8C}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{3BEB88BD-8CB2-4A72-A2CE-ADB0BA7101E2}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{F3D6F7B6-D450-45FF-A0A3-764126600F49}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{134D446A-ED9A-4A54-9FF0-B3182352A2B0}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{1F793204-A054-4F42-821D-307413B788C1}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{87780F83-249A-4086-97AA-D4E370BFB321}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{9BD31361-F07F-422D-9935-E024242D3895}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{C82F775D-D332-4AE4-8EAB-B726B87A5767}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{280F0F9E-84FA-4244-8F15-B6116375DB0E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{1CB84E39-30A1-4102-8F32-7A70E13D9F26}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{8A8258B2-BABD-44D5-B425-280F222B76FF}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{1BE9B8A0-FB24-4C8E-BCF9-5135AC68CEF3}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{2904E5B7-CC1C-4516-A4F7-C319EBE62228}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{A7A46BF4-5605-49FF-B884-B0CAA25D050B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{E55BAB79-6305-4F58-91D5-743FD1B70904}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{8642B917-0190-4504-9680-18A5AE9E71B7}] => (Allow) C:\PROGRA~2\LANDesk\LDClient\issuser.exe
FirewallRules: [{EE7C3E5C-E0C0-4BF6-B73F-8B1ACE34304E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{0DF91739-0D3A-416D-9CF9-7D0FFA552530}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
FirewallRules: [{FAB6565F-B027-440E-82B7-E9AEB5AA2DDC}] => (Allow) C:\Windows\system32\CBA\pds.exe
FirewallRules: [{31CE62CB-1EC7-4015-8127-FD1AE76A9574}] => (Allow) %windir%\system32\msgsys.exe
FirewallRules: [{3B1000FB-BB1B-4243-8D98-0A543AFC97B8}] => (Allow) LPort=137
FirewallRules: [{B806E054-B05D-4613-87BB-1DA0051E816D}] => (Allow) LPort=138
FirewallRules: [{D73138B4-F341-42DA-9D36-6036B1E09C48}] => (Allow) LPort=139
FirewallRules: [{88946477-01EF-4B7D-968D-061864D3FC99}] => (Allow) LPort=445
FirewallRules: [{6AAA436E-9C94-4FFB-9C33-A1A60F384059}] => (Allow) LPort=67
FirewallRules: [{D37CA42E-7FB4-41D2-94FB-56256CADE22E}] => (Allow) LPort=67
FirewallRules: [{78CAD8AC-23BB-45C7-B38E-52C8FE9B18FB}] => (Allow) LPort=9535
FirewallRules: [{8A228E79-83F9-4D23-80F3-AF62CE28C088}] => (Allow) LPort=9535
FirewallRules: [{B3A386DA-7248-4951-881D-1F4938FB93B2}] => (Allow) LPort=4343
FirewallRules: [{6C871479-5A48-4FC6-B8FA-EFB7561C0DB0}] => (Allow) LPort=4343
FirewallRules: [{647E6971-64A0-4E5A-B210-17C312ECD85C}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe
FirewallRules: [{89C1C848-F132-41F8-82E9-972614B111CF}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wbxcOIEx.exe
FirewallRules: [{DED9198C-C8D1-46F3-BA5B-14D73148FC59}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\wbxcOIEx64.exe
FirewallRules: [{006A93DF-6DE5-4EF4-9525-C615116CACA5}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{49EC0EC4-16A2-42F1-AF42-B16BF9A4B3C9}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{BD736BA0-25F8-448A-940B-F081CAF4C0BC}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27447CFE-DEB7-4660-84D5-8105EFD594E4}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E85316BF-3DF6-4387-835B-14A6A3D9B778}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFE8C7DC-4FED-4CC2-A8DB-442BB7592426}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E6E85F9-3A82-4A3E-A52E-02BD7CA8E7EF}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1D2610C-186A-49C8-B0E4-EE87CB5E15A6}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60B3313C-9A44-4A5F-B35A-588AA53E63D6}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{D9E951C6-2926-4F8B-BD7E-6D88BE3609C5}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{6B44A640-DEF7-422A-B500-20BF30540438}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{4710EB3B-FBE3-49E9-A821-A608EFE74A98}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{C13C15A2-CD02-4634-AA33-690062ADFA6F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5BE2D133-F04C-4CAF-BE6D-417730D981BE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{70D041E5-D808-4FA5-8049-43A37A549A99}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{7FA316A5-C898-4754-93B9-7D1F2B149395}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{52A1F279-2197-4D38-A999-F44BBA4993BD}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{BB0F455C-5684-42AA-ACA8-CDD4901665DB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{7358A5B5-03C8-41E6-8B56-3913575D57F7}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{33E3E52E-FF6A-41D8-9119-A559FA4FCD96}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/10/2015 04:32:32 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/10/2015 03:49:36 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32: Failed to resolve the Host Name.
 
Error: (08/10/2015 01:11:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/10/2015 01:01:25 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/10/2015 12:33:28 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32: Failed to resolve the Host Name.
 
Error: (08/10/2015 11:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: issuser.exe, version: 9.60.2.118, time stamp: 0x54875f2b
Faulting module name: SSLEAY32MT.dll, version: 1.0.1.8, time stamp: 0x53907f75
Exception code: 0xc0000005
Fault offset: 0x0000ebe0
Faulting process id: 0x7d8
Faulting application start time: 0xissuser.exe0
Faulting application path: issuser.exe1
Faulting module path: issuser.exe2
Report Id: issuser.exe3
 
Error: (08/10/2015 10:58:10 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/10/2015 10:55:48 AM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32: Failed to resolve the Host Name.
 
Error: (08/10/2015 09:28:49 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/10/2015 09:26:44 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
 
System errors:
=============
Error: (08/10/2015 04:32:37 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/10/2015 03:50:04 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/10/2015 02:33:30 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1722
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/10/2015 02:30:04 PM) (Source: NETLOGON) (EventID: 5783) (User: )
Description: The session setup to the Windows NT or Windows 2000 Domain Controller \\MPR3-ADC02.linkedin.biz for the domain LINKEDIN
is not responsive.  The current RPC call from Netlogon on \\APAREKH-W7N1 to \\MPR3-ADC02.linkedin.biz has been cancelled.
 
Error: (08/10/2015 02:28:34 PM) (Source: NETLOGON) (EventID: 5783) (User: )
Description: The session setup to the Windows NT or Windows 2000 Domain Controller \\ABG3-ADC02.linkedin.biz for the domain LINKEDIN
is not responsive.  The current RPC call from Netlogon on \\APAREKH-W7N1 to \\ABG3-ADC02.linkedin.biz has been cancelled.
 
Error: (08/10/2015 11:26:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The LANDESK Remote Control Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (08/10/2015 09:26:18 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/09/2015 11:46:13 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: LINKEDIN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/09/2015 11:45:34 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/09/2015 11:45:22 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office:
=========================
Error: (08/10/2015 04:32:32 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/10/2015 03:49:36 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32
 
Error: (08/10/2015 01:11:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/10/2015 01:01:25 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/10/2015 12:33:28 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32
 
Error: (08/10/2015 11:26:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: issuser.exe9.60.2.11854875f2bSSLEAY32MT.dll1.0.1.853907f75c00000050000ebe07d801d0d2cf5b862f8dC:\PROGRA~2\LANDesk\LDClient\issuser.exeC:\PROGRA~2\LANDesk\LDClient\SSLEAY32MT.dll7a8f6048-3f24-11e5-93ba-54ee754729bc
 
Error: (08/10/2015 10:58:10 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/10/2015 10:55:48 AM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32
 
Error: (08/10/2015 09:28:49 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/10/2015 09:26:44 AM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 74%
Total physical RAM: 7872.26 MB
Available physical RAM: 2004.41 MB
Total Virtual: 15742.71 MB
Available Virtual: 9709.69 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.38 GB) (Free:132.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3C2C7561)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================

 

 

 

 

 

 

 


  • 0

Advertisements


#2
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Forgot to add that I also use Adblock already. But that isn't helping :(


  • 0

#3
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Anybody? :(


Edited by achint, 12 August 2015 - 11:16 AM.

  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, achint. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Also, please note that I'm currently in training, so my answers to you will have to be checked first by an experienced helper before I can post them. This can lengthen the time between my answers to you, but in return you will have an extra person reviewing your log.

 
I'm sorry that your topic remained unanswered for so long. As it's been 3 days since you posted the FRST logs, I have to ask you to get new ones. If you forgot how to do that, you can use the instructions below.

4rr98tz.pngFRST Scan
  • Download Farbar Recovery Scan Tool and save it to your Desktop.
  • Right click FRST64.exe and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
Also, please tell me if you are aware of the existance of all of these user accounts on your computer:
  • a32421
  • g32421
  • liadmin
  • liuser
I'm asking because that's not a popular way to name accounts, so I want to make sure that you've created them.

 
EOEdyWG.png Things that should appear in your next post:
  • FRST.txt log content
  • Addition.txt log content
  • Answer to my question about user accounts

  • 0

#5
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
About your question if router infections exist: they do. And it looks like we have one here :)

To easiest way to fix the problem is to reset the router to factory settings and then strengthen the password. This is what I'd like you to do now.

If you cannot do it on your own, please give me the name of your router and I'll try to help you :)
  • 0

#6
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Thanks Nevan. I did this - in fact the router was 3 years old and kept giving dropping the signal as well - so got a new router. Also deleted the cache, cookies, history, temp files, etc. from all devices before connecting to the new router. And the problem is fixed!  :thumbsup:

 

Thanks again.


  • 0

#7
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
I'm glad to hear that. :)

However, there were signs of infection on your system and we have to get rid of them.

Could you please provide new FRST logs and answer my question about users from my previous post?
  • 0

#8
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

On the user accounts, they haven't been created by me. But this is my work laptop - so it was probably created by the company. I work with LinkedIn and the users liadmin and liuser seem to be connected to linkedin-admin and linkedin-user. Not sure of the others - but I suspect that they may also be related to work - can ask the tech guys at work maybe.

 

Here are the logs (I'd already downloaded Farbar so used the one that was already on my desktop - let me know if this was wrong):

 

FRST.txt log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-08-2015 01
Ran by aparekh (administrator) on APAREKH-W7N1 (15-08-2015 17:45:19)
Running from C:\Users\aparekh\Desktop
Loaded Profiles: aparekh (Available Profiles: aparekh & a32421)
Platform: Windows 7 Enterprise Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(LANDesk Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software Ltd.) C:\Windows\SysWOW64\cba\pds.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Kontiki Inc.) C:\Program Files (x86)\Kontiki\KService.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\HIPS\VIGUARD.exe
(© 2015 Microsoft Corporation) C:\Users\aparekh\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Cisco Systems, Inc) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Kontiki Inc.) C:\Program Files (x86)\Kontiki\KHost.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
(WebEx) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wbxcOIEx.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LANDESK Software, Inc. and its affiliates.) C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\LANDesk\LDClient\LDdrives.exe
() C:\Program Files (x86)\LANDesk\LDClient\LDnetwork.exe
() C:\Program Files (x86)\LANDesk\LDClient\LDmemory.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [456808 2014-12-04] ()
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [RtsCM] => C:\Windows\RTSCM64.EXE [168152 2014-09-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2823848 2015-02-06] (Synaptics Incorporated)
HKLM\...\Run: [LANDesk Endpoint Security] => C:\Program Files (x86)\LANDesk\LDClient\HIPS\ViGUARD.EXE [3590872 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1174816 2015-01-07] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [kdx] => C:\Program Files (x86)\Kontiki\KHost.exe [1380472 2015-03-24] (Kontiki Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [1] => >net time /DOMAIN /SET
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [GoogleChromeAutoLaunch_E5C0C1F6B45F0D5BC272F63C0DBEC393] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-31] (Google Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [BingSvc] => C:\Users\aparekh\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Cisco Jabber] => C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe [87040 2015-05-22] (Cisco Systems, Inc)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Google Update] => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-07-04] (Google Inc.)
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan PROe Tray.lnk [2015-06-17]
ShortcutTarget: CrashPlan PROe Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SK2M_FRPage
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2012-04-13] (Cisco WebEx LLC)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL [2014-04-17] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-07-27] (Oracle Corporation)
BHO-x32: WebEx Productivity Tools -> {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} -> C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2012-04-13] (Cisco WebEx LLC)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-07-27] (Oracle Corporation)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll [2012-04-13] (Cisco WebEx LLC)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll [2012-04-13] (Cisco WebEx LLC)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{62A7C5F8-4EA1-47E7-85AA-F7C8771939E1}: [DhcpNameServer] 172.21.195.101 172.21.195.102
Tcpip\..\Interfaces\{780EEA35-E119-495C-9D3E-2A5A4BEC112F}: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\aparekh\AppData\Roaming\Mozilla\Firefox\Profiles\lop2x3j8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-23] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-01-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-01-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.85.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.85.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-07-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: @tools.google.com/Google Update;version=3 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: @tools.google.com/Google Update;version=9 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/bjninstallplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\bjnplugin\2.100.95.8\npbjninstallplugin_2.100.95.8.dll [2015-07-21] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/bjnplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\bjnplugin\2.100.95.8\npbjnplugin_2.100.95.8.dll [2015-07-21] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/rbjninstallplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\rbjnplugin\2.100.102.8\nprbjninstallplugin_2.100.102.8.dll [2015-07-31] (Blue Jeans)
FF Plugin HKU\S-1-5-21-2812736381-1914932952-2891920474-144118: bluejeans.com/rbjnplugin -> C:\Users\aparekh\AppData\Roaming\Blue Jeans\rbjnplugin\2.100.102.8\nprbjnplugin_2.100.102.8.dll [2015-07-31] (Blue Jeans)
FF user.js: detected! => C:\Users\aparekh\AppData\Roaming\Mozilla\Firefox\Profiles\lop2x3j8.default\user.js [2015-06-17]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npatgpc.dll [2015-06-25] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\aparekh\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-06-25] (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WebEx\Productivity Tools
FF Extension: ocplugin - C:\Program Files (x86)\WebEx\Productivity Tools [2015-06-10]
 
Chrome: 
=======
CHR Profile: C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-15]
CHR Extension: (Google Docs) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-15]
CHR Extension: (Google Drive) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-15]
CHR Extension: (YouTube) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-15]
CHR Extension: (Google Cast) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-07-04]
CHR Extension: (Google Search) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-15]
CHR Extension: (Zomato) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpkojgbclmcfkcangfplnaakcmgoambl [2015-06-15]
CHR Extension: (Google Sheets) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-15]
CHR Extension: (AdBlock) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-07-04]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-08-15]
CHR Extension: (Okta Secure Web Authentication Plug-in) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\glnpjglilkicbckjpbgcfkogebgllemb [2015-06-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-15]
CHR Extension: (TabCloud) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof [2015-06-15]
CHR Extension: (Gmail) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-15]
CHR Profile: C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-17]
CHR Extension: (Google Docs) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-17]
CHR Extension: (Google Drive) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-17]
CHR Extension: (YouTube) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-17]
CHR Extension: (Bing) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmkckgpgekmanipelfidlhmkfcjicion [2015-07-17]
CHR Extension: (Google Search) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-17]
CHR Extension: (Google Sheets) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-17]
CHR Extension: (Google Wallet) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-17]
CHR Extension: (Gmail) - C:\Users\aparekh\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-17]
CHR HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.goo...ice/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [170760 2015-01-15] (LANDesk Software, Inc. and its affiliates.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [223232 2014-02-20] (Code 42 Software) [File not signed]
S4 enstart64; C:\Windows\system32\enstart64.exe [1172992 2015-06-10] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328296 2014-12-04] (Intel Corporation)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [239264 2014-09-26] (LANDESK Software, Inc. and its affiliates.)
R2 Intel PDS; C:\Windows\SysWOW64\CBA\pds.exe [32825 2014-06-20] (LANDesk Software Ltd.) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 ISSUSER; C:\Program Files (x86)\LANDesk\LDClient\issuser.exe [1600936 2014-12-10] (LANDESK Software, Inc. and its affiliates.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2015-01-07] (Intel Corporation)
R2 KService; C:\Program Files (x86)\Kontiki\KService.exe [5441664 2015-03-24] (Kontiki Inc.)
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [221736 2014-10-02] (LANDESK Software, Inc. and its affiliates.)
R2 LDSecSvc; C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.EXE [2439880 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
R2 MBAMAgent; C:\Program Files\Microsoft\MDOP MBAM\MBAMAgent.exe [239528 2011-06-15] (Microsoft Corp.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-04-17] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-04-17] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-04-17] (Symantec Corporation)
R2 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [681128 2015-01-14] (LANDESK Software, Inc. and its affiliates.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20150806.012\BHDrvx64.sys [1650936 2015-08-06] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-04-17] (Symantec Corporation)
R2 CISMBIOS; C:\Windows\system32\drivers\cismbios.sys [22016 2014-06-20] (LANDESK Software, Inc. and its affiliates.)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [378136 2014-09-29] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
S3 enstart64_; C:\Windows\system32\enstart64_.sys [74472 2015-06-10] (Guidance Software Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-28] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20150814.011\IDSvia64.sys [671448 2015-06-08] (Symantec Corporation)
S3 ldblank; C:\Windows\System32\DRIVERS\ldblank.sys [20992 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R0 LDSecDrv; C:\Windows\System32\Drivers\LDSecDrv.sys [217152 2014-11-12] (LANDESK Software, Inc. and its affiliates.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2015-01-07] (Intel Corporation)
R3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [7168 2014-06-20] (LANDesk Software, Inc. and its affiliates.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150814.016\ENG64.SYS [138488 2015-06-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20150814.016\EX64.SYS [2146040 2015-06-24] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3437848 2014-12-16] (Intel Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [2599128 2014-09-12] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [32424 2015-02-06] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-18] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-04-17] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-04-17] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-04-17] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-04-17] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-04-17] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-06-10] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-04-17] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-04-17] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2015-06-10] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [92456 2014-04-17] (Symantec Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 17:45 - 2015-08-15 17:45 - 00000000 ____D C:\Users\aparekh\Desktop\FRST-OlderVersion
2015-08-12 10:35 - 2015-08-12 10:35 - 00104415 _____ C:\Users\aparekh\Downloads\Campus Hire Market Sizing & Resourcing 081115.xlsx
2015-08-12 10:35 - 2015-08-12 10:35 - 00100823 _____ C:\Users\aparekh\Downloads\Campus Hire Market Sizing & Resourcing 060815.xlsx
2015-08-12 10:29 - 2015-08-12 10:30 - 03362909 _____ C:\Users\aparekh\Downloads\CampusHire - Market Sizing and Resourcing 150812.pptx
2015-08-11 21:48 - 2015-08-11 21:48 - 00024935 _____ C:\Users\aparekh\Downloads\Sputnik Naming_BrainstormV2.xlsx
2015-08-11 21:47 - 2015-08-11 21:47 - 00238111 _____ C:\Users\aparekh\Downloads\20150427_Sputnik Naming_Homework.pptx
2015-08-11 21:45 - 2015-08-11 21:46 - 04298134 _____ C:\Users\aparekh\Downloads\Sputnik Name Recommendation_05 29 15.pptx
2015-08-10 17:14 - 2015-08-15 17:45 - 00027936 _____ C:\Users\aparekh\Desktop\FRST.txt
2015-08-10 17:14 - 2015-08-10 17:15 - 00042669 _____ C:\Users\aparekh\Desktop\Addition.txt
2015-08-10 17:13 - 2015-08-15 17:45 - 00000000 ____D C:\FRST
2015-08-10 17:10 - 2015-08-15 17:45 - 02173952 _____ (Farbar) C:\Users\aparekh\Desktop\FRST64.exe
2015-08-10 11:05 - 2015-08-10 11:05 - 05369407 _____ C:\Users\aparekh\Documents\Campus Hire Deck for Colleges.pptx
2015-08-08 02:43 - 2015-08-08 02:43 - 00017598 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e07.hdtv.x264.define.ettv.torrent
2015-08-07 15:48 - 2015-08-07 15:49 - 00000000 ____D C:\Users\aparekh\Documents\JSA on Google Play
2015-08-07 15:17 - 2015-08-07 15:20 - 04799414 _____ C:\Users\aparekh\Downloads\campushire-pitch-082015.pptx
2015-08-07 15:01 - 2015-08-07 15:02 - 04915340 _____ C:\Users\aparekh\Downloads\15.03.03_LI_JobSearch_Trigger Series-R5-welcome.psd
2015-08-06 22:34 - 2015-08-06 22:34 - 00000000 __SHD C:\Users\aparekh\Documents\cache
2015-08-06 22:33 - 2015-08-06 22:34 - 00300792 _____ (Cisco WebEx LLC) C:\Users\aparekh\Downloads\X19fbWVldGluZ3NfMzkzNDkxNTM1NV9YNDdXM0laWEVLTjNIT0ZKSlVJWEYxM1AwWl9XQlgxMV9TREpUU3dBQUFBSUItM2ZpeUVzS21Kd1ZzYw==_webex.exe
2015-08-05 21:18 - 2015-08-05 21:18 - 00105116 _____ C:\Users\aparekh\Downloads\[kat.cr]inside.out.2015.hd.ts.xvid.ac3.hq.hive.cm8.torrent
2015-08-05 10:36 - 2015-08-05 10:36 - 00097907 _____ C:\Users\aparekh\Downloads\Campus Hire Market Sizing & Resourcing 040815.xlsx
2015-08-05 10:35 - 2015-08-05 10:36 - 03361505 _____ C:\Users\aparekh\Downloads\CampusHire - Market Sizing and Resourcing 150804.pptx
2015-08-04 21:23 - 2015-08-04 21:23 - 00284384 _____ C:\Windows\Minidump\080415-10374-01.dmp
2015-08-04 14:31 - 2015-08-04 14:31 - 00147972 _____ C:\Users\aparekh\Downloads\[kat.cr]minions.2015.720p.hdts.x264.aac.cpg.torrent
2015-08-04 09:02 - 2015-08-04 09:02 - 00015823 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e06.hdtv.x264.asap.ettv.torrent
2015-08-04 09:02 - 2015-08-04 09:02 - 00015385 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e05.hdtv.x264.killers.ettv.torrent
2015-08-04 00:27 - 2015-08-04 00:27 - 00017885 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e04.hdtv.x264.killers.ettv.torrent
2015-08-03 22:37 - 2015-08-03 22:37 - 00015635 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e03.hdtv.x264.asap.ettv.torrent
2015-08-03 22:36 - 2015-08-03 22:36 - 00017925 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e02.hdtv.x264.killers.ettv.torrent
2015-08-03 18:22 - 2015-08-03 18:22 - 00026272 _____ C:\Users\aparekh\Downloads\[kat.cr]mr.robot.s01e01.hdtv.x264.proper.lol.ettv.torrent
2015-08-03 17:11 - 2015-08-03 17:11 - 00016463 _____ C:\Users\aparekh\Downloads\[kat.cr]noobsubs.shingeki.no.kyojin.attack.on.titan.ova.1.5.480p.dvd.8bit.aac.mp4.torrent
2015-08-03 16:23 - 2015-08-03 16:23 - 05463622 _____ C:\Users\aparekh\Downloads\Brand Slides For Deep Dive 2014 12 11 0730.pptx
2015-08-03 11:05 - 2015-08-04 10:39 - 00268856 _____ C:\Users\aparekh\Documents\Campus Hire Pitch Deck Inputs.pptx
2015-08-03 10:50 - 2015-08-03 10:50 - 02120728 _____ C:\Users\aparekh\Downloads\Product Review - Campus Hiring - 12 May 2015 - Pre-Readv1.0 (1).pptx
2015-08-03 10:47 - 2015-08-10 00:18 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-03 10:47 - 2015-08-03 10:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-03 10:47 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-03 10:47 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-03 10:47 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-03 10:41 - 2015-08-03 10:42 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\aparekh\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-02 22:31 - 2015-08-02 22:31 - 00026028 _____ C:\Users\aparekh\Downloads\[kat.cr]shingeki.no.kyojin.1.25.attack.on.titan.season.1.720p.torrent
2015-07-31 18:52 - 2015-07-31 18:52 - 00000000 ____D C:\Users\aparekh\Tracing
2015-07-31 18:49 - 2015-08-01 19:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-31 18:49 - 2015-07-31 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-31 18:48 - 2015-07-31 18:52 - 40660096 _____ (Skype Technologies S.A.) C:\Users\aparekh\Downloads\SkypeSetupFull (1).exe
2015-07-29 01:32 - 2015-07-30 12:44 - 00034329 _____ C:\Users\aparekh\Documents\Mash-Pilot-Colleges.xlsx
2015-07-27 11:52 - 2015-07-27 11:51 - 00273504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00175712 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00175712 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-07-27 11:51 - 2015-07-27 11:51 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-07-27 11:51 - 2015-07-27 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-27 11:51 - 2015-07-27 11:51 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-24 15:10 - 2015-07-24 15:10 - 00000000 ____D C:\Users\aparekh\AppData\Local\CEF
2015-07-24 10:42 - 2015-07-15 08:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-24 10:42 - 2015-07-15 08:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-24 10:42 - 2015-07-15 08:25 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-24 10:42 - 2015-07-15 08:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-24 10:42 - 2015-07-15 07:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-24 10:42 - 2015-07-15 07:22 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-24 10:42 - 2015-06-27 08:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-24 10:42 - 2015-06-27 08:13 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-24 10:42 - 2015-06-27 07:28 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-24 10:42 - 2015-06-27 07:09 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-24 10:41 - 2015-07-03 02:51 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-24 10:41 - 2015-07-03 02:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-24 10:41 - 2015-07-03 02:20 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-24 10:41 - 2015-07-03 02:19 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-24 10:41 - 2015-07-03 02:16 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-24 10:41 - 2015-07-03 02:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-24 10:41 - 2015-07-03 01:53 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-24 10:41 - 2015-07-03 01:49 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-24 10:41 - 2015-07-03 01:42 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-24 10:41 - 2015-07-03 01:25 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-24 10:41 - 2015-07-03 00:50 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-24 10:41 - 2015-07-03 00:29 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-24 01:30 - 2015-07-24 01:30 - 00012679 _____ C:\Users\aparekh\Downloads\[kat.cr]silicon.valley.season.2.720p.hdtv.x264.shaanig.torrent
2015-07-23 15:40 - 2015-07-23 15:40 - 00953220 _____ C:\Users\aparekh\Downloads\Dumbledore_Update.pptx
2015-07-23 11:24 - 2015-07-24 12:22 - 00621056 _____ C:\Users\aparekh\Downloads\ready-reckoner-2015.xls
2015-07-23 10:42 - 2015-06-11 23:26 - 01112576 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-23 10:42 - 2015-06-11 22:46 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-23 10:42 - 2015-06-11 22:45 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-07-23 10:42 - 2015-06-02 05:37 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-23 10:42 - 2015-06-02 05:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-23 10:41 - 2015-07-23 10:41 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-23 10:41 - 2015-06-25 23:39 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-23 10:41 - 2015-06-25 23:13 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-23 10:41 - 2015-06-21 01:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-23 10:41 - 2015-06-21 01:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-23 10:41 - 2015-06-21 01:19 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-23 10:41 - 2015-06-21 01:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-23 10:41 - 2015-06-21 01:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-23 10:41 - 2015-06-21 01:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-23 10:41 - 2015-06-21 01:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-23 10:41 - 2015-06-21 01:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-23 10:41 - 2015-06-21 01:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-23 10:41 - 2015-06-21 01:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-23 10:41 - 2015-06-21 01:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-23 10:41 - 2015-06-21 00:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-23 10:41 - 2015-06-21 00:51 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-23 10:41 - 2015-06-21 00:43 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-23 10:41 - 2015-06-21 00:38 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-23 10:41 - 2015-06-21 00:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-23 10:41 - 2015-06-21 00:35 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-23 10:41 - 2015-06-21 00:18 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-23 10:41 - 2015-06-21 00:18 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-23 10:41 - 2015-06-21 00:16 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-23 10:41 - 2015-06-21 00:16 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-23 10:41 - 2015-06-20 23:56 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-23 10:41 - 2015-06-20 23:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-23 10:41 - 2015-06-19 23:55 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-23 10:41 - 2015-06-19 23:55 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-23 10:41 - 2015-06-19 23:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-23 10:41 - 2015-06-19 23:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-23 10:41 - 2015-06-19 23:53 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-23 10:41 - 2015-06-19 23:47 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-23 10:41 - 2015-06-19 23:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-23 10:41 - 2015-06-19 23:43 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-23 10:41 - 2015-06-19 23:43 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-23 10:41 - 2015-06-19 23:33 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-23 10:41 - 2015-06-19 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-23 10:41 - 2015-06-19 23:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-23 10:41 - 2015-06-19 23:22 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-23 10:41 - 2015-06-19 23:21 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-23 10:41 - 2015-06-19 23:10 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-23 10:41 - 2015-06-19 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-23 10:41 - 2015-06-19 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-23 10:41 - 2015-06-19 22:45 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-23 10:41 - 2015-06-19 22:41 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-23 10:32 - 2015-07-23 18:37 - 00114688 _____ C:\Users\aparekh\Downloads\ready-reckoner-2014.xls
2015-07-22 15:19 - 2015-07-22 15:20 - 00242712 _____ C:\Users\aparekh\Downloads\Firefox Setup Stub 39.0.exe
2015-07-21 16:40 - 2015-07-21 16:40 - 02704896 _____ C:\Users\aparekh\Downloads\Reealty Buff 6-4-15.ppt
2015-07-16 20:45 - 2015-07-16 20:45 - 00016454 _____ C:\Users\aparekh\Downloads\[kat.cr]louie.s05e08.hdtv.x264.lol.ettv.torrent
2015-07-16 20:45 - 2015-07-16 20:45 - 00012418 _____ C:\Users\aparekh\Downloads\[kat.cr]louie.s05e07.hdtv.x264.lol.ettv.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-15 17:44 - 2015-07-10 09:48 - 00000000 ____D C:\ProgramData\Kontiki
2015-08-15 17:34 - 2015-07-04 14:22 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA.job
2015-08-15 17:21 - 2015-06-10 05:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-15 17:21 - 2015-06-10 05:09 - 03365211 _____ C:\Windows\SysWOW64\Gms.log
2015-08-15 17:14 - 2015-06-10 05:15 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-15 14:53 - 2015-06-10 05:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-15 14:49 - 2015-07-04 14:22 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core.job
2015-08-15 00:09 - 2015-07-02 11:59 - 00000000 ____D C:\Amazon Backup
2015-08-14 21:30 - 2015-06-10 04:57 - 00000000 ____D C:\ProgramData\vulScan
2015-08-14 21:28 - 2015-06-10 05:30 - 00000448 _____ C:\Windows\system32\config\netlogon.ftl
2015-08-14 13:18 - 2009-07-14 10:15 - 00019328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-14 13:18 - 2009-07-14 10:15 - 00019328 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-14 00:08 - 2009-07-14 10:21 - 00062977 _____ C:\Windows\setupact.log
2015-08-13 21:11 - 2015-06-09 13:39 - 00000000 ____D C:\ProgramData\LdSec
2015-08-13 13:40 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\NDF
2015-08-13 13:21 - 2015-06-24 12:13 - 00000000 ____D C:\Users\aparekh\Documents\Brand Naming
2015-08-12 22:57 - 2009-07-14 10:43 - 00786558 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-11 10:57 - 2015-06-10 05:16 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-11 10:57 - 2015-06-10 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-11 10:57 - 2015-06-10 05:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-09 23:46 - 2015-06-15 20:03 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Skype
2015-08-09 23:46 - 2015-06-09 13:38 - 00006372 _____ C:\Windows\SysWOW64\ldcpu.data
2015-08-09 23:45 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-09 03:51 - 2015-06-10 04:55 - 00313892 _____ C:\Windows\WindowsUpdate.log
2015-08-09 00:28 - 2015-07-04 18:58 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\uTorrent
2015-08-08 03:31 - 2015-06-15 19:57 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\vlc
2015-08-08 02:44 - 2015-07-04 19:07 - 00000000 ____D C:\PirateBooty
2015-08-07 10:36 - 2015-06-09 14:11 - 00052332 __RSH C:\ProgramData\ntuser.pol
2015-08-06 22:35 - 2015-06-25 13:59 - 00000000 ____D C:\ProgramData\WebEx
2015-08-06 22:34 - 2015-06-09 14:33 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Webex
2015-08-06 10:12 - 2015-06-09 14:06 - 00000009 _____ C:\Windows\liamowner.txt
2015-08-04 21:23 - 2015-07-15 21:31 - 830602922 _____ C:\Windows\MEMORY.DMP
2015-08-04 21:23 - 2015-07-15 21:31 - 00000000 ____D C:\Windows\Minidump
2015-08-04 14:04 - 2015-06-24 11:50 - 00000000 ____D C:\Users\aparekh\AppData\Roaming\Blue Jeans
2015-08-01 19:12 - 2015-06-16 14:07 - 00000000 ____D C:\Users\aparekh\AppData\Local\JabberWerxCPP
2015-08-01 19:12 - 2015-06-15 20:02 - 00000000 ____D C:\ProgramData\Skype
2015-07-31 18:52 - 2015-06-09 14:33 - 00000000 ____D C:\Users\aparekh
2015-07-27 20:58 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-07-24 22:58 - 2009-07-14 10:15 - 00410248 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-24 15:10 - 2015-06-15 16:43 - 00000000 ____D C:\Users\aparekh\AppData\Local\Adobe
2015-07-24 13:18 - 2015-06-10 05:30 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-23 10:43 - 2015-06-10 05:15 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-23 10:43 - 2015-06-10 05:15 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-23 10:43 - 2015-06-10 05:15 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-23 10:43 - 2012-11-17 06:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-23 10:41 - 2015-06-10 05:18 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-07-23 10:41 - 2015-06-10 05:17 - 00000000 ____D C:\ProgramData\Adobe
2015-07-16 09:12 - 2015-06-10 05:17 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:12 - 2015-06-10 05:17 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-16 00:29 - 2015-07-04 14:22 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA
2015-07-16 00:29 - 2015-07-04 14:22 - 00003498 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core
 
==================== Files in the root of some directories =======
 
2015-06-10 04:49 - 2015-06-10 04:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\aparekh\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\aparekh\AppData\Local\Temp\BSvcUpdater.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-12 11:52
 
==================== End of log ============================

 

Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:14-08-2015 01
Ran by aparekh (2015-08-15 17:45:38)
Running from C:\Users\aparekh\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
a32421 (S-1-5-21-4218860331-2946997274-1409398923-500 - Administrator - Disabled) => C:\Users\Administrator
g32421 (S-1-5-21-4218860331-2946997274-1409398923-501 - Limited - Disabled)
liadmin (S-1-5-21-4218860331-2946997274-1409398923-1001 - Administrator - Enabled)
liuser (S-1-5-21-4218860331-2946997274-1409398923-1000 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.1.6 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.1.6 - Balsamiq SRL) Hidden
bjnplugin (HKLM-x32\...\{D14784B7-700E-4B29-AAC7-60DA86D1D67D}) (Version: 2.100.95.8 - Blue Jeans)
ChromecastApp (HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{231563BB-B062-4173-8C3F-FF109BEB1C54}) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco Jabber (HKLM-x32\...\{AEE363B0-7E60-43B7-8CB9-111ED29E68CD}) (Version: 10.6.4.63238 - Cisco Systems, Inc)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
CrashPlan PROe (HKLM\...\{19C5E720-AA4F-4AF5-8AD0-EB7FF7E15D2D}) (Version: 3.6.3 - Code 42 Software)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\{32E600A5-C6F1-38A2-A8CC-B7DEF699D3F1}) (Version: 66.65.49304 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.38.1036 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Java 7 Update 85 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217085FF}) (Version: 7.0.850 - Oracle)
Kontiki ECDN Client (HKLM-x32\...\{F262A5F6-630C-4059-95C5-8CABC3031822}) (Version: 9.1.212.2 - Kontiki)
LANDESK Advance Agent (x32 Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Common Base Agent 8 (x32 Version: 9.60.0.225 - LANDesk Software, Ltd) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MDOP MBAM (HKLM\...\{1669699B-087D-4B5A-841D-78D386080A30}) (Version: 1.0.1237.1 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0.3 - Mozilla)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.01 - )
rbjnplugin (HKLM-x32\...\{7942A69A-528A-4CC3-9A0C-AB2916F3F727}) (Version: 2.100.102.8 - Blue Jeans)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7329 - Realtek Semiconductor Corp.)
SAFE Servlet (x32 Version: 7.09.06.03 - Guidance Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.103 - Synaptics Incorporated)
TUGZip 3.5 (HKLM-x32\...\TUGZip_is1) (Version:  - Christian Kindahl)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebEx Productivity Tools (HKLM-x32\...\{6883C052-5EE4-45F7-9409-F77AEA9EF1E1}) (Version: 2.29.3207 - Cisco WebEx LLC)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2812736381-1914932952-2891920474-144118_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\aparekh\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-07-2015 10:42:22 Windows Update
23-07-2015 10:42:39 Windows Update
24-07-2015 10:41:47 Windows Update
24-07-2015 10:42:12 Windows Update
24-07-2015 10:42:27 Windows Update
05-08-2015 19:09:43 Scheduled Checkpoint
14-08-2015 21:25:47 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {007D89C8-37C8-4E03-9AC6-BDDB97A142F8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
Task: {0C0CBEEA-A5F4-4C42-B50A-96D3390A4616} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-04] (Realtek Semiconductor)
Task: {1B2A847F-E4C8-48AB-AB93-A3250D1E9403} - System32\Tasks\{02ABEB50-76F9-4288-9992-B91222D38916} => Chrome.exe http://www.skype.com...LastError=12002
Task: {1C35810D-E336-4C75-84B3-D9977C8230AC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2C286D02-B8F1-4702-941A-C0098C9B2653} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-09-04] (Realtek Semiconductor)
Task: {59EBC86D-15DB-4528-9414-E2A9498AEF50} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {5EE263F3-0AFC-43C4-BAB8-78CF1894C734} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe [2014-09-26] (LANDESK Software, Inc. and its affiliates.)
Task: {6254D7CC-D3F4-4339-B4E4-DFEC61305A86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-23] (Adobe Systems Incorporated)
Task: {9DFF5355-5F88-4037-85D1-5CC857EECA74} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe [2015-07-04] (Google Inc.)
Task: {D7307673-F27D-406F-B80A-C6AA952447D1} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-09-04] (Realtek Semiconductor)
Task: {E8A39FB8-F544-4334-883A-2FD75241AB71} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-10] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118Core.job => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812736381-1914932952-2891920474-144118UA.job => C:\Users\aparekh\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-06-09 13:38 - 2014-06-20 11:52 - 00028624 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUHipsClient64.dll
2015-06-09 13:38 - 2014-10-10 17:17 - 00123904 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUENCARCHIVE.DLL
2015-06-10 05:22 - 2012-03-12 03:26 - 00086608 _____ () C:\Windows\System32\cpwmon64.dll
2014-02-20 04:55 - 2014-02-20 04:55 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2015-06-17 10:36 - 2015-06-17 10:36 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2013-09-05 13:47 - 2013-09-05 13:47 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 04:53 - 2010-10-21 04:53 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-09 13:38 - 2014-06-20 10:47 - 00232448 _____ () C:\Program Files (x86)\LANDesk\LDClient\LDdrives.exe
2015-06-09 13:38 - 2014-06-20 10:47 - 00233984 _____ () C:\Program Files (x86)\LANDesk\LDClient\LDnetwork.exe
2015-06-09 13:38 - 2014-06-20 10:47 - 00257024 _____ () C:\Program Files (x86)\LANDesk\LDClient\LDmemory.exe
2014-06-11 12:05 - 2014-06-11 12:05 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-06-10 04:57 - 2014-07-24 18:59 - 00107008 _____ () C:\Program Files (x86)\LANDesk\LDClient\RollingLog.dll
2015-06-09 13:38 - 2014-10-19 02:49 - 00164352 _____ () C:\Program Files (x86)\LANDesk\LDClient\httprequest.dll
2015-06-09 13:38 - 2014-11-13 05:02 - 00801280 _____ () C:\Program Files (x86)\LANDesk\LDClient\tmcdll.dll
2015-06-09 13:38 - 2014-06-20 09:55 - 00106567 _____ () C:\Program Files (x86)\LANDesk\LDClient\ThinstallManageApi.dll
2015-06-09 13:38 - 2014-07-25 19:36 - 00726520 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\BVDC.DLL
2015-06-09 13:38 - 2014-06-20 11:52 - 00028624 _____ () C:\Program Files (x86)\LANDesk\LDClient\HIPS\ENUHipsClient.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00271872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\JCFCoreUtils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00030720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csflogger.dll
2015-03-18 21:29 - 2015-03-18 21:29 - 01241088 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libxml2.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00101888 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\HttpDownloader.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01208832 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfnetutils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00064000 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\dnsutils.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00158208 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\htmlcxx.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00678400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wcl_dll.DLL
2015-05-22 07:25 - 2015-05-22 07:25 - 00690688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginRuntime.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00449536 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\servicesframework.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010240 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\PluginResources.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00283136 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ceb.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00560640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConfigService\ConfigService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00118784 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\SystemMonitor.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 03319296 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\SystemService\SystemService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00513024 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelemetryService\TelemetryService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00553472 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\DesktopShareService\DesktopShareService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 02718720 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\TelephonyService\TelephonyService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00892416 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypmp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00785920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxypme.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 08141824 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libpme.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00027136 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaah264codecbase.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00638976 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstreamer-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010240 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\logitech-vt3fix.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00181248 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstaudio-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00051200 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstinterfaces-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00103424 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstpbutils-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00272896 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstbase-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00049664 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\srtp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00067072 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstvideo-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00071168 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstrtp-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00037888 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstapp-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010752 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxybase.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00919552 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libcxytaf.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01954816 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libtaf.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00023040 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CDMWrapper.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00258048 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CommunicationsDeviceManager.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00232960 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\accessories_manager.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 05414400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\IMPresenceServices\IMPresenceServices.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00953856 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\csfcommunicationhistory.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00242688 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ConversationService\ConversationService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00024064 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\outlook-recordsource-sink.dll
2015-03-18 21:22 - 2015-03-18 21:22 - 00134656 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libexpatw.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00200192 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberUpgradePlugin\JabberUpgradePlugin.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00368640 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\ConversationWindowPlugin\ConversationWindowPlugin.dll
2015-05-22 07:18 - 2015-05-22 07:18 - 00044544 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceConnectorPlugin\PresenceConnectorPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00081920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ScreenCapture.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 01577984 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyPlugin\TelephonyPlugin.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00194560 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyRuntime\TelephonyRuntime.dll
2015-05-22 07:17 - 2015-05-22 07:17 - 00422400 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\TelephonyDeviceSelectionPlugin\TelephonyDeviceSelectionPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 01863168 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\VoicemailService\VoicemailService.dll
2015-05-22 07:15 - 2015-05-22 07:15 - 00544768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\PresenceAreaPlugin\PresenceAreaPlugin.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00147968 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\SoundTab\SoundTab.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00389632 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\CommunicationHistoryService\CommunicationHistoryService.dll
2015-05-22 07:16 - 2015-05-22 07:16 - 00209408 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\HuntGroupCallPickupPlugin\HuntGroupCallPickupPlugin.dll
2015-05-22 07:19 - 2015-05-22 07:19 - 01902080 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Plugins\JabberMeetingPlugin\JabberMeetingPlugin.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00347648 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\JabberMeeting.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00032768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Mat_dll.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00052224 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MExpatWrapper.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00079872 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\TriSMD.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00096768 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\apXMLMeeting.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00147968 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\Mconhelp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00399360 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingMgr.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 02606080 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\ExchangeService\ExchangeService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00218112 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstcoreelements.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00027648 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvolume.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00121856 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstcontroller-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00062464 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstaudioconvert.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00042496 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideotestsrc.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00187904 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstffmpegcolorspace.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00089600 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideoscale.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00047104 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstudp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00010240 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstnetbuffer-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00018944 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstlevel.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00180736 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtpmanager.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00273920 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtp.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00017408 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstalaw.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00014336 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstmulaw.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00043008 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwavparse.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00041472 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgstriff-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00134144 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\libgsttag-0.10-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00058880 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstvideobox.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00032256 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstliveadder.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00021504 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstrtpmux.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00043008 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstdtmf.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00056320 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwinks.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00034304 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\gstreamer-0.10\libgstwinscreencap.dll
2015-04-15 06:12 - 2015-04-15 06:12 - 00325632 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\liboil-0.3-0.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00592384 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\services\MediaDeviceService\MediaDeviceService.dll
2015-05-22 07:25 - 2015-05-22 07:25 - 00333312 _____ () C:\Program Files (x86)\Cisco Systems\Cisco Jabber\ConOI.dll
2015-01-07 04:10 - 2015-01-07 04:10 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-09-05 13:44 - 2013-09-05 13:44 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-09-05 13:44 - 2013-09-05 13:44 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-21 05:15 - 2010-10-21 05:15 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-08-05 22:31 - 2015-07-31 11:49 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libglesv2.dll
2015-08-05 22:31 - 2015-07-31 11:49 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2812736381-1914932952-2891920474-144118\Control Panel\Desktop\\Wallpaper -> C:\Users\aparekh\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{E44FEE45-5E29-484F-B362-B8562E820C60}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{96329B16-C23B-43C1-86BF-F3AFA08133D1}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{446C306F-D27E-43A9-87BD-2841AC7F7060}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{3DFB3B4D-B00E-40D4-9943-28A43FB4A311}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{2BD035A7-21EF-4311-9271-EBFD8BB6C901}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{C77E8882-6654-45AE-9568-8D5DAB32ADC6}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{62166C94-5485-4210-A52E-D95156F2E760}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{3E69B55F-9424-4E8A-9252-DC655C3AB321}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{5EDA954C-7CEE-42E1-923C-5796BE1F5E07}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9BD9D82-68F1-4F72-A443-086673D94274}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2EE7A5AC-CBA9-4BC3-BB2F-AB464A6B35CA}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{4E51CEF8-A2C0-4E4A-9601-80D6F7252176}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
FirewallRules: [{F38788DB-F656-49B7-9BE9-73891CA82288}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{15FF8F12-E9C3-4E2C-9B3E-775E1AC1D3AC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe
FirewallRules: [{7B870B03-F185-4A66-A216-D71C441E2D2B}] => (Allow) C:\Windows\system32\enstart64.exe
FirewallRules: [{0E049A19-CA28-47BF-B59F-618BB09D23B1}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{1B2EBDDD-866D-4F2C-97B2-4608AF7A2F8C}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{3BEB88BD-8CB2-4A72-A2CE-ADB0BA7101E2}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{F3D6F7B6-D450-45FF-A0A3-764126600F49}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe
FirewallRules: [{134D446A-ED9A-4A54-9FF0-B3182352A2B0}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{1F793204-A054-4F42-821D-307413B788C1}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{87780F83-249A-4086-97AA-D4E370BFB321}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{9BD31361-F07F-422D-9935-E024242D3895}] => (Allow) C:\Windows\SysWOW64\msgsys.exe
FirewallRules: [{C82F775D-D332-4AE4-8EAB-B726B87A5767}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{280F0F9E-84FA-4244-8F15-B6116375DB0E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{1CB84E39-30A1-4102-8F32-7A70E13D9F26}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{8A8258B2-BABD-44D5-B425-280F222B76FF}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
FirewallRules: [{1BE9B8A0-FB24-4C8E-BCF9-5135AC68CEF3}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{2904E5B7-CC1C-4516-A4F7-C319EBE62228}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{A7A46BF4-5605-49FF-B884-B0CAA25D050B}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{E55BAB79-6305-4F58-91D5-743FD1B70904}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{8642B917-0190-4504-9680-18A5AE9E71B7}] => (Allow) C:\PROGRA~2\LANDesk\LDClient\issuser.exe
FirewallRules: [{EE7C3E5C-E0C0-4BF6-B73F-8B1ACE34304E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
FirewallRules: [{0DF91739-0D3A-416D-9CF9-7D0FFA552530}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
FirewallRules: [{FAB6565F-B027-440E-82B7-E9AEB5AA2DDC}] => (Allow) C:\Windows\system32\CBA\pds.exe
FirewallRules: [{31CE62CB-1EC7-4015-8127-FD1AE76A9574}] => (Allow) %windir%\system32\msgsys.exe
FirewallRules: [{3B1000FB-BB1B-4243-8D98-0A543AFC97B8}] => (Allow) LPort=137
FirewallRules: [{B806E054-B05D-4613-87BB-1DA0051E816D}] => (Allow) LPort=138
FirewallRules: [{D73138B4-F341-42DA-9D36-6036B1E09C48}] => (Allow) LPort=139
FirewallRules: [{88946477-01EF-4B7D-968D-061864D3FC99}] => (Allow) LPort=445
FirewallRules: [{6AAA436E-9C94-4FFB-9C33-A1A60F384059}] => (Allow) LPort=67
FirewallRules: [{D37CA42E-7FB4-41D2-94FB-56256CADE22E}] => (Allow) LPort=67
FirewallRules: [{78CAD8AC-23BB-45C7-B38E-52C8FE9B18FB}] => (Allow) LPort=9535
FirewallRules: [{8A228E79-83F9-4D23-80F3-AF62CE28C088}] => (Allow) LPort=9535
FirewallRules: [{B3A386DA-7248-4951-881D-1F4938FB93B2}] => (Allow) LPort=4343
FirewallRules: [{6C871479-5A48-4FC6-B8FA-EFB7561C0DB0}] => (Allow) LPort=4343
FirewallRules: [{647E6971-64A0-4E5A-B210-17C312ECD85C}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe
FirewallRules: [{89C1C848-F132-41F8-82E9-972614B111CF}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wbxcOIEx.exe
FirewallRules: [{DED9198C-C8D1-46F3-BA5B-14D73148FC59}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\wbxcOIEx64.exe
FirewallRules: [{006A93DF-6DE5-4EF4-9525-C615116CACA5}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{49EC0EC4-16A2-42F1-AF42-B16BF9A4B3C9}] => (Allow) C:\Program Files\CrashPlan\CrashPlanService.exe
FirewallRules: [{BD736BA0-25F8-448A-940B-F081CAF4C0BC}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27447CFE-DEB7-4660-84D5-8105EFD594E4}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E85316BF-3DF6-4387-835B-14A6A3D9B778}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFE8C7DC-4FED-4CC2-A8DB-442BB7592426}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4E6E85F9-3A82-4A3E-A52E-02BD7CA8E7EF}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E1D2610C-186A-49C8-B0E4-EE87CB5E15A6}] => (Allow) C:\Users\aparekh\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{60B3313C-9A44-4A5F-B35A-588AA53E63D6}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{D9E951C6-2926-4F8B-BD7E-6D88BE3609C5}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{6B44A640-DEF7-422A-B500-20BF30540438}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{4710EB3B-FBE3-49E9-A821-A608EFE74A98}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe
FirewallRules: [{C13C15A2-CD02-4634-AA33-690062ADFA6F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{70D041E5-D808-4FA5-8049-43A37A549A99}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{7FA316A5-C898-4754-93B9-7D1F2B149395}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{52A1F279-2197-4D38-A999-F44BBA4993BD}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{BB0F455C-5684-42AA-ACA8-CDD4901665DB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{7358A5B5-03C8-41E6-8B56-3913575D57F7}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{33E3E52E-FF6A-41D8-9119-A559FA4FCD96}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
FirewallRules: [{339CD3E0-F2E2-485C-AA35-BB6D22E9738B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2015 05:44:24 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\aparekh\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/15/2015 05:22:11 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/15/2015 03:12:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/15/2015 02:50:28 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/15/2015 02:40:15 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32: Failed to resolve the Host Name.
 
Error: (08/14/2015 11:38:15 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/14/2015 09:56:12 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/14/2015 09:26:15 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/14/2015 06:40:25 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
Error: (08/14/2015 06:30:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32: The inventory server NSG7-LDESK02.linkedin.biz did not respond.
 
 
System errors:
=============
Error: (08/15/2015 02:40:15 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (08/15/2015 02:40:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
 
Error: (08/15/2015 02:39:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SepMasterService service.
 
Error: (08/15/2015 02:39:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (08/15/2015 02:38:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
 
Error: (08/15/2015 02:38:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (08/14/2015 11:28:40 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: LINKEDIN)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/14/2015 11:28:12 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/14/2015 09:29:30 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1030) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
 
Error: (08/14/2015 06:29:59 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain LINKEDIN due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office:
=========================
Error: (08/15/2015 05:44:24 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\aparekh\Downloads\FRST64.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (08/15/2015 05:22:11 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/15/2015 03:12:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/15/2015 02:50:28 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/15/2015 02:40:15 PM) (Source: Inventory Scanner) (EventID: 25) (User: )
Description: ldiscn32
 
Error: (08/14/2015 11:38:15 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/14/2015 09:56:12 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/14/2015 09:26:15 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/14/2015 06:40:25 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
Error: (08/14/2015 06:30:35 PM) (Source: Inventory Scanner) (EventID: 14) (User: )
Description: ldiscn32NSG7-LDESK02.linkedin.biz
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 47%
Total physical RAM: 7872.26 MB
Available physical RAM: 4144 MB
Total Virtual: 15742.71 MB
Available Virtual: 11838.39 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:238.38 GB) (Free:131.47 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3C2C7561)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)
 
==================== End of log ============================

  • 0

#9
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

But this is my work laptop - so it was probably created by the company. I work with LinkedIn and the users liadmin and liuser seem to be connected to linkedin-admin and linkedin-user. Not sure of the others - but I suspect that they may also be related to work - can ask the tech guys at work maybe.

So you're saying this is a work computer. I have to know if you're absolutely sure that I'm allowed to do anything on this system. Please make sure that you ask people responsible if they mind me helping you dealing with this problem.
  • 0

#10
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Good point. I realized that myself the moment I posted that last reply. Will need to check with office tech to ensure that I'm not breaking any privacy and security rules here. Will need till Monday to do that. Let me revert. Thanks Nevan.
  • 0

Advertisements


#11
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Alright, take your time. I'll be waiting :)
  • 0

#12
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
So, what's the decision? Can we proceed?
  • 0

#13
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Hey Nevan. My apologies for the delay in response - I was waiting for them to respond. So I've been asked to halt and let the tech guys at office handle this. I can use my personal computer/laptop to disinfect my network - but definitely not the office laptop. So, can I use my other (personal) laptop to download the same software, run the tests and proceed with this? Let me know what you think. 


  • 0

#14
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, achint.

Well, most likely every computer that was connected to that old router has been infected.

As long as you want to clean your own laptop that doesn't have anyone that's looking after it (tech guys, etc.), then we're free to go.

So, if you wish to clean your own machine, use my previous instructions about FRST scan and bring me FRST.txt and Addition.txt from that computer :)
  • 0

#15
achint

achint

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Sounds good Nevan. I'll share the details by tomorrow morning.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP