Jump to content

jhardwood

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. jhardwood
    MBAM ran clean. Here is the log. During the run, the Phoenix.exe showed up again.: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.13.04 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16721jhayward :: PCLIS2 [administrator] Protection: Enabled 11/13/2013 8:35:30 AMmbam-log-2013-11-13 (08-35-30).txt Scan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 804802Time elapsed: 8 hour(s), 21 minute(s), 17 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  2. jhardwood
    Here is result from FRST Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01Ran by jhayward at 2013-11-12 14:52:41 Run:1Running from C:\Users\jhayward.LPANDT\Desktop\Antivirus_MalwareBoot Mode: Normal ============================================== Content of fixlist:*****************HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess? C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.jsC:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.jsC:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x8***************** HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.js => Moved successfully.C:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.js => Moved successfully."C:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x8" => File/Directory not found. ==== End of Fixlog ====
  3. jhardwood
    File uploaded. Please take a look and advise...
  4. jhardwood
    Psychotic, Ok, with the Phoenix.exe error appearing, and without deleting the file, have run a new FRST... here is the output: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01Ran by jhayward (administrator) on PCLIS2 on 10-11-2013 18:20:01Running from C:\Users\jhayward.LPANDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BPU00H4Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Webroot) C:\Program Files\Webroot\WRSA.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(SMSC) C:\Program Files\SGFX\sgfxmgr.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Alereon) C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Cisco WebEx LLC) C:\Windows\system32\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Wisair Ltd.) C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE() C:\Program Files\ShrewSoft\VPN Client\iked.exe() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe() C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe() C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe() C:\Program Files\zFTPServer\zFTPServer.exe(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Wisair Ltd.) C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe() C:\Program Files\SGFX\SgfxConfig.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe(Alereon) C:\Program Files\Warpia\UWB Wireless\WusbLite.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE() C:\ProgramData\Rpcnet\Bin\rpccm.exe() C:\ProgramData\Rpcnet\Bin\rpcld.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Absolute Software Corp.) C:\Windows\system32\tahost.exe(Novatel Wireless Inc.) C:\Windows\system32\Phoenix.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5249024 2010-02-02] (Dell Inc.)HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [DellBtrEvent] - D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe [147456 2010-05-04] (DeviceVM, Inc.)HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)HKLM\...\Run: [MimBoot] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [8192 2006-11-07] (Musicmatch, Inc.)HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4355464 2009-06-22] (Acronis)HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960568 2009-06-22] (Acronis)HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377248 2009-06-22] (Acronis)HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] ()HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)HKLM\...\Run: [WirelessUSBManager] - C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe [2968400 2011-03-27] (Wisair Ltd.)HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [756776 2013-11-07] (Webroot)HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-11] ()HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)HKLM\...\Run: [] - [x]HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)HKLM\...\Run: [sgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [1536104 2012-06-19] ()HKLM\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)HKLM\...\Run: [barracuda Malware Removal Tool (reboot)] - C:\Program Files\Barracuda\Barracuda Malware Removal Tool\bmrt.exe [857480 2010-05-26] (Barracuda Networks)HKLM\...\Run: [DameWare MRC Agent] - C:\Windows\dwrcs\DWRCST.EXE [277456 2011-12-12] (SolarWinds)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exeHKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exeHKCU\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)HKCU\...\Run: [Google Update] - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18633888 2013-10-10] (Microsoft Corporation)HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [5717272 2013-11-07] (SUPERAntiSpyware)HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKCU\...\Policies\system: [DisableCMD] 0HKCU\...\Policies\system: [NoDispAppearancePage] 0HKCU\...\Policies\system: [NoDispBackgroundPage] 0HKCU\...\Policies\system: [NoDispSettingsPage] 0HKCU\...\Policies\Explorer: [NoFolderOptions] 0HKCU\...\Policies\Explorer: [NoViewOnDrive] 0HKCU\...\Policies\Explorer: [NoControlPanel] 0HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKCU\...\Policies\Explorer: [NoViewContextMenu] 0HKCU\...\Policies\Explorer: [NoShellSearchButton] 0HKCU\...\Policies\Explorer: [NoFind] 0HKCU\...\Policies\Explorer: [NoFile] 0HKCU\...\Policies\Explorer: [HideClock] 0HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKCU\...\Policies\Explorer: [NoSetFolders] 0HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0HKCU\...\Policies\Explorer: [NoSetTaskbar] 0HKCU\...\Policies\Explorer: [NoDeletePrinter] 0HKCU\...\Policies\Explorer: [NoDFSTab] 0HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0HKCU\...\Policies\Explorer: [NoLogoff] 0HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKCU\...\Policies\Explorer: [NoResolveSearch] 0HKCU\...\Policies\Explorer: [NoSaveSettings] 0HKCU\...\Policies\Explorer: [NoHardwareTab] 0HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0MountPoints2: {0c137186-3ffe-11e2-8674-c0cb38353b98} - F:\LaunchU3.exe -aMountPoints2: {3cc7b2ee-aefe-11e1-baf8-00a0c6000000} - F:\TL-Bootstrap.exeMountPoints2: {4cfd604f-bc62-11e1-9cb2-5c260a2dbd42} - I:\MotoCastSetup.exe -aMountPoints2: {9c99fff4-e8bb-11e1-b6c4-00059a3c7800} - F:\MotoCastSetup.exe -aMountPoints2: {b720afb3-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exeMountPoints2: {b720b31d-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exeMountPoints2: {bdaf5659-93bf-11e0-9991-00a0c6000000} - F:\TL-Bootstrap.exeMountPoints2: {de336a81-894d-11e1-9682-00a0c6000000} - F:\setup.exe -aStartup: C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnkShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 172.20.0.21:8080HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://lpt.sharepoint.com/teams/LPTDEPT/IT/_layouts/15/start.aspx#/SitePages/Home.aspxSearchScopes: HKLM - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKCU - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = SearchScopes: HKCU - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileToolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CABDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.logging.cabDPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} https://fileservice.emc.com/XFile/SAXFileEE.cabDPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://lvserv10:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CABDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.ericom.com/dana-cached/sc/JuniperSetupClient.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: 127.0.0.1 102.112.207.netTcpip\..\Interfaces\{6A2B8B82-FF68-4575-9984-7A609318F9D4}: [NameServer]198.224.186.135 198.224.187.135Tcpip\..\Interfaces\{7676EF64-FF29-4768-9E70-B407B1F02E15}: [NameServer]172.20.20.16,172.20.20.17Tcpip\..\Interfaces\{98C436D4-2943-4F4D-9A57-F9B19E92EA90}: [NameServer]172.20.20.16,172.20.20.17 FireFox:========FF ProfilePath: C:\Users\jhayward.LPANDT\AppData\Roaming\Mozilla\Firefox\Profiles\9ougtvei.defaultFF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @vmware.com/client-support,version=5.1.0.00000 - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)FF Plugin: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xmlFF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)CHR Plugin: (VMware Remote Console Plug-in) - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (VMware Client Support Plug-in) - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (Google Update) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0CHR Extension: (New Tab Redirect!) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0CHR Extension: (Google Wallet) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-06-22] (Acronis)R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()R2 aluwbservice; C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe [12288 2012-09-20] (Alereon)R2 atashost; C:\Windows\system32\atashost.exe [116536 2011-01-21] (Cisco WebEx LLC)R2 CableAssociation; C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe [1113416 2010-12-08] (Wisair Ltd.)R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [588752 2011-12-12] (SolarWinds)S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()R2 ManageEngine AssetExplorer Agent; C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2013-09-05] ()S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2013-09-05] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-22] (Microsoft Corporation)S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()R2 NWHelper; C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [215552 2010-06-03] (Novatel Wireless Inc.)R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-06] (Microsoft Corporation)R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)R2 QDLService2kDell; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe [329976 2009-11-23] (QUALCOMM, Inc.)S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)R2 RPCNET; C:\Windows\system32\rpcnet.exe [69792 2013-09-11] (Absolute Software Corp.)S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [4247552 2012-06-20] (SMSC)S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [672408 2012-07-06] (VMware, Inc.)R2 VZWConfigService; C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe [139776 2011-02-11] (Novatel Wireless Inc.)R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [756776 2013-11-07] (Webroot)R2 zFTPSvc; C:\Program Files\zFTPServer\zFTPServer.exe [3424768 2010-10-20] ()R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"R2 Rpccm; C:\ProgramData\Rpcnet\Bin\rpccm.exe [x]R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]S3 WRRmtInstSvc; WRRmtInstSvc.exe /service [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)S3 al56xxpt; C:\Windows\System32\Drivers\al56xxpt.sys [25088 2012-09-13] (Alereon Inc.)S3 ALDWA; C:\Windows\System32\DRIVERS\ALDWA.SYS [157056 2012-09-13] (Alereon, Inc.)S3 ALHWA; C:\Windows\System32\DRIVERS\ALHWA.SYS [195200 2012-09-13] (Alereon, Inc.)S3 ALURCU; C:\Windows\System32\DRIVERS\ALURCU.SYS [91520 2012-09-13] (Alereon, Inc.)R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2010-01-11] (Broadcom Corporation.)S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2012-03-12] (http://libusb-win32.sourceforge.net)S3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [50816 2010-07-21] ()R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [94848 2012-09-21] (Citrix Systems, Inc.)R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)S3 DWA; C:\Windows\System32\DRIVERS\WSR_DWA.SYS [516096 2010-11-18] ()R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [38296 2012-07-06] (VMware, Inc.)S3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [900096 2010-11-18] ()S3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [147968 2010-11-18] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [243712 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)R3 qcfilterdl2k; C:\Windows\System32\DRIVERS\qcfilterdl2k.sys [5248 2009-12-02] (QUALCOMM Incorporated)R3 qcusbnetdl2k; C:\Windows\System32\DRIVERS\qcusbnetdl2k.sys [201728 2009-12-02] (QUALCOMM Incorporated)R3 qcusbserdl2k; C:\Windows\System32\DRIVERS\qcusbserdl2k.sys [106368 2009-12-02] (QUALCOMM Incorporated)R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()R4 sgfxk; C:\Windows\System32\drivers\sgfxk32.sys [113256 2012-07-03] (SMSC)R0 sgfxl; C:\Windows\System32\drivers\sgfxl32.sys [13928 2012-07-03] (SMSC)R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [902592 2011-01-06] (Acronis)R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-01-06] (Acronis)S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2013-11-07] (Webroot)S3 WSR_USF; C:\Windows\System32\Drivers\WSR_USF.sys [46720 2010-11-01] ()S3 cmvad; system32\drivers\cmudaxv.sys [x]U3 ETD; S0 ssfs0bbc; SYSTEM32\Drivers\SSFS0BBC.SYS [x]S0 sshrmd; SYSTEM32\Drivers\SSHRMD.SYS [x]S0 ssidrv; SYSTEM32\Drivers\SSIDRV.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-10 11:49 - 2012-06-04 10:27 - 00581711 ____H (Novatel Wireless Inc.) C:\Windows\system32\Phoenix.exe2013-11-10 11:49 - 2012-06-04 10:27 - 00221112 ____H (Absolute Software Corp.) C:\Windows\system32\txntph.dll2013-11-10 11:49 - 2012-06-04 10:27 - 00200789 ____H (Novatel Wireless, Inc.) C:\Windows\system32\SMSCodec.dll2013-11-10 11:49 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\ntphprxy.dll2013-11-10 11:49 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\d5720pxy.dll2013-11-10 11:49 - 2012-06-04 10:25 - 00120760 ____H (Absolute Software Corp.) C:\Windows\system32\tahost.exe2013-11-08 09:26 - 2013-11-07 14:42 - 00307310 _____ C:\Users\jhayward.LPANDT\Desktop\2013_11_08_EmployeeInformationalMeeting.pptx2013-11-06 13:03 - 2013-11-06 13:03 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\Antivirus_Malware2013-11-06 11:46 - 2013-11-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-11-06 11:46 - 2013-11-07 09:32 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-11-06 11:45 - 2013-11-07 10:51 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\mbar2013-11-06 11:45 - 2013-11-07 08:57 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-11-06 11:44 - 2013-11-06 11:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\jhayward.LPANDT\Downloads\mbar-1.07.0.1007.exe2013-11-06 11:39 - 2013-11-06 11:39 - 00068406 _____ C:\Users\jhayward.LPANDT\Downloads\FRST.txt2013-11-06 11:38 - 2013-11-06 11:39 - 00042104 _____ C:\Users\jhayward.LPANDT\Downloads\Addition.txt2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey (1).xlsx2013-10-25 14:25 - 2013-10-25 14:26 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey.xlsx2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn2013-10-22 08:01 - 2013-10-22 08:02 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe2013-10-19 09:54 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip2013-10-18 16:51 - 2013-10-18 16:52 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab2013-10-17 13:17 - 2013-10-17 13:22 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job2013-10-11 14:41 - 2013-11-08 08:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda2013-10-11 13:58 - 2010-05-26 18:30 - 00038352 _____ (Barracuda Networks) C:\Windows\system32\Drivers\bmrtswissarmy.sys2013-10-11 13:56 - 2013-10-11 13:57 - 06051128 _____ (Barracuda Networks ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe ==================== One Month Modified Files and Folders ======= 2013-11-10 18:21 - 2011-01-07 08:44 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Outlook Files2013-11-10 18:20 - 2012-04-13 14:54 - 00000000 ____D C:\ProgramData\WRData2013-11-10 17:43 - 2012-06-20 07:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-11-10 16:30 - 2011-01-05 12:20 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl2013-11-10 11:48 - 2013-09-11 12:45 - 00000138 __RSH C:\ProgramData\3002.xml2013-11-10 08:10 - 2009-07-13 23:55 - 01146124 _____ C:\Windows\WindowsUpdate.log2013-11-10 02:00 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Adobe2013-11-08 19:33 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-08 19:33 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-08 19:26 - 2013-09-12 19:52 - 00017920 _____ C:\Windows\system32\rpcnetp.exe2013-11-08 19:26 - 2013-09-11 12:19 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll2013-11-08 19:26 - 2011-01-05 13:35 - 00000000 _____ C:\Users\jhayward.LPANDT\AppData\Local\WavXMapDrive.bat2013-11-08 19:26 - 2010-12-28 19:34 - 00000000 ____D C:\ProgramData\Sonic2013-11-08 19:25 - 2012-10-11 05:19 - 00054260 _____ C:\Windows\setupact.log2013-11-08 19:25 - 2010-12-28 19:49 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-08 19:25 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-11-08 17:55 - 2011-01-05 20:01 - 00002038 ____H C:\Users\jhayward.LPANDT\Documents\Default.rdp2013-11-08 16:36 - 2010-12-28 19:12 - 00916598 _____ C:\Windows\system32\PerfStringBackup.INI2013-11-08 12:39 - 2011-01-06 10:52 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewHomeToBeFiled2013-11-08 08:30 - 2013-10-11 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-11-07 14:42 - 2013-11-08 09:26 - 00307310 _____ C:\Users\jhayward.LPANDT\Desktop\2013_11_08_EmployeeInformationalMeeting.pptx2013-11-07 10:51 - 2013-11-06 11:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2013-11-07 10:51 - 2013-11-06 11:45 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\mbar2013-11-07 10:01 - 2012-04-13 14:54 - 00154248 _____ (Webroot) C:\Windows\system32\WRusr.dll2013-11-07 10:01 - 2012-04-13 14:54 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys2013-11-07 09:32 - 2013-11-06 11:46 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2013-11-07 08:57 - 2013-11-06 11:45 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2013-11-06 14:12 - 2011-01-05 13:59 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Microsoft Help2013-11-06 13:03 - 2013-11-06 13:03 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\Antivirus_Malware2013-11-06 13:02 - 2012-09-19 08:30 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics2013-11-06 13:02 - 2009-07-13 21:37 - 00000000 _SHDC C:\Windows\$NtUninstallKB3047$2013-11-06 11:45 - 2013-11-06 11:44 - 12576792 _____ (Malwarebytes Corp.) C:\Users\jhayward.LPANDT\Downloads\mbar-1.07.0.1007.exe2013-11-06 11:39 - 2013-11-06 11:39 - 00068406 _____ C:\Users\jhayward.LPANDT\Downloads\FRST.txt2013-11-06 11:39 - 2013-11-06 11:38 - 00042104 _____ C:\Users\jhayward.LPANDT\Downloads\Addition.txt2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Adobe2013-11-04 15:59 - 2011-01-05 14:53 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\SQL Server Management Studio2013-11-04 14:23 - 2011-01-06 11:34 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\DameWare Development2013-11-04 06:52 - 2013-01-22 17:19 - 00000064 _____ C:\dvmaccounts.ini2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled2013-11-01 07:16 - 2011-01-05 13:35 - 00004524 __RSH C:\Users\jhayward.LPANDT\ntuser.pol2013-11-01 07:16 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT2013-10-26 14:43 - 2011-01-06 11:40 - 00000000 ____D C:\tunes2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey (1).xlsx2013-10-25 14:26 - 2013-10-25 14:25 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey.xlsx2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv2013-10-23 19:38 - 2012-10-19 17:10 - 00147938 _____ C:\Windows\PFRO.log2013-10-23 16:30 - 2011-01-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-23 11:43 - 2011-01-06 11:55 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\VMware2013-10-23 08:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-10-22 15:23 - 2013-02-14 14:18 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\PHD Virtual Backup2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn2013-10-22 08:02 - 2013-10-22 08:01 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe2013-10-22 08:02 - 2011-09-01 12:44 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\join.me2013-10-18 17:51 - 2011-06-03 07:05 - 00002378 _____ C:\Users\jhayward.LPANDT\Desktop\Google Chrome.lnk2013-10-18 17:31 - 2011-01-05 18:39 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\PS2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility2013-10-18 17:27 - 2013-10-18 17:23 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip2013-10-18 16:52 - 2013-10-18 16:51 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab2013-10-17 13:22 - 2013-10-17 13:17 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website2013-10-16 15:10 - 2011-01-05 22:20 - 00000000 ___RD C:\Users\jhayward.LPANDT\Virtual Machines2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job2013-10-12 10:10 - 2012-01-06 18:10 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Home2013-10-11 20:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF2013-10-11 17:25 - 2013-06-05 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 152013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-11 14:29 - 2011-11-21 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda2013-10-11 13:57 - 2013-10-11 13:56 - 06051128 _____ (Barracuda Networks ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe2013-10-11 12:59 - 2011-05-06 06:36 - 00000000 ____D C:\MIS2013-10-11 06:54 - 2009-07-13 23:33 - 00591688 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-11 06:50 - 2010-12-28 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight Files to move or delete:====================C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.jsC:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.jsC:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP:====================C:\Users\jhayward\AppData\Local\Temp\MSNADCE.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\AskSLib.dllC:\Users\jhayward.LPANDT\AppData\Local\Temp\DelayInst.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\installservice.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsi.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsiw.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0228.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\NV_Meet_Participant.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\OfficeSetup.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\Setup.X86.en-us_O365ProPlusRetail_cebd1216-2c98-4abe-bb52-84c4a602a06d_TX_PR_.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\vpnclient_setup.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\WRupdate452106.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\_is3B0C.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-10 00:47 ==================== End Of Log ============================
  5. jhardwood
    Good news is the second mbar run found no malware (see log below). The bad news is that while it was running, I had the phoenix.exe popup again...so it would appear that the problem is not resolved. Malwarebytes Anti-Rootkit BETA 1.07.0.1007www.malwarebytes.org Database version: v2013.11.07.04 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16721jhayward :: PCLIS2 [administrator] 11/7/2013 9:32:28 AMmbar-log-2013-11-07 (09-32-28).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 359019Time elapsed: 1 hour(s), 11 minute(s), 56 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
  6. jhardwood
    MBAR log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1007 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Non-administrative Internet Explorer version: 10.0.9200.16721 Java version: 1.6.0_24 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 1.729000 GHzMemory total: 3478999040, free: 926691328 Downloaded database version: v2013.11.06.07Downloaded database version: v2013.10.11.02=======================================Initializing...------------ Kernel report ------------ 11/06/2013 11:46:33------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\pcmcia.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\vmbus.sys\SystemRoot\system32\drivers\winhv.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\drivers\WRkrn.sys\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\System32\drivers\NETIO.SYS\SystemRoot\System32\drivers\NDIS.SYS\SystemRoot\System32\drivers\TDI.SYS\SystemRoot\System32\Drivers\PxHelp20.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\timntr.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\stdfltn.sys\SystemRoot\system32\DRIVERS\tdrpm228.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\snapman.sys\SystemRoot\system32\drivers\sgfxl32.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\PBADRV.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\dlkmdldr.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\dwvkbd.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\vpcnfltr.sys\SystemRoot\system32\DRIVERS\vfilter.sys\SystemRoot\system32\DRIVERS\dnelwf.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\vpcvmm.sys\SystemRoot\system32\drivers\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\??\D:\Program Files\Dell\Reader 2.1\dvmio.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ctxusbm.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\system32\drivers\sgfxk32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\dlkmd.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\e1k6232.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\bcmwl6.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\risdpe86.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\parport.sys\SystemRoot\system32\DRIVERS\Apfiltr.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\Accelern.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\DamewareMini.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\vpcusb.sys\SystemRoot\system32\DRIVERS\usbrpm.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\vpchbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda32v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\stwrt.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\CtClsFlt.sys\SystemRoot\system32\DRIVERS\dc3d.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\Drivers\cvusbdrv.sys\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\DRIVERS\point32.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\WavxDMgr.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\tifsfilt.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WinUSB.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\SystemRoot\System32\DRIVERS\scfilter.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\??\C:\Windows\system32\drivers\hcmon.sys\SystemRoot\system32\DRIVERS\parvdm.sys\??\C:\Windows\system32\Drivers\CVPNDRVA.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\system32\DRIVERS\qcfilterdl2k.sys\SystemRoot\system32\DRIVERS\qcusbnetdl2k.sys\SystemRoot\system32\DRIVERS\qcusbserdl2k.sys\SystemRoot\system32\drivers\modem.sys\??\C:\Windows\system32\Drivers\SBKUPNT.SYS\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\drivers\BCM42RLY.sys\SystemRoot\System32\drivers\rdpdr.sys\SystemRoot\system32\drivers\tdtcp.sys\SystemRoot\System32\DRIVERS\tssecsrv.sys\SystemRoot\System32\Drivers\RDPWD.SYS\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\shlwapi.dll\Windows\System32\imagehlp.dll\Windows\System32\lpk.dll\Windows\System32\ws2_32.dll\Windows\System32\msctf.dll\Windows\System32\user32.dll\Windows\System32\comdlg32.dll\Windows\System32\advapi32.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\normaliz.dll\Windows\System32\Wldap32.dll\Windows\System32\iertutil.dll\Windows\System32\oleaut32.dll\Windows\System32\nsi.dll\Windows\System32\psapi.dll\Windows\System32\wininet.dll\Windows\System32\msvcrt.dll\Windows\System32\clbcatq.dll\Windows\System32\kernel32.dll\Windows\System32\urlmon.dll\Windows\System32\rpcrt4.dll\Windows\System32\gdi32.dll\Windows\System32\usp10.dll\Windows\System32\ole32.dll\Windows\System32\sechost.dll\Windows\System32\imm32.dll\Windows\System32\difxapi.dll\Windows\System32\KernelBase.dll\Windows\System32\wintrust.dll\Windows\System32\comctl32.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\cfgmgr32.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff88c9b9c8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xffffffff870a6028Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff88c9b9c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff891a7c70, DeviceName: Unknown, DriverName: \Driver\WRkrn\DevicePointer: 0xffffffff88c9dcf8, DeviceName: Unknown, DriverName: \Driver\tdrpman228\DevicePointer: 0xffffffff88c9c950, DeviceName: Unknown, DriverName: \Driver\snapman\DevicePointer: 0xffffffff88c9cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff88c9b760, DeviceName: Unknown, DriverName: \Driver\tdrpman228\DevicePointer: 0xffffffff88c9b9c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff88c9b020, DeviceName: Unknown, DriverName: \Driver\stdflt\DevicePointer: 0xffffffff870fdcb0, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff870a6028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 77E3ED41 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 81920 Numsec = 25686016 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 25767936 Numsec = 946804736 Partition 3 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 972572672 Numsec = 4198400 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...Done!Infected: c:\windows\$ntuninstallkb3047$\2502619694 --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb3047$\3214718075 --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb3047$\3214718075\l --> [backdoor.0Access]Infected: c:\windows\$ntuninstallkb3047$\3214718075\u --> [backdoor.0Access]Scan finished
  7. jhardwood
    Here is the Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013Ran by jhayward at 2013-11-06 11:38:54Running from C:\Users\jhayward.LPANDT\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Webroot SecureAnywhere (Enabled - Up to date) {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Webroot SecureAnywhere (Enabled - Up to date) {27678718-4A47-3119-06F0-3719487B3EBC} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components Installer (Version: 8.1.1)4Site7-Zip 9.20AccelerometerP11 (Version: 2.00.00.12)Acronis True Image Home (Version: 12.0.9796)Adobe Acrobat XI Standard (Version: 11.0.05)Adobe AIR (Version: 1.5.3.9120)Adobe Community Help (Version: 3.0.0)Adobe Community Help (Version: 3.0.0.400)Adobe Connect 9 Add-in (HKCU Version: 11,2,247,0)Adobe Contribute CS5 (Version: 6)Adobe Download Assistant (Version: 1.2.3)Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)Adobe Help Center 2.0 (Version: 2.0.0)Adobe Media Player (Version: 1.8)Adobe Photoshop Elements 4.0 (Version: 4.0)Adobe Premiere Elements 10 (Version: 10.0)Adobe Premiere Elements 10 Content (Version: 10.0)Adobe Premiere Elements 10 Content 1 (Version: 10.0)Adobe Premiere Elements 10 Content 2 (Version: 10.0)Adobe Premiere Elements 10 Content 3 (Version: 10.0)Adobe Premiere Elements 10 HD Content 1 (Version: 10.0)Adobe Premiere Elements 10 HD Content 2 (Version: 10.0)Adobe Premiere Elements 10 HD Content 3 (Version: 10.0)Adobe Shockwave Player 11.6 (Version: 11.6.4.634)Advanced XML Converter 2.43 (Version: 2.43)Akamai NetSession InterfaceAmazon MP3 Downloader 1.0.17 (Version: 1.0.17)Apple Application Support (Version: 2.3.6)Apple Mobile Device Support (Version: 7.0.0.117)Apple Software Update (Version: 2.1.3.127)AVS Update Manager 1.0AVS Video Converter 8 (Version: 8.3.2.533)AVS4YOU Software Navigator 1.4Barracuda Malware Removal ToolBioAPI Framework (Version: 1.0.1)Bonjour (Version: 3.0.0.10)Calendar Printing Assistant for Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)CBN Selector 3 (Version: 3.07.0925)CCleaner (Version: 3.23)Cisco ASDM-IDM Launcher (Version: 1.5.54)Cisco EAP-FAST Module (Version: 2.2.14)Cisco LEAP Module (Version: 1.0.19)Cisco PEAP Module (Version: 1.1.6)Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)Citrix Authentication Manager (Version: 4.0.0.53726)Citrix Online Launcher (Version: 1.0.122)Citrix Receiver (HDX Flash Redirection) (Version: 13.4.0.25)Citrix Receiver (Version: 13.4.0.25)Citrix Receiver Inside (Version: 3.4.0.29585)Citrix Receiver Updater (Version: 3.4.0.29577)Citrix Receiver(Aero) (Version: 13.4.0.25)Citrix Receiver(DV) (Version: 13.4.0.25)Citrix Receiver(USB) (Version: 13.4.0.25)CompuApps SwissKnifeCrystal Reports 2008 SP2 (Version: 12.1.0.883)Crystal XI Runtime (Version: 1.0.0.0)CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)D3DX10 (Version: 15.4.2368.0902)DameWare Mini Remote Control 9.0 (Version: 9.0.1.247)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDefinition Update for Microsoft Office 2013 (KB2760587) 32-Bit EditionDell Backup and Recovery Manager (Version: 1.3)Dell Control Point (Version: 1.6.468.86)Dell ControlPoint Security Manager (Version: 1.6.468.86)Dell ControlVault Host Components Installer (Version: 1.7.459.360)Dell Driver Download Manager (HKCU Version: 2.1.0.0)Dell Edoc Viewer (Version: 1.0.0)Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002)Dell Mobile Broadband Utility (Version: 3.00.23.003)Dell Security Device Driver Pack (Version: 1.4.055)Dell System Manager (Version: 1.5.00000)Dell Touchpad (Version: 7.1007.101.210)Dell Webcam Central (Version: 1.40.28)DirectX 9 Runtime (Version: 1.00.0000)DisplayLink Core Software (Version: 5.6.31854.0)DisplayLink Graphics (Version: 5.6.32670.0)DNE Update (Version: 4.11.1.18515)Document Manager Lite (Version: 06.09.00.159)Download Updater (AOL LLC)Dropbox (HKCU Version: 1.2.49)DW WLAN Card Utility (Version: 5.60.48.35)Elements 10 Organizer (Version: 10.0)EMBASSY Security Center (Version: 04.00.00.101)EMBASSY Security Setup (Version: 04.00.00.090)ESC Home Page Plugin (Version: 04.00.00.018)Everio MediaBrowser HD Edition (Version: 1.01.022)Extreme Translator TemplatesExtreme Translator XML TemplatesFRx 6.7 Client (\\Liserv3\FRx Software\FRX 6.7\) (Version: 6.7.0.0)FRx 6.7 Supplemental Files (Version: 6.7.0.9329)Gemalto (Version: 01.01.00.0000)Google Chrome (HKCU Version: 30.0.1599.101)Google Desktop (Version: 5.9.1005.12335)GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)honestech VHS to DVD 5.0 Deluxe (Version: 5.0)iCloud (Version: 3.0.2.163)ImgBurn (Version: 2.5.7.0)InstallVC90Support (Version: 1.01.0000)Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0)Intel® Rapid Storage Technology (Version: 9.6.0.1014)ISO Recorder (Version: 3.0.0)iTunes (Version: 11.1.1.11)Java Auto Updater (Version: 2.0.3.1)Java 6 Update 24 (Version: 6.0.240)Java 6 Update 7 (Version: 1.6.0.70)join.me (HKCU Version: 1.11.1.256)Juniper Networks Secure Meeting 6.0.0 (HKCU Version: 6.0.0.13319)Juniper Networks Setup Client (HKCU Version: 1.1.0.0)Junk Mail filter update (Version: 15.4.3502.0922)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)ManageEngine AssetExplorer Agent (Version: 1.0.13)Mesh Runtime (Version: 15.4.5722.2)Messenger Companion (Version: 15.4.3502.0922)MFCLOC (Version: 1.00.0000)Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)Microsoft .NET Framework 4 Extended (Version: 4.0.30319)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)Microsoft Document Explorer 2005Microsoft Document Explorer 2005 (Version: 8.0.50727.42)Microsoft Easy Assist v2 (Version: 8.1.6416.0)Microsoft FRx 6.7 Programmability Support (Version: 6.7.9038.0)Microsoft Lync 2010 (Version: 4.0.7577.4398)Microsoft Mouse and Keyboard Center (Version: 2.0.161.0)Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office 365 ProPlus - en-us (Version: 15.0.4535.1511)Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Outlook Connector (Version: 14.0.6123.5001)Microsoft Office Project 2007 Service Pack 3 (SP3)Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Project Standard 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Office SharePoint Designer 2010 (Version: 14.0.7015.1000)Microsoft Office SharePoint Designer MUI (English) 2010 (Version: 14.0.7015.1000)Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)Microsoft Report Viewer Redistributable 2008 SP1Microsoft SharePoint Designer 2010 (Version: 14.0.7015.1000)Microsoft SharePoint Designer 2013 (Version: 15.0.4420.1017)Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SOAP Toolkit 3.0 (Version: 3.00.1325.3)Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)Microsoft SQL Server 2008 R2Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)Microsoft SQL Server Browser (Version: 10.51.2500.0)Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)Microsoft SQL Server System CLR Types (Version: 10.51.2500.0)Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017)Microsoft Visio Standard 2013 (Version: 15.0.4420.1017)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual J# 2.0 Redistributable Package - SEMicrosoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50728)Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (Version: 1)Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)Microsoft_VC90_ATL_x86 (Version: 1.00.0000)Microsoft_VC90_CRT_x86 (Version: 1.00.0000)Microsoft_VC90_MFC_x86 (Version: 1.00.0000)MiFi4510 Mobile Broadband Drivers (Version: 1.02.001.001.13)Motorola Device Manager (Version: 2.4.3)Motorola Device Software Update (Version: 13.07.3101)Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0)Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)MSExcel 2010 (HKCU Version: 1.0)MSVCRT (Version: 15.4.2862.0708)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)Musicmatch® Jukebox (Version: 10.00.4015)NETGEAR Live Parental Controls Management Utility 2.1.5 (Version: 2.1.5)NETGEAR Live Parental Controls User Utility 2.1.6 (Version: 2.1.6)Network Recording Player (Version: 2.29.3212)NTRU TCG Software Stack (Version: 2.1.29)NVIDIA 3D Vision Driver 296.79 (Version: 296.79)NVIDIA Control Panel 296.79 (Version: 296.79)NVIDIA Graphics Driver 296.79 (Version: 296.79)NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)NVIDIA Install Application (Version: 2.1002.62.312)NVIDIA nView 136.28 (Version: 136.28)NVIDIA nView Desktop Manager (Version: 6.14.10.12152)NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9679)Office 15 Click-to-Run Extensibility Component (Version: 15.0.4535.1004)Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004)Office 15 Click-to-Run Localization Component (Version: 15.0.4535.1004)Online Plug-in (Version: 13.4.0.25)Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)OverDrive Media Console (Version: 3.2.10)PARCView 5.0 (Version: 5.00.0006)PHD Virtual Backup (Version: 6.5.0)PhotoShowExpress (Version: 2.0.028)Powerterm (HKCU Version: 1.0)PowerTerm Pro 8.8.3PRE10STIInstaller (Version: 1.0)Preboot Manager (Version: 03.00.00.154)Private Information Manager (Version: 06.04.00.065)Qualcomm Gobi 2000 Package for Dell (Version: 1.1.70)QuickTime (Version: 7.74.80.86)QuorumLabs onQ Web StartReader 2.1 (Version: 2.1.2.1143)Roxio Activation Module (Version: 1.0)Roxio BackOnTrack (Version: 1.3.3)Roxio Burn (Version: 1.8)Roxio Burn (Version: 1.8.57.4)Roxio Creator Starter (Version: 1.0.311)Roxio Creator Starter (Version: 12.1.40.0)Roxio Creator Starter (Version: 5.0.0)Roxio Express Labeler 3 (Version: 3.2.2)Roxio File Backup (Version: 1.3.2)RVTools (Version: 3.4.3)Samsung_MonSetup (Version: 1.00.0000)Security Wizards (Version: 01.07.00.026)Self-service Plug-in (Version: 3.4.0.33684)Service Pack 1 for SQL Server 2008 R2 (KB2528583) (Version: 10.51.2500.0)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionShared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)Shrew Soft VPN ClientShutterfly Express Uploader (Version: 1.2.0)Shutterfly Express Uploader (Version: 1.2.0.0)SmartSound Premiere Elements 10 Plugin (Version: 5.70.0001)SmartSound Sonicfire Pro 5 (Version: 5.7.1)SMSC Core Graphics Software (Version: 3.2.48.9685)SnagIt 9 (Version: 9.0.0)Sonic CinePlayer Decoder Pack (Version: 4.3.0)SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0)Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)SUPERAntiSpyware (Version: 5.6.1040)swMSM (Version: 12.0.0.1)TextPad 4Total Commander (Remove or Repair) (Version: 8.0)Trusted Drive Manager (Version: 3.3.3.104)Unisphere CLI 1.5.2.10002 (Version: 1.5.2.10002)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2726996) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2737954) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2738038) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760224) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760242) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760257) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760267) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2760610) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2767845) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2768016) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817309) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817311) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817490) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817493) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817626) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2817640) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2827225) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2827228) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2827230) 32-Bit EditionUpdate for Microsoft Office 2013 (KB2827235) 32-Bit EditionUpdate for Microsoft Office Project 2007 Help (KB963668)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Outlook 2013 (KB2825632) 32-Bit EditionUpdate for Microsoft SharePoint Designer 2013 (KB2768006) 32-Bit EditionUpdate for Microsoft Visio 2013 (KB2752018) 32-Bit EditionUpdate for Microsoft Visio 2013 (KB2810008) 32-Bit EditionUpdate for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit EditionUpdate for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232) (Version: 1)Update for Microsoft Word 2010 (KB2827323) 32-Bit EditionUpdate for Microsoft Word 2013 (KB2817631) 32-Bit EditionUPEK TouchChip Fingerprint Reader (Version: 1.2.0)USB2.0 VIDBOX NW03 (Version: 3.0.2)UWB Connection Manager (Version: 1.49.9)ViewSpan (Version: 2.8.1.0)VMware Client Integration Plug-in 5.1.0 (Version: 5.1.0.1060500)VMware vCenter Converter Client 4.2 (Version: 4.2.0.254483)VMware vCenter Update Manager Client 4.1 (Version: 4.1.0.5142)VMware vSphere CLI (Version: 5.1.0.4020)VMware vSphere Client 4.1 (Version: 4.1.0.32733)VMware vSphere Client 5.1 (Version: 5.1.0.2083)VMware vSphere Update Manager Client 5.1 (Version: 5.1.0.13071)VZAccess Manager (Version: 7.3.7.1)Warpia StreamHD (Version: 1.0.0.1643)Wave Infrastructure Installer (Version: 07.01.31.0000)Wave Support Software (Version: 05.10.00.073)WebExWebroot SecureAnywhere (Version: 8.1.165)WIDCOMM Bluetooth Software (Version: 6.3.0.3102)Windows Azure Active Directory Module for Windows PowerShell (Version: 1.0.0)Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)Windows Live Communications Platform (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3502.0922)Windows Live Essentials (Version: 15.4.3555.0308)Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)Windows Live Installer (Version: 15.4.3502.0922)Windows Live Mail (Version: 15.4.3502.0922)Windows Live Mesh (Version: 15.4.3502.0922)Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)Windows Live Messenger (Version: 15.4.3538.0513)Windows Live Messenger Companion Core (Version: 15.4.3502.0922)Windows Live MIME IFilter (Version: 15.4.3502.0922)Windows Live Movie Maker (Version: 15.4.3502.0922)Windows Live Photo Common (Version: 15.4.3502.0922)Windows Live Photo Gallery (Version: 15.4.3502.0922)Windows Live PIMT Platform (Version: 15.4.3508.1109)Windows Live Remote Client (Version: 15.4.5722.2)Windows Live Remote Client Resources (Version: 15.4.5722.2)Windows Live Remote Service (Version: 15.4.5722.2)Windows Live Remote Service Resources (Version: 15.4.5722.2)Windows Live SOXE (Version: 15.4.3502.0922)Windows Live SOXE Definitions (Version: 15.4.3502.0922)Windows Live UX Platform (Version: 15.4.3502.0922)Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)Windows Live Writer (Version: 15.4.3502.0922)Windows Live Writer Resources (Version: 15.4.3502.0922)Windows Mobile Device Updater Component (Version: 04.08.2345.00)Windows XP Mode (Version: 1.3.7600.16423)WinRAR 4.20 (32-bit) (Version: 4.20.0)WinSCP 4.2.9 (Version: 4.2.9)Wireless USB WinDrivers (Version: 14.2.122.2)Zune (Version: 04.08.2345.00)Zune Language Pack (CHS) (Version: 04.08.2345.00)Zune Language Pack (CHT) (Version: 04.08.2345.00)Zune Language Pack (CSY) (Version: 04.08.2345.00)Zune Language Pack (DAN) (Version: 04.08.2345.00)Zune Language Pack (DEU) (Version: 04.08.2345.00)Zune Language Pack (ELL) (Version: 04.08.2345.00)Zune Language Pack (ESP) (Version: 04.08.2345.00)Zune Language Pack (FIN) (Version: 04.08.2345.00)Zune Language Pack (FRA) (Version: 04.08.2345.00)Zune Language Pack (HUN) (Version: 04.08.2345.00)Zune Language Pack (IND) (Version: 04.08.2345.00)Zune Language Pack (ITA) (Version: 04.08.2345.00)Zune Language Pack (JPN) (Version: 04.08.2345.00)Zune Language Pack (KOR) (Version: 04.08.2345.00)Zune Language Pack (MSL) (Version: 04.08.2345.00)Zune Language Pack (NLD) (Version: 04.08.2345.00)Zune Language Pack (NOR) (Version: 04.08.2345.00)Zune Language Pack (PLK) (Version: 04.08.2345.00)Zune Language Pack (PTB) (Version: 04.08.2345.00)Zune Language Pack (PTG) (Version: 04.08.2345.00)Zune Language Pack (RUS) (Version: 04.08.2345.00)Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points ========================= 21-10-2013 10:23:41 Windows Update22-10-2013 21:16:42 Windows Update23-10-2013 21:27:29 Windows Update24-10-2013 20:00:56 Installed Motorola Device Manager31-10-2013 21:50:54 Windows Update05-11-2013 13:13:27 Windows Update06-11-2013 15:38:57 Removed Adobe Reader 9.2. ==================== Hosts content: ========================== 2009-07-13 21:04 - 2012-01-10 08:11 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 102.112.207.net ==================== Scheduled Tasks (whitelisted) ============= Task: {024652D7-86D6-4BE3-BC0A-049DD1AF3BB6} - System32\Tasks\{E669B9A2-4340-4C83-80AD-17394D0345D6} => C:\SWISNIFE\SWISNIFE.EXETask: {10E7EDAB-A272-4763-822C-FC84AF4A08E4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-10] (Microsoft Corporation)Task: {16534D06-DB6E-4CFF-AC41-A60D55113AA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)Task: {293E97B4-956C-4E66-BDB9-BF26D4066365} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()Task: {3AF3685A-F6C0-4F7A-B9D2-8D9058A3541E} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM ControlTask: {3FC49112-50F9-4082-9305-2B4794ACA931} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)Task: {4CB13240-11D8-4CE7-8C6D-AD1051D5FB3B} - System32\Tasks\{471A2D3F-E365-4AAC-88CF-565098DA19F2} => C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe [2006-11-07] (Musicmatch, Inc.)Task: {61FDB587-F222-4462-909D-77A741F0F40C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LPANDT-jhayward pclis2.lpandt.local => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-10-10] (Microsoft Corporation)Task: {642BD5A6-D751-4CF2-BBE1-AFB6FA53686B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06] (Microsoft Corporation)Task: {669F65D0-4C2A-4263-B2BB-1C7C593E6653} - System32\Tasks\{BC327195-55CF-404C-A207-20ECBF5D6384} => E:\autorun.exeTask: {762C2EDF-B089-4711-A737-9A4E51295C17} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-10-10] (Microsoft Corporation)Task: {7EB6FC0D-BD78-481B-8474-2810EEF6C51B} - System32\Tasks\{BD5E30DC-FCDF-4789-8C01-0A7F685CB7CC} => E:\autorun.exeTask: {8731817D-FF34-4028-B8C1-44DBEADFAEA6} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()Task: {8A87AF5B-65F8-4501-83BD-F5D582E2D7BC} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exeTask: {A04F00EA-755A-4DBA-87E7-EBB29107356E} - System32\Tasks\{D3B99B10-D73F-44F3-A4DD-911517002463} => C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe [2006-11-07] (Musicmatch, Inc.)Task: {A324040D-40A0-4950-9B03-3483A84DC0F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {ADB39ECF-60AD-440F-ABB7-A0C15C0B010E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exeTask: {AF0AA9FA-4838-4278-BD35-51F63482DD01} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)Task: {C58AD746-0389-47D8-8077-885B11816834} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {0d809de6-6d6a-4df9-8b5d-1a7f0ca78b4a} pclis2.lpandt.local => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-10-10] (Microsoft Corporation)Task: {CAE93810-D9AF-4238-80B7-0C1F0674F474} - System32\Tasks\AdobeAAMUpdater-1.0-LPANDT-jhayward => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)Task: {DA2B5EDF-EC8A-4632-8BD5-AD80B69F15FF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()Task: {E257C6CD-E93A-41EC-B7DF-C9B112E00B26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-10-10] (Microsoft Corporation)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job => C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-08-14 07:35 - 2013-09-12 20:14 - 08866472 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll2011-01-05 20:12 - 2006-06-26 13:37 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\mmgit.dll2011-01-05 20:12 - 2006-11-07 15:41 - 00139264 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll2011-03-27 17:20 - 2011-03-27 17:20 - 00048440 _____ () C:\Program Files\Wireless USB\Components\WirelessUSBManager\CompInfo.dll2011-11-13 10:40 - 2011-11-13 10:40 - 00101408 _____ () C:\Program Files\Wireless USB\Components\WirelessUSBManager\WUSBResource.dll2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll2013-10-10 07:14 - 2013-10-10 07:14 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll2013-10-10 07:14 - 2013-10-10 07:14 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll2013-09-12 20:12 - 2013-09-12 20:12 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll2009-10-23 10:05 - 2009-10-23 10:05 - 00101888 _____ () C:\Program Files\Microsoft Office\Office12\cpaoaddin.dll2013-10-10 07:15 - 2013-10-10 07:16 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll2013-06-05 20:39 - 2013-06-05 21:00 - 00321088 _____ () C:\Program Files\Microsoft Office 15\root\office15\msfad.dll2013-10-10 07:14 - 2013-10-10 07:14 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll2013-10-10 07:14 - 2013-10-10 07:14 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll2013-10-18 17:51 - 2013-10-08 19:01 - 00698832 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll2013-10-18 17:51 - 2013-10-08 19:01 - 00099792 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll2013-10-18 17:51 - 2013-10-08 19:02 - 04055504 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll2013-10-18 17:51 - 2013-10-08 19:02 - 00415184 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll2013-10-18 17:51 - 2013-10-08 19:01 - 01604560 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\sqlite.dll2013-10-18 17:51 - 2013-10-08 19:02 - 13584336 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:060CC3DCAlternateDataStreams: C:\Users\jhayward.LPANDT\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wctsys => "(Default)"="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wctsys => "(Default)"="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelProblem: : This device cannot start. (Code10)Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Cisco Systems VPN AdapterDescription: Cisco Systems VPN AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Shrew Soft Virtual AdapterDescription: Shrew Soft Virtual AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: Shrew SoftService: vnetProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Dell Wireless 375 Bluetooth Module with AMPDescription: Dell Wireless 375 Bluetooth Module with AMPClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: BroadcomService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: C-Media Wi-Sonic Wireless Audio DeviceDescription: C-Media Wi-Sonic Wireless Audio DeviceClass Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}Manufacturer: C-MediaService: cmvadProblem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Event log errors: ========================= Application errors:==================Error: (11/06/2013 08:01:59 AM) (Source: dwmrcs) (User: )Description: Error: DameWare Mini Remote ControlNo Link-Local or Site-Local Cloud Available (Local). System Error: 0System Message: The operation completed successfully. (srv 32 bit) Error: (11/06/2013 07:59:29 AM) (Source: Desktop Window Manager) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x88980406) Error: (11/05/2013 10:14:40 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (11/05/2013 09:36:53 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (11/05/2013 08:46:23 AM) (Source: Application Error) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5Exception code: 0xc0000374Fault offset: 0x000c385bFaulting process id: 0x1708Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (11/05/2013 08:09:26 AM) (Source: dwmrcs) (User: )Description: Error: DameWare Mini Remote ControlNo Link-Local or Site-Local Cloud Available (Local). System Error: 0System Message: The operation completed successfully. (srv 32 bit) Error: (11/05/2013 08:07:11 AM) (Source: Desktop Window Manager) (User: )Description: The Desktop Window Manager has encountered a fatal error (0x88980406) Error: (11/04/2013 05:50:45 PM) (Source: dwmrcs) (User: )Description: Error: DameWare Mini Remote ControlSystem Error: 196.7.1 - Unable to set run key. (srv 32 bit) Error: (11/04/2013 11:25:28 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.Please use sxstrace.exe for detailed diagnosis. Error: (11/04/2013 09:44:51 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (11/06/2013 08:47:13 AM) (Source: NetBT) (User: )Description: A duplicate name has been detected on the TCP network. The IP address ofthe computer that sent the message is in the data. Use nbtstat -n in acommand window to see which name is in the Conflict state. Error: (11/06/2013 08:02:29 AM) (Source: Service Control Manager) (User: )Description: The Windows Modules Installer service failed to start due to the following error: %%1053 Error: (11/06/2013 08:02:29 AM) (Source: Service Control Manager) (User: )Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect. Error: (11/06/2013 08:02:29 AM) (Source: DCOM) (User: )Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED} Error: (11/06/2013 08:01:56 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load: ssfs0bbcsshrmdssidrv Error: (11/06/2013 07:59:15 AM) (Source: Service Control Manager) (User: )Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (11/06/2013 07:58:45 AM) (Source: EventLog) (User: )Description: The previous system shutdown at 5:13:40 PM on ‎11/‎5/‎2013 was unexpected. Error: (11/05/2013 05:13:55 PM) (Source: DCOM) (User: )Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (11/05/2013 03:42:39 PM) (Source: NetBT) (User: )Description: A duplicate name has been detected on the TCP network. The IP address ofthe computer that sent the message is in the data. Use nbtstat -n in acommand window to see which name is in the Conflict state. Error: (11/05/2013 02:42:35 PM) (Source: NetBT) (User: )Description: A duplicate name has been detected on the TCP network. The IP address ofthe computer that sent the message is in the data. Use nbtstat -n in acommand window to see which name is in the Conflict state. Microsoft Office Sessions:=========================Error: (05/16/2012 00:38:01 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23556 seconds with 120 seconds of active time. This session ended with a crash. Error: (05/08/2012 00:36:31 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8262 seconds with 0 seconds of active time. This session ended with a crash. Error: (05/08/2012 10:18:36 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1838 seconds with 180 seconds of active time. This session ended with a crash. Error: (04/26/2012 03:32:36 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8862 seconds with 360 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 74%Total physical RAM: 3317.83 MBAvailable physical RAM: 859.39 MBTotal Pagefile: 6633.95 MBAvailable Pagefile: 2104.64 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1892.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.47 GB) (Free:61.98 GB) NTFSDrive d: (READER) (Fixed) (Total:2 GB) (Free:1.91 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 466 GB) (Disk ID: 77E3ED41)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended) ==================== End Of Log ============================
  8. jhardwood
    Here is FRST.txt output Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013Ran by jhayward (administrator) on PCLIS2 on 06-11-2013 11:33:01Running from C:\Users\jhayward.LPANDT\DownloadsMicrosoft Windows 7 Professional Service Pack 1 (X86) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Webroot) C:\Program Files\Webroot\WRSA.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(SMSC) C:\Program Files\SGFX\sgfxmgr.exe(Alereon) C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe(Microsoft Corporation) C:\Windows\system32\WLANExt.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Cisco WebEx LLC) C:\Windows\system32\atashost.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Wisair Ltd.) C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe(Webroot) C:\Program Files\Webroot\WRSA.exe(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE() C:\Program Files\ShrewSoft\VPN Client\iked.exe() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe(SolarWinds) C:\Windows\dwrcs\DWRCST.exe() C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe() C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe(Wisair Ltd.) C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe() C:\Program Files\SGFX\SgfxConfig.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe() C:\Program Files\zFTPServer\zFTPServer.exe(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe(Alereon) C:\Program Files\Warpia\UWB Wireless\WusbLite.exe(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe() C:\ProgramData\Rpcnet\Bin\rpccm.exe() C:\ProgramData\Rpcnet\Bin\rpcld.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5249024 2010-02-02] (Dell Inc.)HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM\...\Run: [DellBtrEvent] - D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe [147456 2010-05-04] (DeviceVM, Inc.)HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)HKLM\...\Run: [MimBoot] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [8192 2006-11-07] (Musicmatch, Inc.)HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4355464 2009-06-22] (Acronis)HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960568 2009-06-22] (Acronis)HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377248 2009-06-22] (Acronis)HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] ()HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)HKLM\...\Run: [WirelessUSBManager] - C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe [2968400 2011-03-27] (Wisair Ltd.)HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [757352 2013-09-28] (Webroot)HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation)HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-11] ()HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)HKLM\...\Run: [] - [x]HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)HKLM\...\Run: [sgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [1536104 2012-06-19] ()HKLM\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)HKLM\...\Run: [barracuda Malware Removal Tool (reboot)] - C:\Program Files\Barracuda\Barracuda Malware Removal Tool\bmrt.exe [857480 2010-05-26] (Barracuda Networks)HKLM\...\Run: [DameWare MRC Agent] - C:\Windows\dwrcs\DWRCST.EXE [277456 2011-12-12] (SolarWinds)HKLM\...\Policies\Explorer: [NoFolderOptions] 0HKLM\...\Policies\Explorer: [NoViewOnDrive] 0HKLM\...\Policies\Explorer: [NoControlPanel] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKLM\...\Policies\Explorer: [NoViewContextMenu] 0HKLM\...\Policies\Explorer: [NoShellSearchButton] 0HKLM\...\Policies\Explorer: [NoFind] 0HKLM\...\Policies\Explorer: [NoFile] 0HKLM\...\Policies\Explorer: [HideClock] 0HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKLM\...\Policies\Explorer: [NoSetFolders] 0HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0HKLM\...\Policies\Explorer: [NoSetTaskbar] 0HKLM\...\Policies\Explorer: [NoDeletePrinter] 0HKLM\...\Policies\Explorer: [NoDFSTab] 0HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0HKLM\...\Policies\Explorer: [NoLogoff] 0HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKLM\...\Policies\Explorer: [NoResolveSearch] 0HKLM\...\Policies\Explorer: [NoSaveSettings] 0HKLM\...\Policies\Explorer: [NoHardwareTab] 0HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0HKLM\...\Policies\Explorer: [NoDesktop] 0HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exeHKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exeHKCU\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)HKCU\...\Run: [Google Update] - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18633888 2013-10-10] (Microsoft Corporation)HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5707544 2013-10-10] (SUPERAntiSpyware)HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?HKCU\...\Policies\system: [DisableCMD] 0HKCU\...\Policies\system: [NoDispAppearancePage] 0HKCU\...\Policies\system: [NoDispBackgroundPage] 0HKCU\...\Policies\system: [NoDispSettingsPage] 0HKCU\...\Policies\Explorer: [NoFolderOptions] 0HKCU\...\Policies\Explorer: [NoViewOnDrive] 0HKCU\...\Policies\Explorer: [NoControlPanel] 0HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0HKCU\...\Policies\Explorer: [NoViewContextMenu] 0HKCU\...\Policies\Explorer: [NoShellSearchButton] 0HKCU\...\Policies\Explorer: [NoFind] 0HKCU\...\Policies\Explorer: [NoFile] 0HKCU\...\Policies\Explorer: [HideClock] 0HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0HKCU\...\Policies\Explorer: [NoSetFolders] 0HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0HKCU\...\Policies\Explorer: [NoSetTaskbar] 0HKCU\...\Policies\Explorer: [NoDeletePrinter] 0HKCU\...\Policies\Explorer: [NoDFSTab] 0HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0HKCU\...\Policies\Explorer: [NoLogoff] 0HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0HKCU\...\Policies\Explorer: [NoResolveSearch] 0HKCU\...\Policies\Explorer: [NoSaveSettings] 0HKCU\...\Policies\Explorer: [NoHardwareTab] 0HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0MountPoints2: {0c137186-3ffe-11e2-8674-c0cb38353b98} - F:\LaunchU3.exe -aMountPoints2: {3cc7b2ee-aefe-11e1-baf8-00a0c6000000} - F:\TL-Bootstrap.exeMountPoints2: {4cfd604f-bc62-11e1-9cb2-5c260a2dbd42} - I:\MotoCastSetup.exe -aMountPoints2: {9c99fff4-e8bb-11e1-b6c4-00059a3c7800} - F:\MotoCastSetup.exe -aMountPoints2: {b720afb3-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exeMountPoints2: {b720b31d-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exeMountPoints2: {bdaf5659-93bf-11e0-9991-00a0c6000000} - F:\TL-Bootstrap.exeMountPoints2: {de336a81-894d-11e1-9682-00a0c6000000} - F:\setup.exe -aAppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll [ 2012-12-14] (Citrix Systems, Inc.)Startup: C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnkShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) ==================== Internet (Whitelisted) ==================== ProxyServer: 172.20.0.21:8080HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://lpt.sharepoint.com/teams/LPTDEPT/IT/_layouts/15/start.aspx#/SitePages/Home.aspxSearchScopes: HKLM - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKCU - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = SearchScopes: HKCU - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No FileToolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CABDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.logging.cabDPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} https://fileservice.emc.com/XFile/SAXFileEE.cabDPF: {88DD90B6-C770-4CFF-B7A4-3AFD16BB8824} http://lvserv10:8080/CrystalReports/crystalreportviewers/ActiveXControls/PrintControl.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CABDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.ericom.com/dana-cached/sc/JuniperSetupClient.cabDPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Hosts: 127.0.0.1 102.112.207.netTcpip\..\Interfaces\{6A2B8B82-FF68-4575-9984-7A609318F9D4}: [NameServer]198.224.186.135 198.224.187.135Tcpip\..\Interfaces\{98C436D4-2943-4F4D-9A57-F9B19E92EA90}: [NameServer]172.20.20.16,172.20.20.17 FireFox:========FF ProfilePath: C:\Users\jhayward.LPANDT\AppData\Roaming\Mozilla\Firefox\Profiles\9ougtvei.defaultFF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin: @vmware.com/client-support,version=5.1.0.00000 - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)FF Plugin: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xmlFF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)CHR Plugin: (VMware Remote Console Plug-in) - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)CHR Plugin: (VMware Client Support Plug-in) - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)CHR Plugin: (Google Update) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0CHR Extension: (New Tab Redirect!) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0CHR Extension: (Google Wallet) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-06-22] (Acronis)R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()R2 aluwbservice; C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe [12288 2012-09-20] (Alereon)R2 atashost; C:\Windows\system32\atashost.exe [116536 2011-01-21] (Cisco WebEx LLC)R2 CableAssociation; C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe [1113416 2010-12-08] (Wisair Ltd.)R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.)R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [588752 2011-12-12] (SolarWinds)S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()R2 ManageEngine AssetExplorer Agent; C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2013-09-05] ()S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2013-09-05] ()R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-22] (Microsoft Corporation)S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()R2 NWHelper; C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [215552 2010-06-03] (Novatel Wireless Inc.)R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-06] (Microsoft Corporation)R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)R2 QDLService2kDell; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe [329976 2009-11-23] (QUALCOMM, Inc.)S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)R2 RPCNET; C:\Windows\system32\rpcnet.exe [69792 2013-09-11] (Absolute Software Corp.)S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [4247552 2012-06-20] (SMSC)S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [672408 2012-07-06] (VMware, Inc.)R2 VZWConfigService; C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe [139776 2011-02-11] (Novatel Wireless Inc.)R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.)R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [757352 2013-09-28] (Webroot)R2 zFTPSvc; C:\Program Files\zFTPServer\zFTPServer.exe [3424768 2010-10-20] ()R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"R2 Rpccm; C:\ProgramData\Rpcnet\Bin\rpccm.exe [x]R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]S3 WRRmtInstSvc; WRRmtInstSvc.exe /service [x] ==================== Drivers (Whitelisted) ==================== S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)S3 al56xxpt; C:\Windows\System32\Drivers\al56xxpt.sys [25088 2012-09-13] (Alereon Inc.)S3 ALDWA; C:\Windows\System32\DRIVERS\ALDWA.SYS [157056 2012-09-13] (Alereon, Inc.)S3 ALHWA; C:\Windows\System32\DRIVERS\ALHWA.SYS [195200 2012-09-13] (Alereon, Inc.)S3 ALURCU; C:\Windows\System32\DRIVERS\ALURCU.SYS [91520 2012-09-13] (Alereon, Inc.)R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2010-01-11] (Broadcom Corporation.)S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2012-03-12] (http://libusb-win32.sourceforge.net)S3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [50816 2010-07-21] ()R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [94848 2012-09-21] (Citrix Systems, Inc.)R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)S3 DWA; C:\Windows\System32\DRIVERS\WSR_DWA.SYS [516096 2010-11-18] ()R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [38296 2012-07-06] (VMware, Inc.)S3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [900096 2010-11-18] ()S3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [147968 2010-11-18] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [243712 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)R3 qcfilterdl2k; C:\Windows\System32\DRIVERS\qcfilterdl2k.sys [5248 2009-12-02] (QUALCOMM Incorporated)R3 qcusbnetdl2k; C:\Windows\System32\DRIVERS\qcusbnetdl2k.sys [201728 2009-12-02] (QUALCOMM Incorporated)R3 qcusbserdl2k; C:\Windows\System32\DRIVERS\qcusbserdl2k.sys [106368 2009-12-02] (QUALCOMM Incorporated)R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()R4 sgfxk; C:\Windows\System32\drivers\sgfxk32.sys [113256 2012-07-03] (SMSC)R0 sgfxl; C:\Windows\System32\drivers\sgfxl32.sys [13928 2012-07-03] (SMSC)R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [902592 2011-01-06] (Acronis)R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-01-06] (Acronis)S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2013-09-28] (Webroot)S3 WSR_USF; C:\Windows\System32\Drivers\WSR_USF.sys [46720 2010-11-01] ()S3 cmvad; system32\drivers\cmudaxv.sys [x]U3 ETD; S0 ssfs0bbc; SYSTEM32\Drivers\SSFS0BBC.SYS [x]S0 sshrmd; SYSTEM32\Drivers\SSHRMD.SYS [x]S0 ssidrv; SYSTEM32\Drivers\SSIDRV.SYS [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 11:32 - 2013-11-06 11:32 - 01089445 _____ (Farbar) C:\Users\jhayward.LPANDT\Downloads\FRST.exe2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST2013-11-06 09:04 - 2012-06-04 10:27 - 00221112 ____H (Absolute Software Corp.) C:\Windows\system32\txntph.dll2013-11-06 09:04 - 2012-06-04 10:27 - 00200789 ____H (Novatel Wireless, Inc.) C:\Windows\system32\SMSCodec.dll2013-11-06 09:04 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\ntphprxy.dll2013-11-06 09:04 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\d5720pxy.dll2013-11-06 09:04 - 2012-06-04 10:25 - 00120760 ____H (Absolute Software Corp.) C:\Windows\system32\tahost.exe2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey (1).xlsx2013-10-25 14:25 - 2013-10-25 14:26 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey.xlsx2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn2013-10-22 08:01 - 2013-10-22 08:02 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe2013-10-19 09:54 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2013-10-19 09:54 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip2013-10-18 16:51 - 2013-10-18 16:52 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab2013-10-17 13:17 - 2013-10-17 13:22 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job2013-10-11 14:41 - 2013-10-23 07:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe2013-10-11 14:41 - 2013-10-11 14:41 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda2013-10-11 13:58 - 2010-05-26 18:30 - 00038352 _____ (Barracuda Networks) C:\Windows\system32\Drivers\bmrtswissarmy.sys2013-10-11 13:56 - 2013-10-11 13:57 - 06051128 _____ (Barracuda Networks ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe2013-10-10 16:36 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2013-10-10 16:36 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2013-10-10 16:36 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2013-10-10 16:36 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2013-10-10 16:36 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2013-10-10 16:36 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2013-10-10 16:36 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2013-10-10 16:36 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2013-10-10 16:36 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2013-10-10 16:36 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe2013-10-10 07:09 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2013-10-10 07:09 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2013-10-10 07:09 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2013-10-10 07:09 - 2013-07-12 05:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys2013-10-10 07:09 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys2013-10-10 07:09 - 2013-07-12 05:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys2013-10-10 07:09 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2013-10-10 07:09 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys2013-10-10 07:09 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2013-10-10 07:09 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2013-10-10 07:09 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2013-10-10 07:09 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2013-10-10 07:09 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2013-10-10 07:09 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2013-10-10 07:09 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2013-10-07 11:58 - 2013-10-07 11:58 - 00006379 _____ C:\Users\jhayward.LPANDT\Downloads\{4fb7b7e1-a73f-4acc-b8bc-bc95a389cf01}_GreenPages_Webinar_-_Unlocking_the_Value_of_VMware_vCloud_Suite.ics2013-10-07 09:54 - 2013-10-07 09:54 - 00000000 ____H C:\cmddunla.sys2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttempoff.html2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttemp.html2013-10-07 09:44 - 2013-10-07 09:44 - 00000016 __RSH C:\ProgramData\wctreqid.sys ==================== One Month Modified Files and Folders ======= 2013-11-06 11:33 - 2011-01-07 08:44 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Outlook Files2013-11-06 11:32 - 2013-11-06 11:32 - 01089445 _____ (Farbar) C:\Users\jhayward.LPANDT\Downloads\FRST.exe2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST2013-11-06 11:31 - 2011-01-05 12:20 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl2013-11-06 10:43 - 2012-06-20 07:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2013-11-06 10:40 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Adobe2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Adobe2013-11-06 09:02 - 2013-09-11 12:45 - 00000133 __RSH C:\ProgramData\3002.xml2013-11-06 08:09 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-11-06 08:09 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-11-06 08:07 - 2010-12-28 19:12 - 00916598 _____ C:\Windows\system32\PerfStringBackup.INI2013-11-06 08:06 - 2009-07-13 23:55 - 02050598 _____ C:\Windows\WindowsUpdate.log2013-11-06 08:00 - 2013-09-12 19:52 - 00017920 _____ C:\Windows\system32\rpcnetp.exe2013-11-06 08:00 - 2013-09-11 12:19 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll2013-11-06 07:59 - 2011-01-05 13:35 - 00000000 _____ C:\Users\jhayward.LPANDT\AppData\Local\WavXMapDrive.bat2013-11-06 07:59 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-11-06 07:58 - 2012-10-11 05:19 - 00053924 _____ C:\Windows\setupact.log2013-11-06 07:58 - 2010-12-28 19:49 - 00000000 ____D C:\ProgramData\NVIDIA2013-11-05 12:30 - 2012-04-13 14:54 - 00000000 ____D C:\ProgramData\WRData2013-11-04 15:59 - 2011-01-05 14:53 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\SQL Server Management Studio2013-11-04 14:23 - 2011-01-06 11:34 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\DameWare Development2013-11-04 07:51 - 2010-12-28 19:34 - 00000000 ____D C:\ProgramData\Sonic2013-11-04 06:52 - 2013-01-22 17:19 - 00000064 _____ C:\dvmaccounts.ini2013-11-01 18:07 - 2011-01-06 10:52 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewHomeToBeFiled2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled2013-11-01 12:49 - 2011-01-05 20:01 - 00002038 ____H C:\Users\jhayward.LPANDT\Documents\Default.rdp2013-11-01 07:16 - 2011-01-05 13:35 - 00004524 __RSH C:\Users\jhayward.LPANDT\ntuser.pol2013-11-01 07:16 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT2013-10-26 14:43 - 2011-01-06 11:40 - 00000000 ____D C:\tunes2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey (1).xlsx2013-10-25 14:26 - 2013-10-25 14:25 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson 2013 ExaGrid Site Survey.xlsx2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv2013-10-23 19:38 - 2012-10-19 17:10 - 00147938 _____ C:\Windows\PFRO.log2013-10-23 16:30 - 2011-01-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help2013-10-23 11:43 - 2011-01-06 11:55 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\VMware2013-10-23 08:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-10-23 07:10 - 2013-10-11 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware2013-10-22 15:23 - 2013-02-14 14:18 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\PHD Virtual Backup2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn2013-10-22 08:02 - 2013-10-22 08:01 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe2013-10-22 08:02 - 2011-09-01 12:44 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\join.me2013-10-18 17:51 - 2011-06-03 07:05 - 00002378 _____ C:\Users\jhayward.LPANDT\Desktop\Google Chrome.lnk2013-10-18 17:31 - 2011-01-05 18:39 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\PS2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility2013-10-18 17:27 - 2013-10-18 17:23 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip2013-10-18 16:52 - 2013-10-18 16:51 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab2013-10-17 13:22 - 2013-10-17 13:17 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website2013-10-16 15:10 - 2011-01-05 22:20 - 00000000 ___RD C:\Users\jhayward.LPANDT\Virtual Machines2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job2013-10-12 10:10 - 2012-01-06 18:10 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Home2013-10-11 20:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF2013-10-11 17:25 - 2013-06-05 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 152013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe2013-10-11 14:41 - 2013-10-11 14:41 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com2013-10-11 14:29 - 2011-11-21 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda2013-10-11 13:57 - 2013-10-11 13:56 - 06051128 _____ (Barracuda Networks ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe2013-10-11 12:59 - 2011-05-06 06:36 - 00000000 ____D C:\MIS2013-10-11 06:54 - 2009-07-13 23:33 - 00591688 _____ C:\Windows\system32\FNTCACHE.DAT2013-10-11 06:50 - 2010-12-28 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight2013-10-10 16:47 - 2013-08-15 17:26 - 00000000 ____D C:\Windows\system32\MRT2013-10-10 16:38 - 2011-01-05 13:41 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2013-10-10 16:28 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared2013-10-10 10:48 - 2011-04-14 09:59 - 00000000 __SHD C:\Users\jhayward.LPANDT\Documents\cache2013-10-09 07:43 - 2012-04-13 14:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2013-10-09 07:43 - 2012-04-13 14:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2013-10-07 11:58 - 2013-10-07 11:58 - 00006379 _____ C:\Users\jhayward.LPANDT\Downloads\{4fb7b7e1-a73f-4acc-b8bc-bc95a389cf01}_GreenPages_Webinar_-_Unlocking_the_Value_of_VMware_vCloud_Suite.ics2013-10-07 10:28 - 2013-09-02 07:25 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Skype2013-10-07 10:28 - 2013-09-02 07:24 - 00000000 ____D C:\ProgramData\Skype2013-10-07 09:54 - 2013-10-07 09:54 - 00000000 ____H C:\cmddunla.sys2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttempoff.html2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttemp.html2013-10-07 09:44 - 2013-10-07 09:44 - 00000016 __RSH C:\ProgramData\wctreqid.sys Files to move or delete:====================C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.jsC:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.jsC:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP:====================C:\Users\jhayward\AppData\Local\Temp\MSNADCE.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\AskSLib.dllC:\Users\jhayward.LPANDT\AppData\Local\Temp\DelayInst.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\installservice.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsi.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsiw.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0228.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\NV_Meet_Participant.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\OfficeSetup.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\Setup.X86.en-us_O365ProPlusRetail_cebd1216-2c98-4abe-bb52-84c4a602a06d_TX_PR_.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\vpnclient_setup.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\WRupdate452106.exeC:\Users\jhayward.LPANDT\AppData\Local\Temp\_is3B0C.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-11-01 17:44 ==================== End Of Log ============================
  9. jhardwood
    I have a Windows 7 32 bit machine that keeps warning that "failed to update the system registry". I traced this to a c:\windows\system32\phoenix.exe file. I can permanently delete this file, but within a day, the errors (and the file returns). Full scans by Antivirus (Webroot), Malwarebytes, and a few others have not corrected. Any suggestions on how to manually fix? jeff
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.