Jump to content

Phoenix.exe removal


Recommended Posts

I have a Windows 7 32 bit machine that keeps warning that "failed to update the system registry".   I traced this to a c:\windows\system32\phoenix.exe file.  I can permanently delete this file, but within a day, the errors (and the file returns).  Full scans by Antivirus (Webroot), Malwarebytes, and a few others have not corrected.

 

Any suggestions on how to manually fix?

jeff

 

 
Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.


Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

Link to post
Share on other sites

Here is FRST.txt output

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by jhayward (administrator) on PCLIS2 on 06-11-2013 11:33:01
Running from C:\Users\jhayward.LPANDT\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(Alereon) C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\system32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Wisair Ltd.) C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
(Wisair Ltd.) C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files\zFTPServer\zFTPServer.exe
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Alereon) C:\Program Files\Warpia\UWB Wireless\WusbLite.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\ProgramData\Rpcnet\Bin\rpccm.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5249024 2010-02-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DellBtrEvent] - D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe [147456 2010-05-04] (DeviceVM, Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [MimBoot] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [8192 2006-11-07] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4355464 2009-06-22] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960568 2009-06-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377248 2009-06-22] (Acronis)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] ()
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WirelessUSBManager] - C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe [2968400 2011-03-27] (Wisair Ltd.)
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [757352 2013-09-28] (Webroot)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-11] ()
HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM\...\Run: [sgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [1536104 2012-06-19] ()
HKLM\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [barracuda Malware Removal Tool (reboot)] - C:\Program Files\Barracuda\Barracuda Malware Removal Tool\bmrt.exe [857480 2010-05-26] (Barracuda Networks)
HKLM\...\Run: [DameWare MRC Agent] - C:\Windows\dwrcs\DWRCST.EXE [277456 2011-12-12] (SolarWinds)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKCU\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18633888 2013-10-10] (Microsoft Corporation)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5707544 2013-10-10] (SUPERAntiSpyware)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
MountPoints2: {0c137186-3ffe-11e2-8674-c0cb38353b98} - F:\LaunchU3.exe -a
MountPoints2: {3cc7b2ee-aefe-11e1-baf8-00a0c6000000} - F:\TL-Bootstrap.exe
MountPoints2: {4cfd604f-bc62-11e1-9cb2-5c260a2dbd42} - I:\MotoCastSetup.exe -a
MountPoints2: {9c99fff4-e8bb-11e1-b6c4-00059a3c7800} - F:\MotoCastSetup.exe -a
MountPoints2: {b720afb3-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exe
MountPoints2: {b720b31d-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exe
MountPoints2: {bdaf5659-93bf-11e0-9991-00a0c6000000} - F:\TL-Bootstrap.exe
MountPoints2: {de336a81-894d-11e1-9682-00a0c6000000} - F:\setup.exe -a
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll [ 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 172.20.0.21:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://lpt.sharepoint.com/teams/LPTDEPT/IT/_layouts/15/start.aspx#/SitePages/Home.aspx
SearchScopes: HKLM - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = 
SearchScopes: HKCU - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = 
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} https://fileservice.emc.com/XFile/SAXFileEE.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.ericom.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1    102.112.207.net
Tcpip\..\Interfaces\{6A2B8B82-FF68-4575-9984-7A609318F9D4}: [NameServer]198.224.186.135 198.224.187.135
Tcpip\..\Interfaces\{98C436D4-2943-4F4D-9A57-F9B19E92EA90}: [NameServer]172.20.20.16,172.20.20.17
 
FireFox:
========
FF ProfilePath: C:\Users\jhayward.LPANDT\AppData\Roaming\Mozilla\Firefox\Profiles\9ougtvei.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @vmware.com/client-support,version=5.1.0.00000 - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)
FF Plugin: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (VMware Remote Console Plug-in) - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VMware Client Support Plug-in) - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (New Tab Redirect!) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0
CHR Extension: (Google Wallet) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-06-22] (Acronis)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()
R2 aluwbservice; C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe [12288 2012-09-20] (Alereon)
R2 atashost; C:\Windows\system32\atashost.exe [116536 2011-01-21] (Cisco WebEx LLC)
R2 CableAssociation; C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe [1113416 2010-12-08] (Wisair Ltd.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [588752 2011-12-12] (SolarWinds)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 ManageEngine AssetExplorer Agent; C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2013-09-05] ()
S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2013-09-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()
R2 NWHelper; C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [215552 2010-06-03] (Novatel Wireless Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-06] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 QDLService2kDell; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe [329976 2009-11-23] (QUALCOMM, Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
R2 RPCNET; C:\Windows\system32\rpcnet.exe [69792 2013-09-11] (Absolute Software Corp.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [4247552 2012-06-20] (SMSC)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [672408 2012-07-06] (VMware, Inc.)
R2 VZWConfigService; C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe [139776 2011-02-11] (Novatel Wireless Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [757352 2013-09-28] (Webroot)
R2 zFTPSvc; C:\Program Files\zFTPServer\zFTPServer.exe [3424768 2010-10-20] ()
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"
R2 Rpccm; C:\ProgramData\Rpcnet\Bin\rpccm.exe [x]
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]
S3 WRRmtInstSvc; WRRmtInstSvc.exe /service [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 al56xxpt; C:\Windows\System32\Drivers\al56xxpt.sys [25088 2012-09-13] (Alereon Inc.)
S3 ALDWA; C:\Windows\System32\DRIVERS\ALDWA.SYS [157056 2012-09-13] (Alereon, Inc.)
S3 ALHWA; C:\Windows\System32\DRIVERS\ALHWA.SYS [195200 2012-09-13] (Alereon, Inc.)
S3 ALURCU; C:\Windows\System32\DRIVERS\ALURCU.SYS [91520 2012-09-13] (Alereon, Inc.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2010-01-11] (Broadcom Corporation.)
S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2012-03-12] (http://libusb-win32.sourceforge.net)
S3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [50816 2010-07-21] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [94848 2012-09-21] (Citrix Systems, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
S3 DWA; C:\Windows\System32\DRIVERS\WSR_DWA.SYS [516096 2010-11-18] ()
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [38296 2012-07-06] (VMware, Inc.)
S3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [900096 2010-11-18] ()
S3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [147968 2010-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [243712 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 qcfilterdl2k; C:\Windows\System32\DRIVERS\qcfilterdl2k.sys [5248 2009-12-02] (QUALCOMM Incorporated)
R3 qcusbnetdl2k; C:\Windows\System32\DRIVERS\qcusbnetdl2k.sys [201728 2009-12-02] (QUALCOMM Incorporated)
R3 qcusbserdl2k; C:\Windows\System32\DRIVERS\qcusbserdl2k.sys [106368 2009-12-02] (QUALCOMM Incorporated)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
R4 sgfxk; C:\Windows\System32\drivers\sgfxk32.sys [113256 2012-07-03] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl32.sys [13928 2012-07-03] (SMSC)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [902592 2011-01-06] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-01-06] (Acronis)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2013-09-28] (Webroot)
S3 WSR_USF; C:\Windows\System32\Drivers\WSR_USF.sys [46720 2010-11-01] ()
S3 cmvad; system32\drivers\cmudaxv.sys [x]
U3 ETD; 
S0 ssfs0bbc; SYSTEM32\Drivers\SSFS0BBC.SYS [x]
S0 sshrmd; SYSTEM32\Drivers\SSHRMD.SYS [x]
S0 ssidrv; SYSTEM32\Drivers\SSIDRV.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-06 11:32 - 2013-11-06 11:32 - 01089445 _____ (Farbar) C:\Users\jhayward.LPANDT\Downloads\FRST.exe
2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST
2013-11-06 09:04 - 2012-06-04 10:27 - 00221112 ____H (Absolute Software Corp.) C:\Windows\system32\txntph.dll
2013-11-06 09:04 - 2012-06-04 10:27 - 00200789 ____H (Novatel Wireless, Inc.) C:\Windows\system32\SMSCodec.dll
2013-11-06 09:04 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\ntphprxy.dll
2013-11-06 09:04 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\d5720pxy.dll
2013-11-06 09:04 - 2012-06-04 10:25 - 00120760 ____H (Absolute Software Corp.) C:\Windows\system32\tahost.exe
2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled
2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey (1).xlsx
2013-10-25 14:25 - 2013-10-25 14:26 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey.xlsx
2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility
2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv
2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn
2013-10-22 08:01 - 2013-10-22 08:02 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe
2013-10-19 09:54 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility
2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls
2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility
2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip
2013-10-18 16:51 - 2013-10-18 16:52 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe
2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab
2013-10-17 13:17 - 2013-10-17 13:22 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe
2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website
2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine
2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job
2013-10-11 14:41 - 2013-10-23 07:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe
2013-10-11 14:41 - 2013-10-11 14:41 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda
2013-10-11 13:58 - 2010-05-26 18:30 - 00038352 _____ (Barracuda Networks) C:\Windows\system32\Drivers\bmrtswissarmy.sys
2013-10-11 13:56 - 2013-10-11 13:57 - 06051128 _____ (Barracuda Networks                                          ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe
2013-10-10 16:36 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 16:36 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 16:36 - 2013-09-22 18:28 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 16:36 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 16:36 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 16:36 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 16:36 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 07:09 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 07:09 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 07:09 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 07:09 - 2013-07-12 05:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 07:09 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 07:09 - 2013-07-12 05:07 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 07:09 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 07:09 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 07:09 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 07:09 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 07:09 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 07:09 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 07:09 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 07:09 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 07:09 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-07 11:58 - 2013-10-07 11:58 - 00006379 _____ C:\Users\jhayward.LPANDT\Downloads\{4fb7b7e1-a73f-4acc-b8bc-bc95a389cf01}_GreenPages_Webinar_-_Unlocking_the_Value_of_VMware_vCloud_Suite.ics
2013-10-07 09:54 - 2013-10-07 09:54 - 00000000 ____H C:\cmddunla.sys
2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttempoff.html
2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttemp.html
2013-10-07 09:44 - 2013-10-07 09:44 - 00000016 __RSH C:\ProgramData\wctreqid.sys
 
==================== One Month Modified Files and Folders =======
 
2013-11-06 11:33 - 2011-01-07 08:44 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Outlook Files
2013-11-06 11:32 - 2013-11-06 11:32 - 01089445 _____ (Farbar) C:\Users\jhayward.LPANDT\Downloads\FRST.exe
2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST
2013-11-06 11:31 - 2011-01-05 12:20 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-06 10:43 - 2012-06-20 07:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-06 10:40 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Adobe
2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Adobe
2013-11-06 09:02 - 2013-09-11 12:45 - 00000133 __RSH C:\ProgramData\3002.xml
2013-11-06 08:09 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-06 08:09 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-06 08:07 - 2010-12-28 19:12 - 00916598 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-06 08:06 - 2009-07-13 23:55 - 02050598 _____ C:\Windows\WindowsUpdate.log
2013-11-06 08:00 - 2013-09-12 19:52 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-11-06 08:00 - 2013-09-11 12:19 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2013-11-06 07:59 - 2011-01-05 13:35 - 00000000 _____ C:\Users\jhayward.LPANDT\AppData\Local\WavXMapDrive.bat
2013-11-06 07:59 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-06 07:58 - 2012-10-11 05:19 - 00053924 _____ C:\Windows\setupact.log
2013-11-06 07:58 - 2010-12-28 19:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-05 12:30 - 2012-04-13 14:54 - 00000000 ____D C:\ProgramData\WRData
2013-11-04 15:59 - 2011-01-05 14:53 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\SQL Server Management Studio
2013-11-04 14:23 - 2011-01-06 11:34 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\DameWare Development
2013-11-04 07:51 - 2010-12-28 19:34 - 00000000 ____D C:\ProgramData\Sonic
2013-11-04 06:52 - 2013-01-22 17:19 - 00000064 _____ C:\dvmaccounts.ini
2013-11-01 18:07 - 2011-01-06 10:52 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewHomeToBeFiled
2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled
2013-11-01 12:49 - 2011-01-05 20:01 - 00002038 ____H C:\Users\jhayward.LPANDT\Documents\Default.rdp
2013-11-01 07:16 - 2011-01-05 13:35 - 00004524 __RSH C:\Users\jhayward.LPANDT\ntuser.pol
2013-11-01 07:16 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT
2013-10-26 14:43 - 2011-01-06 11:40 - 00000000 ____D C:\tunes
2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey (1).xlsx
2013-10-25 14:26 - 2013-10-25 14:25 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey.xlsx
2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility
2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv
2013-10-23 19:38 - 2012-10-19 17:10 - 00147938 _____ C:\Windows\PFRO.log
2013-10-23 16:30 - 2011-01-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-23 11:43 - 2011-01-06 11:55 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\VMware
2013-10-23 08:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-23 07:10 - 2013-10-11 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-22 15:23 - 2013-02-14 14:18 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\PHD Virtual Backup
2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn
2013-10-22 08:02 - 2013-10-22 08:01 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe
2013-10-22 08:02 - 2011-09-01 12:44 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\join.me
2013-10-18 17:51 - 2011-06-03 07:05 - 00002378 _____ C:\Users\jhayward.LPANDT\Desktop\Google Chrome.lnk
2013-10-18 17:31 - 2011-01-05 18:39 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\PS
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility
2013-10-18 17:27 - 2013-10-18 17:23 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls
2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility
2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip
2013-10-18 16:52 - 2013-10-18 16:51 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe
2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab
2013-10-17 13:22 - 2013-10-17 13:17 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe
2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website
2013-10-16 15:10 - 2011-01-05 22:20 - 00000000 ___RD C:\Users\jhayward.LPANDT\Virtual Machines
2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine
2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job
2013-10-12 10:10 - 2012-01-06 18:10 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Home
2013-10-11 20:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-11 17:25 - 2013-06-05 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe
2013-10-11 14:41 - 2013-10-11 14:41 - 00001963 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-11 14:29 - 2011-11-21 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda
2013-10-11 13:57 - 2013-10-11 13:56 - 06051128 _____ (Barracuda Networks                                          ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe
2013-10-11 12:59 - 2011-05-06 06:36 - 00000000 ____D C:\MIS
2013-10-11 06:54 - 2009-07-13 23:33 - 00591688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 06:50 - 2010-12-28 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-10 16:47 - 2013-08-15 17:26 - 00000000 ____D C:\Windows\system32\MRT
2013-10-10 16:38 - 2011-01-05 13:41 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 16:28 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-10 10:48 - 2011-04-14 09:59 - 00000000 __SHD C:\Users\jhayward.LPANDT\Documents\cache
2013-10-09 07:43 - 2012-04-13 14:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 07:43 - 2012-04-13 14:32 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-07 11:58 - 2013-10-07 11:58 - 00006379 _____ C:\Users\jhayward.LPANDT\Downloads\{4fb7b7e1-a73f-4acc-b8bc-bc95a389cf01}_GreenPages_Webinar_-_Unlocking_the_Value_of_VMware_vCloud_Suite.ics
2013-10-07 10:28 - 2013-09-02 07:25 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Skype
2013-10-07 10:28 - 2013-09-02 07:24 - 00000000 ____D C:\ProgramData\Skype
2013-10-07 09:54 - 2013-10-07 09:54 - 00000000 ____H C:\cmddunla.sys
2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttempoff.html
2013-10-07 09:44 - 2013-10-07 09:44 - 00000251 __RSH C:\ProgramData\wcttemp.html
2013-10-07 09:44 - 2013-10-07 09:44 - 00000016 __RSH C:\ProgramData\wctreqid.sys
 
Files to move or delete:
====================
C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.js
C:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.js
C:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\jhayward\AppData\Local\Temp\MSNADCE.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\AskSLib.dll
C:\Users\jhayward.LPANDT\AppData\Local\Temp\DelayInst.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\installservice.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsi.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsiw.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0228.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\NV_Meet_Participant.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\OfficeSetup.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\Setup.X86.en-us_O365ProPlusRetail_cebd1216-2c98-4abe-bb52-84c4a602a06d_TX_PR_.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\WRupdate452106.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\_is3B0C.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-01 17:44
 
==================== End Of Log ============================
Link to post
Share on other sites

Here is the Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by jhayward at 2013-11-06 11:38:54
Running from C:\Users\jhayward.LPANDT\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {27678718-4A47-3119-06F0-3719487B3EBC}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 8.1.1)
4Site
7-Zip 9.20
AccelerometerP11 (Version: 2.00.00.12)
Acronis True Image Home (Version: 12.0.9796)
Adobe Acrobat XI Standard (Version: 11.0.05)
Adobe AIR (Version: 1.5.3.9120)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Connect 9 Add-in (HKCU Version: 11,2,247,0)
Adobe Contribute CS5 (Version: 6)
Adobe Download Assistant (Version: 1.2.3)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Help Center 2.0 (Version: 2.0.0)
Adobe Media Player (Version: 1.8)
Adobe Photoshop Elements 4.0 (Version: 4.0)
Adobe Premiere Elements 10 (Version: 10.0)
Adobe Premiere Elements 10 Content (Version: 10.0)
Adobe Premiere Elements 10 Content 1 (Version: 10.0)
Adobe Premiere Elements 10 Content 2 (Version: 10.0)
Adobe Premiere Elements 10 Content 3 (Version: 10.0)
Adobe Premiere Elements 10 HD Content 1 (Version: 10.0)
Adobe Premiere Elements 10 HD Content 2 (Version: 10.0)
Adobe Premiere Elements 10 HD Content 3 (Version: 10.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Advanced XML Converter 2.43 (Version: 2.43)
Akamai NetSession Interface
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
AVS Update Manager 1.0
AVS Video Converter 8 (Version: 8.3.2.533)
AVS4YOU Software Navigator 1.4
Barracuda Malware Removal Tool
BioAPI Framework (Version: 1.0.1)
Bonjour (Version: 3.0.0.10)
Calendar Printing Assistant for Microsoft Office Outlook 2007 (Version: 12.0.6612.1000)
CBN Selector 3 (Version: 3.07.0925)
CCleaner (Version: 3.23)
Cisco ASDM-IDM Launcher (Version: 1.5.54)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Cisco Systems VPN Client 5.0.07.0410 (Version: 5.0.7)
Citrix Authentication Manager (Version: 4.0.0.53726)
Citrix Online Launcher (Version: 1.0.122)
Citrix Receiver (HDX Flash Redirection) (Version: 13.4.0.25)
Citrix Receiver (Version: 13.4.0.25)
Citrix Receiver Inside (Version: 3.4.0.29585)
Citrix Receiver Updater (Version: 3.4.0.29577)
Citrix Receiver(Aero) (Version: 13.4.0.25)
Citrix Receiver(DV) (Version: 13.4.0.25)
Citrix Receiver(USB) (Version: 13.4.0.25)
CompuApps SwissKnife
Crystal Reports 2008 SP2 (Version: 12.1.0.883)
Crystal XI Runtime (Version: 1.0.0.0)
CyberLink PowerDVD 9.5 (Version: 9.5.1.3225)
D3DX10 (Version: 15.4.2368.0902)
DameWare Mini Remote Control 9.0 (Version: 9.0.1.247)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Dell Backup and Recovery Manager (Version: 1.3)
Dell Control Point (Version: 1.6.468.86)
Dell ControlPoint Security Manager (Version: 1.6.468.86)
Dell ControlVault Host Components Installer (Version: 1.7.459.360)
Dell Driver Download Manager (HKCU Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.05.04.002)
Dell Mobile Broadband Utility (Version: 3.00.23.003)
Dell Security Device Driver Pack (Version: 1.4.055)
Dell System Manager (Version: 1.5.00000)
Dell Touchpad (Version: 7.1007.101.210)
Dell Webcam Central (Version: 1.40.28)
DirectX 9 Runtime (Version: 1.00.0000)
DisplayLink Core Software (Version: 5.6.31854.0)
DisplayLink Graphics (Version: 5.6.32670.0)
DNE Update (Version: 4.11.1.18515)
Document Manager Lite (Version: 06.09.00.159)
Download Updater (AOL LLC)
Dropbox (HKCU Version: 1.2.49)
DW WLAN Card Utility (Version: 5.60.48.35)
Elements 10 Organizer (Version: 10.0)
EMBASSY Security Center (Version: 04.00.00.101)
EMBASSY Security Setup (Version: 04.00.00.090)
ESC Home Page Plugin (Version: 04.00.00.018)
Everio MediaBrowser HD Edition (Version: 1.01.022)
Extreme Translator Templates
Extreme Translator XML Templates
FRx 6.7 Client (\\Liserv3\FRx Software\FRX 6.7\) (Version: 6.7.0.0)
FRx 6.7 Supplemental Files (Version: 6.7.0.9329)
Gemalto (Version: 01.01.00.0000)
Google Chrome (HKCU Version: 30.0.1599.101)
Google Desktop (Version: 5.9.1005.12335)
GoToMeeting 5.5.0.1132 (HKCU Version: 5.5.0.1132)
honestech VHS to DVD 5.0 Deluxe (Version: 5.0)
iCloud (Version: 3.0.2.163)
ImgBurn (Version: 2.5.7.0)
InstallVC90Support (Version: 1.01.0000)
Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0)
Intel® Rapid Storage Technology (Version: 9.6.0.1014)
ISO Recorder (Version: 3.0.0)
iTunes (Version: 11.1.1.11)
Java Auto Updater (Version: 2.0.3.1)
Java 6 Update 24 (Version: 6.0.240)
Java 6 Update 7 (Version: 1.6.0.70)
join.me (HKCU Version: 1.11.1.256)
Juniper Networks Secure Meeting 6.0.0 (HKCU Version: 6.0.0.13319)
Juniper Networks Setup Client (HKCU Version: 1.1.0.0)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
ManageEngine AssetExplorer Agent (Version: 1.0.13)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
MFCLOC (Version: 1.00.0000)
Microsoft .NET Compact Framework 1.0 SP3 Developer (Version: 1.0.4292)
Microsoft .NET Compact Framework 2.0 (Version: 2.0.5238)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Device Emulator version 1.0 - ENU (Version: 1.0.50727.42)
Microsoft Document Explorer 2005
Microsoft Document Explorer 2005 (Version: 8.0.50727.42)
Microsoft Easy Assist v2 (Version: 8.1.6416.0)
Microsoft FRx 6.7 Programmability Support (Version: 6.7.9038.0)
Microsoft Lync 2010 (Version: 4.0.7577.4398)
Microsoft Mouse and Keyboard Center (Version: 2.0.161.0)
Microsoft Office 2003 Web Components (Version: 12.0.6213.1000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 365 ProPlus - en-us (Version: 15.0.4535.1511)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.202)
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Outlook Connector (Version: 14.0.6123.5001)
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Project Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office SharePoint Designer 2010 (Version: 14.0.7015.1000)
Microsoft Office SharePoint Designer MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SharePoint Designer 2010 (Version: 14.0.7015.1000)
Microsoft SharePoint Designer 2013 (Version: 15.0.4420.1017)
Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SOAP Toolkit 3.0 (Version: 3.00.1325.3)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools (Version: 3.0.0.0)
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Native Client (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Policies (Version: 10.50.1600.1)
Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.51.2500.0)
Microsoft SQL Server 2008 Setup Support Files  (Version: 10.1.2731.0)
Microsoft SQL Server Browser (Version: 10.51.2500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.51.2500.0)
Microsoft SQL Server VSS Writer (Version: 10.51.2500.0)
Microsoft Visio MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Visio Standard 2013 (Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Microsoft Visual Studio 2005 Professional Edition - ENU (Version: 8.0.50728)
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) (Version: 1)
Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (Version: 9.0.30729)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.35191)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
MiFi4510 Mobile Broadband Drivers (Version: 1.02.001.001.13)
Motorola Device Manager (Version: 2.4.3)
Motorola Device Software Update (Version: 13.07.3101)
Motorola Mobile Drivers Installation 6.2.0 (Version: 6.2.0)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSExcel 2010 (HKCU Version: 1.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Musicmatch® Jukebox (Version: 10.00.4015)
NETGEAR Live Parental Controls Management Utility 2.1.5 (Version: 2.1.5)
NETGEAR Live Parental Controls User Utility 2.1.6 (Version: 2.1.6)
Network Recording Player (Version: 2.29.3212)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA 3D Vision Driver 296.79 (Version: 296.79)
NVIDIA Control Panel 296.79 (Version: 296.79)
NVIDIA Graphics Driver 296.79 (Version: 296.79)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA nView 136.28 (Version: 136.28)
NVIDIA nView Desktop Manager (Version: 6.14.10.12152)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.9679)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4535.1004)
Office 15 Click-to-Run Localization Component (Version: 15.0.4535.1004)
Online Plug-in (Version: 13.4.0.25)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
OverDrive Media Console (Version: 3.2.10)
PARCView 5.0 (Version: 5.00.0006)
PHD Virtual Backup (Version: 6.5.0)
PhotoShowExpress (Version: 2.0.028)
Powerterm (HKCU Version: 1.0)
PowerTerm Pro  8.8.3
PRE10STIInstaller (Version: 1.0)
Preboot Manager (Version: 03.00.00.154)
Private Information Manager (Version: 06.04.00.065)
Qualcomm Gobi 2000 Package for Dell (Version: 1.1.70)
QuickTime (Version: 7.74.80.86)
QuorumLabs onQ Web Start
Reader 2.1 (Version: 2.1.2.1143)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Burn (Version: 1.8.57.4)
Roxio Creator Starter (Version: 1.0.311)
Roxio Creator Starter (Version: 12.1.40.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
RVTools (Version: 3.4.3)
Samsung_MonSetup (Version: 1.00.0000)
Security Wizards (Version: 01.07.00.026)
Self-service Plug-in (Version: 3.4.0.33684)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (Version: 10.51.2500.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shared Add-in Extensibility Update for Microsoft .NET Framework 2.0 (KB908002) (Version: 1.0.0)
Shrew Soft VPN Client
Shutterfly Express Uploader (Version: 1.2.0)
Shutterfly Express Uploader (Version: 1.2.0.0)
SmartSound Premiere Elements 10 Plugin (Version: 5.70.0001)
SmartSound Sonicfire Pro 5 (Version: 5.7.1)
SMSC Core Graphics Software (Version: 3.2.48.9685)
SnagIt 9 (Version: 9.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0)
SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0)
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1)
SUPERAntiSpyware (Version: 5.6.1040)
swMSM (Version: 12.0.0.1)
TextPad 4
Total Commander (Remove or Repair) (Version: 8.0)
Trusted Drive Manager (Version: 3.3.3.104)
Unisphere CLI 1.5.2.10002 (Version: 1.5.2.10002)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2738038) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760242) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760257) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760267) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817309) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817311) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817490) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817493) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817626) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817640) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827225) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827228) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827230) 32-Bit Edition
Update for Microsoft Office 2013 (KB2827235) 32-Bit Edition
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Outlook 2013 (KB2825632) 32-Bit Edition
Update for Microsoft SharePoint Designer 2013 (KB2768006) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2752018) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB932232) (Version: 1)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Microsoft Word 2013 (KB2817631) 32-Bit Edition
UPEK TouchChip Fingerprint Reader (Version: 1.2.0)
USB2.0 VIDBOX NW03  (Version: 3.0.2)
UWB Connection Manager (Version: 1.49.9)
ViewSpan (Version: 2.8.1.0)
VMware Client Integration Plug-in 5.1.0 (Version: 5.1.0.1060500)
VMware vCenter Converter Client 4.2 (Version: 4.2.0.254483)
VMware vCenter Update Manager Client 4.1 (Version: 4.1.0.5142)
VMware vSphere CLI (Version: 5.1.0.4020)
VMware vSphere Client 4.1 (Version: 4.1.0.32733)
VMware vSphere Client 5.1 (Version: 5.1.0.2083)
VMware vSphere Update Manager Client 5.1 (Version: 5.1.0.13071)
VZAccess Manager (Version: 7.3.7.1)
Warpia StreamHD (Version: 1.0.0.1643)
Wave Infrastructure Installer (Version: 07.01.31.0000)
Wave Support Software (Version: 05.10.00.073)
WebEx
Webroot SecureAnywhere (Version: 8.1.165)
WIDCOMM Bluetooth Software (Version: 6.3.0.3102)
Windows Azure Active Directory Module for Windows PowerShell (Version: 1.0.0)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (Version: 09/11/2009 1.0.1.6)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows XP Mode (Version: 1.3.7600.16423)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
WinSCP 4.2.9 (Version: 4.2.9)
Wireless USB WinDrivers (Version: 14.2.122.2)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)
 
==================== Restore Points  =========================
 
21-10-2013 10:23:41 Windows Update
22-10-2013 21:16:42 Windows Update
23-10-2013 21:27:29 Windows Update
24-10-2013 20:00:56 Installed Motorola Device Manager
31-10-2013 21:50:54 Windows Update
05-11-2013 13:13:27 Windows Update
06-11-2013 15:38:57 Removed Adobe Reader 9.2.
 
==================== Hosts content: ==========================
 
2009-07-13 21:04 - 2012-01-10 08:11 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    102.112.207.net
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {024652D7-86D6-4BE3-BC0A-049DD1AF3BB6} - System32\Tasks\{E669B9A2-4340-4C83-80AD-17394D0345D6} => C:\SWISNIFE\SWISNIFE.EXE
Task: {10E7EDAB-A272-4763-822C-FC84AF4A08E4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2013-10-10] (Microsoft Corporation)
Task: {16534D06-DB6E-4CFF-AC41-A60D55113AA4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {293E97B4-956C-4E66-BDB9-BF26D4066365} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {3AF3685A-F6C0-4F7A-B9D2-8D9058A3541E} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {3FC49112-50F9-4082-9305-2B4794ACA931} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-09-24] (Piriform Ltd)
Task: {4CB13240-11D8-4CE7-8C6D-AD1051D5FB3B} - System32\Tasks\{471A2D3F-E365-4AAC-88CF-565098DA19F2} => C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe [2006-11-07] (Musicmatch, Inc.)
Task: {61FDB587-F222-4462-909D-77A741F0F40C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LPANDT-jhayward pclis2.lpandt.local => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-10-10] (Microsoft Corporation)
Task: {642BD5A6-D751-4CF2-BBE1-AFB6FA53686B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [2013-09-06] (Microsoft Corporation)
Task: {669F65D0-4C2A-4263-B2BB-1C7C593E6653} - System32\Tasks\{BC327195-55CF-404C-A207-20ECBF5D6384} => E:\autorun.exe
Task: {762C2EDF-B089-4711-A737-9A4E51295C17} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-10-10] (Microsoft Corporation)
Task: {7EB6FC0D-BD78-481B-8474-2810EEF6C51B} - System32\Tasks\{BD5E30DC-FCDF-4789-8C01-0A7F685CB7CC} => E:\autorun.exe
Task: {8731817D-FF34-4028-B8C1-44DBEADFAEA6} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {8A87AF5B-65F8-4501-83BD-F5D582E2D7BC} - System32\Tasks\LaunchApp => C:\Program Files\JustCloud\JustCloud.exe
Task: {A04F00EA-755A-4DBA-87E7-EBB29107356E} - System32\Tasks\{D3B99B10-D73F-44F3-A4DD-911517002463} => C:\Program Files\Musicmatch\Musicmatch Jukebox\mmjb.exe [2006-11-07] (Musicmatch, Inc.)
Task: {A324040D-40A0-4950-9B03-3483A84DC0F0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ADB39ECF-60AD-440F-ABB7-A0C15C0B010E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {AF0AA9FA-4838-4278-BD35-51F63482DD01} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\microsoft shared\OFFICE15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C58AD746-0389-47D8-8077-885B11816834} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {0d809de6-6d6a-4df9-8b5d-1a7f0ca78b4a} pclis2.lpandt.local => C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE [2013-10-10] (Microsoft Corporation)
Task: {CAE93810-D9AF-4238-80B7-0C1F0674F474} - System32\Tasks\AdobeAAMUpdater-1.0-LPANDT-jhayward => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {DA2B5EDF-EC8A-4632-8BD5-AD80B69F15FF} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-07-31] ()
Task: {E257C6CD-E93A-41EC-B7DF-C9B112E00B26} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\office15\msoia.exe [2013-10-10] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job => C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-14 07:35 - 2013-09-12 20:14 - 08866472 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2010-01-19 13:44 - 2010-01-19 13:44 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2010-08-30 04:34 - 2010-08-30 04:34 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2011-01-05 20:12 - 2006-06-26 13:37 - 00122880 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\mmgit.dll
2011-01-05 20:12 - 2006-11-07 15:41 - 00139264 _____ () C:\Program Files\Musicmatch\Musicmatch Jukebox\CDDVDAccess.dll
2011-03-27 17:20 - 2011-03-27 17:20 - 00048440 _____ () C:\Program Files\Wireless USB\Components\WirelessUSBManager\CompInfo.dll
2011-11-13 10:40 - 2011-11-13 10:40 - 00101408 _____ () C:\Program Files\Wireless USB\Components\WirelessUSBManager\WUSBResource.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-10-10 07:14 - 2013-10-10 07:14 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2013-10-10 07:14 - 2013-10-10 07:14 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2013-09-12 20:12 - 2013-09-12 20:12 - 00022696 _____ () C:\Program Files\Microsoft Office 15\root\office15\lynchtmlconvpxy.dll
2009-10-23 10:05 - 2009-10-23 10:05 - 00101888 _____ () C:\Program Files\Microsoft Office\Office12\cpaoaddin.dll
2013-10-10 07:15 - 2013-10-10 07:16 - 01027240 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2013-06-05 20:39 - 2013-06-05 21:00 - 00321088 _____ () C:\Program Files\Microsoft Office 15\root\office15\msfad.dll
2013-10-10 07:14 - 2013-10-10 07:14 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2013-10-10 07:14 - 2013-10-10 07:14 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\c2r32.dll
2013-10-18 17:51 - 2013-10-08 19:01 - 00698832 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 17:51 - 2013-10-08 19:01 - 00099792 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 17:51 - 2013-10-08 19:02 - 04055504 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 17:51 - 2013-10-08 19:02 - 00415184 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 17:51 - 2013-10-08 19:01 - 01604560 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2012-09-23 20:43 - 2012-09-23 20:43 - 00313992 _____ () C:\Program Files\Adobe\Acrobat 11.0\Acrobat\sqlite.dll
2013-10-18 17:51 - 2013-10-08 19:02 - 13584336 _____ () C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:060CC3DC
AlternateDataStreams: C:\Users\jhayward.LPANDT\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wctsys => "(Default)"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wctsys => "(Default)"="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Cisco Systems VPN Adapter
Description: Cisco Systems VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Dell Wireless 375 Bluetooth Module with AMP
Description: Dell Wireless 375 Bluetooth Module with AMP
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: C-Media Wi-Sonic Wireless Audio Device
Description: C-Media Wi-Sonic Wireless Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: C-Media
Service: cmvad
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/06/2013 08:01:59 AM) (Source: dwmrcs) (User: )
Description: Error: 
DameWare Mini Remote Control
No Link-Local or Site-Local Cloud Available (Local).
 
System Error: 0
System Message: The operation completed successfully.
 
 (srv 32 bit)
 
Error: (11/06/2013 07:59:29 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error: (11/05/2013 10:14:40 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/05/2013 09:36:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/05/2013 08:46:23 AM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18205, time stamp: 0x51db96c5
Exception code: 0xc0000374
Fault offset: 0x000c385b
Faulting process id: 0x1708
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (11/05/2013 08:09:26 AM) (Source: dwmrcs) (User: )
Description: Error: 
DameWare Mini Remote Control
No Link-Local or Site-Local Cloud Available (Local).
 
System Error: 0
System Message: The operation completed successfully.
 
 (srv 32 bit)
 
Error: (11/05/2013 08:07:11 AM) (Source: Desktop Window Manager) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x88980406)
 
Error: (11/04/2013 05:50:45 PM) (Source: dwmrcs) (User: )
Description: Error: 
DameWare Mini Remote Control
System Error: 19
6.7.1 - Unable to set run key. (srv 32 bit)
 
Error: (11/04/2013 11:25:28 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/04/2013 09:44:51 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"1".
Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (11/06/2013 08:47:13 AM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (11/06/2013 08:02:29 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service failed to start due to the following error: 
%%1053
 
Error: (11/06/2013 08:02:29 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
 
Error: (11/06/2013 08:02:29 AM) (Source: DCOM) (User: )
Description: 1053TrustedInstaller{752073A1-23F2-4396-85F0-8FDB879ED0ED}
 
Error: (11/06/2013 08:01:56 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ssfs0bbc
sshrmd
ssidrv
 
Error: (11/06/2013 07:59:15 AM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (11/06/2013 07:58:45 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 5:13:40 PM on ‎11/‎5/‎2013 was unexpected.
 
Error: (11/05/2013 05:13:55 PM) (Source: DCOM) (User: )
Description: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error: (11/05/2013 03:42:39 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
Error: (11/05/2013 02:42:35 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.
 
 
Microsoft Office Sessions:
=========================
Error: (05/16/2012 00:38:01 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23556 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (05/08/2012 00:36:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8262 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/08/2012 10:18:36 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1838 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/26/2012 03:32:36 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 9, Application Name: Microsoft Office Project, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8862 seconds with 360 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 74%
Total physical RAM: 3317.83 MB
Available physical RAM: 859.39 MB
Total Pagefile: 6633.95 MB
Available Pagefile: 2104.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.98 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.47 GB) (Free:61.98 GB) NTFS
Drive d: (READER) (Fixed) (Total:2 GB) (Free:1.91 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 77E3ED41)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

MBAR log 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1007
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Non-administrative
 
Internet Explorer version: 10.0.9200.16721
 
Java version: 1.6.0_24
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 3478999040, free: 926691328
 
Downloaded database version: v2013.11.06.07
Downloaded database version: v2013.10.11.02
=======================================
Initializing...
------------ Kernel report ------------
     11/06/2013 11:46:33
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\stdfltn.sys
\SystemRoot\system32\DRIVERS\tdrpm228.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\system32\drivers\sgfxl32.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\PBADRV.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\dlkmdldr.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\dwvkbd.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\vfilter.sys
\SystemRoot\system32\DRIVERS\dnelwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\D:\Program Files\Dell\Reader 2.1\dvmio.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\system32\drivers\sgfxk32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\dlkmd.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\e1k6232.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\risdpe86.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\Accelern.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\DamewareMini.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\CtClsFlt.sys
\SystemRoot\system32\DRIVERS\dc3d.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\cvusbdrv.sys
\SystemRoot\system32\drivers\hidusb.sys
\SystemRoot\system32\drivers\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\WavxDMgr.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\??\C:\Windows\system32\Drivers\CVPNDRVA.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\qcfilterdl2k.sys
\SystemRoot\system32\DRIVERS\qcusbnetdl2k.sys
\SystemRoot\system32\DRIVERS\qcusbserdl2k.sys
\SystemRoot\system32\drivers\modem.sys
\??\C:\Windows\system32\Drivers\SBKUPNT.SYS
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\BCM42RLY.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\shlwapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\lpk.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shell32.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\difxapi.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff88c9b9c8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff870a6028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff88c9b9c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff891a7c70, DeviceName: Unknown, DriverName: \Driver\WRkrn\
DevicePointer: 0xffffffff88c9dcf8, DeviceName: Unknown, DriverName: \Driver\tdrpman228\
DevicePointer: 0xffffffff88c9c950, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff88c9cd10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88c9b760, DeviceName: Unknown, DriverName: \Driver\tdrpman228\
DevicePointer: 0xffffffff88c9b9c8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff88c9b020, DeviceName: Unknown, DriverName: \Driver\stdflt\
DevicePointer: 0xffffffff870fdcb0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff870a6028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\tdrpman228\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 77E3ED41
 
Partition information:
 
    Partition 0 type is Other (0xde)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 80262
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 81920  Numsec = 25686016
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 25767936  Numsec = 946804736
 
    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 972572672  Numsec = 4198400
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
Done!
Infected: c:\windows\$ntuninstallkb3047$\2502619694 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb3047$\3214718075 --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb3047$\3214718075\l --> [backdoor.0Access]
Infected: c:\windows\$ntuninstallkb3047$\3214718075\u --> [backdoor.0Access]
Scan finished
Link to post
Share on other sites

Fix with Malwarebytes Anti-Rootkit

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

 

 

Also post up a ne FRST log.

Link to post
Share on other sites

Good news is the second mbar run found no malware (see log below).

The bad news is that while it was running, I had the phoenix.exe popup again...so it would appear that the problem is not resolved.

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1007
www.malwarebytes.org
 
Database version: v2013.11.07.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
jhayward :: PCLIS2 [administrator]
 
11/7/2013 9:32:28 AM
mbar-log-2013-11-07 (09-32-28).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 359019
Time elapsed: 1 hour(s), 11 minute(s), 56 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Psychotic,

 

Ok, with the Phoenix.exe error appearing, and without deleting the file, have run a new FRST... here is the output:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2013 01
Ran by jhayward (administrator) on PCLIS2 on 10-11-2013 18:20:01
Running from C:\Users\jhayward.LPANDT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BPU00H4
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) ===================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Alereon) C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\system32\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Wisair Ltd.) C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
() C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DVMExportService.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
() C:\Program Files\ShrewSoft\VPN Client\iked.exe
() C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
() C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
() C:\Program Files\ManageEngine\AssetExplorer\bin\aeagent.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
() C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe
(Motorola) C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
(QUALCOMM, Inc.) C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Novatel Wireless Inc.) C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\zFTPServer\zFTPServer.exe
(Dell Inc.) c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(DeviceVM, Inc.) D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe
(Creative Technology Ltd) C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(Musicmatch, Inc.) C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Wisair Ltd.) C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\lync.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Akamai Technologies, Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagIt32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\TSCHelp.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
(Alereon) C:\Program Files\Warpia\UWB Wireless\WusbLite.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\SnagPriv.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(TechSmith Corporation) C:\Program Files\TechSmith\SnagIt 9\snagiteditor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\UcMapi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
() C:\ProgramData\Rpcnet\Bin\rpccm.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Absolute Software Corp.) C:\Windows\system32\tahost.exe
(Novatel Wireless Inc.) C:\Windows\system32\Phoenix.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-26] (IDT, Inc.)
HKLM\...\Run: [broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5249024 2010-02-02] (Dell Inc.)
HKLM\...\Run: [WavXMgr] - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [147840 2010-07-21] (Wave Systems Corp.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [DellBtrEvent] - D:\Program Files\Dell\Reader 2.1\DellBtrEvent.exe [147456 2010-05-04] (DeviceVM, Inc.)
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM\...\Run: [RemoteControl9] - C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM\...\Run: [PDVD9LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-04-29] (CyberLink Corp.)
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [MimBoot] - C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [8192 2006-11-07] (Musicmatch, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [57344 2005-09-09] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [TrueImageMonitor.exe] - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4355464 2009-06-22] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] - C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960568 2009-06-22] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [377248 2009-06-22] (Acronis)
HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)
HKLM\...\Run: [Desktop Disc Tool] - C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-01] ()
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WirelessUSBManager] - C:\Program Files\Wireless USB\Components\WirelessUSBManager\WirelessUSBManager.exe [2968400 2011-03-27] (Wisair Ltd.)
HKLM\...\Run: [WRSVC] - C:\Program Files\Webroot\WRSA.exe [756776 2013-11-07] (Webroot)
HKLM\...\Run: [Communicator] - C:\Program Files\Microsoft Lync\communicator.exe [12108456 2013-06-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1634112 2012-05-11] ()
HKLM\...\Run: [intelliType Pro] - C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1093272 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [intelliPoint] - C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [1668248 2012-10-12] (Microsoft Corporation)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)
HKLM\...\Run: [sgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [1536104 2012-06-19] ()
HKLM\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [barracuda Malware Removal Tool (reboot)] - C:\Program Files\Barracuda\Barracuda Malware Removal Tool\bmrt.exe [857480 2010-05-26] (Barracuda Networks)
HKLM\...\Run: [DameWare MRC Agent] - C:\Windows\dwrcs\DWRCST.EXE [277456 2011-12-12] (SolarWinds)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
HKCU\...\Run: [CAHeadless] - C:\Program Files\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [539800 2011-09-14] (Adobe Systems Incorporated)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\jhayward.LPANDT\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\AdobeCollabSync.exe [694152 2013-09-05] (Adobe Systems Incorporated)
HKCU\...\Run: [Google Update] - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-06-03] (Google Inc.)
HKCU\...\Run: [Lync] - C:\Program Files\Microsoft Office 15\root\office15\lync.exe [18633888 2013-10-10] (Microsoft Corporation)
HKCU\...\Run: [AppleIEDAV] - C:\Program Files\Common Files\Apple\Internet Services\AppleIEDAV.exe [1315144 2013-09-04] (Apple Inc.)
HKCU\...\Run: [sUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [5717272 2013-11-07] (SUPERAntiSpyware)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
MountPoints2: {0c137186-3ffe-11e2-8674-c0cb38353b98} - F:\LaunchU3.exe -a
MountPoints2: {3cc7b2ee-aefe-11e1-baf8-00a0c6000000} - F:\TL-Bootstrap.exe
MountPoints2: {4cfd604f-bc62-11e1-9cb2-5c260a2dbd42} - I:\MotoCastSetup.exe -a
MountPoints2: {9c99fff4-e8bb-11e1-b6c4-00059a3c7800} - F:\MotoCastSetup.exe -a
MountPoints2: {b720afb3-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exe
MountPoints2: {b720b31d-b25a-11e0-b861-5c260a2dbd42} - F:\TL-Bootstrap.exe
MountPoints2: {bdaf5659-93bf-11e0-9991-00a0c6000000} - F:\TL-Bootstrap.exe
MountPoints2: {de336a81-894d-11e1-9682-00a0c6000000} - F:\setup.exe -a
Startup: C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
ProxyServer: 172.20.0.21:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://lpt.sharepoint.com/teams/LPTDEPT/IT/_layouts/15/start.aspx#/SitePages/Home.aspx
SearchScopes: HKLM - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKCU - DefaultScope {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = 
SearchScopes: HKCU - {080D4E7D-BC77-4A2C-A2D6-6793F3F99323} URL = 
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: {7B7929AB-E06A-4508-BE68-1CC7A6997808} https://fileservice.emc.com/XFile/SAXFileEE.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.ericom.com/dana-cached/sc/JuniperSetupClient.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: 127.0.0.1    102.112.207.net
Tcpip\..\Interfaces\{6A2B8B82-FF68-4575-9984-7A609318F9D4}: [NameServer]198.224.186.135 198.224.187.135
Tcpip\..\Interfaces\{7676EF64-FF29-4768-9E70-B407B1F02E15}: [NameServer]172.20.20.16,172.20.20.17
Tcpip\..\Interfaces\{98C436D4-2943-4F4D-9A57-F9B19E92EA90}: [NameServer]172.20.20.16,172.20.20.17
 
FireFox:
========
FF ProfilePath: C:\Users\jhayward.LPANDT\AppData\Roaming\Mozilla\Firefox\Profiles\9ougtvei.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @vmware.com/client-support,version=5.1.0.00000 - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)
FF Plugin: @vmware.com/vmrc,version=5.1.0.00000 - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml
FF HKLM\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (ActiveTouch General Plugin Container) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll (Cisco WebEx LLC)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CHR Plugin: (Citrix ICA Client) - C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (VMware Remote Console Plug-in) - C:\Program Files\Common Files\VMware\VMware Remote Console Plug-in 5.1\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VMware Client Support Plug-in) - C:\Program Files\VMware\Client Integration Plug-in 5.1\ClientSupportTools\np-vmware-client-support.dll (VMware, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Citrix Online Web Deployment Plugin 1.0.0.104) - C:\Users\jhayward.LPANDT\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
CHR Plugin: (Google Update) - C:\Users\jhayward.LPANDT\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (New Tab Redirect!) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0
CHR Extension: (Google Wallet) - C:\Users\JHAYWA~1.LPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-06-22] (Acronis)
R2 AdobeActiveFileMonitor10.0; C:\Program Files\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
R2 AdobeActiveFileMonitor4.0; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()
R2 aluwbservice; C:\Program Files\Warpia\UWB Wireless\AlUwbService.exe [12288 2012-09-20] (Alereon)
R2 atashost; C:\Windows\system32\atashost.exe [116536 2011-01-21] (Cisco WebEx LLC)
R2 CableAssociation; C:\Program Files\Wireless USB\Components\Association\CableAssociation.exe [1113416 2010-12-08] (Wisair Ltd.)
R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)
R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-09-27] (Cisco Systems, Inc.)
R2 dcpsysmgrsvc; c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe [388464 2010-08-24] (Dell Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [5240168 2011-04-10] (DisplayLink Corp.)
R2 dtpd; C:\Program Files\ShrewSoft\VPN Client\dtpd.exe [54544 2010-10-08] ()
R2 DvmMDES; D:\Program Files\Dell\Reader 2.1\DVMExportService.exe [327680 2010-05-04] (DeviceVM, Inc.)
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [588752 2011-12-12] (SolarWinds)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-03-17] (Google)
R2 iked; C:\Program Files\ShrewSoft\VPN Client\iked.exe [726288 2010-10-08] ()
R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()
R2 ipsecd; C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [541968 2010-10-08] ()
R2 ManageEngine AssetExplorer Agent; C:\Program Files\ManageEngine\AssetExplorer\bin\agentmonitor.exe [598016 2013-09-05] ()
S3 ManageEngine AssetExplorer RemoteControl; C:\Program Files\ManageEngine\AssetExplorer\\RemoteControl\Service.exe [2166784 2013-09-05] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [1589152 2011-09-28] (Microsoft Corp.)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [43040096 2011-06-17] (Microsoft Corporation)
S4 msvsmon80; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2808664 2007-02-22] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe [3201024 2008-07-29] (Microsoft Corporation)
R2 NvtlService; C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()
R2 NWHelper; C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe [215552 2010-06-03] (Novatel Wireless Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX86\integratedoffice.exe [1320120 2013-09-06] (Microsoft Corporation)
R2 PST Service; C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
R2 QDLService2kDell; C:\Program Files\QUALCOMM\QDLService2k\QDLService2kDell.exe [329976 2009-11-23] (QUALCOMM, Inc.)
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-09-04] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-09-04] (Sonic Solutions)
R2 RPCNET; C:\Windows\system32\rpcnet.exe [69792 2013-09-11] (Absolute Software Corp.)
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-02-03] (Wave Systems Corp.)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [4247552 2012-06-20] (SMSC)
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [370016 2011-06-17] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [245842 2010-05-26] (IDT, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1164648 2010-03-29] (Wave Systems Corp.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [672408 2012-07-06] (VMware, Inc.)
R2 VZWConfigService; C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe [139776 2011-02-11] (Novatel Wireless Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-02-02] (Dell Inc.)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [756776 2013-11-07] (Webroot)
R2 zFTPSvc; C:\Program Files\zFTPServer\zFTPServer.exe [3424768 2010-10-20] ()
R2 MSSQLServerOLAPService; "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"
R2 Rpccm; C:\ProgramData\Rpcnet\Bin\rpccm.exe [x]
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]
S3 WRRmtInstSvc; WRRmtInstSvc.exe /service [x]
 
==================== Drivers (Whitelisted) ====================
 
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)
S3 al56xxpt; C:\Windows\System32\Drivers\al56xxpt.sys [25088 2012-09-13] (Alereon Inc.)
S3 ALDWA; C:\Windows\System32\DRIVERS\ALDWA.SYS [157056 2012-09-13] (Alereon, Inc.)
S3 ALHWA; C:\Windows\System32\DRIVERS\ALHWA.SYS [195200 2012-09-13] (Alereon, Inc.)
S3 ALURCU; C:\Windows\System32\DRIVERS\ALURCU.SYS [91520 2012-09-13] (Alereon, Inc.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-02-02] (Broadcom Corporation)
S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2010-01-11] (Broadcom Corporation.)
S3 CtAudDrv; C:\Windows\system32\Drivers\CtAudDrv.sys [134144 2009-05-28] (Creative Technology Ltd.)
R3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-09-27] (Cisco Systems, Inc.)
R3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-10-30] (Broadcom Corporation)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [21888 2012-03-12] (http://libusb-win32.sourceforge.net)
S3 DLCopyFilter; C:\Windows\System32\Drivers\wsr_tbf.sys [50816 2010-07-21] ()
R3 dlkmd; C:\Windows\system32\drivers\dlkmd.sys [182896 2011-04-10] (DisplayLink Corp.)
R0 dlkmdldr; C:\Windows\System32\drivers\dlkmdldr.sys [14448 2011-04-10] (DisplayLink Corp.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [94848 2012-09-21] (Citrix Systems, Inc.)
R1 DVMIO; D:\Program Files\Dell\Reader 2.1\dvmio.sys [18320 2010-05-04] (DeviceVM, Inc.)
S3 DWA; C:\Windows\System32\DRIVERS\WSR_DWA.SYS [516096 2010-11-18] ()
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [3712 2007-02-07] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd.sys [26624 2007-02-15] (DameWare)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [38296 2012-07-06] (VMware, Inc.)
S3 hwa; C:\Windows\System32\DRIVERS\WSR_HWA.SYS [900096 2010-11-18] ()
S3 HWARadio; C:\Windows\System32\DRIVERS\WSR_RCI.SYS [147968 2010-11-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-08-01] (Microsoft Corporation)
S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [243712 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [176384 2011-03-01] (Novatel Wireless Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R3 qcfilterdl2k; C:\Windows\System32\DRIVERS\qcfilterdl2k.sys [5248 2009-12-02] (QUALCOMM Incorporated)
R3 qcusbnetdl2k; C:\Windows\System32\DRIVERS\qcusbnetdl2k.sys [201728 2009-12-02] (QUALCOMM Incorporated)
R3 qcusbserdl2k; C:\Windows\System32\DRIVERS\qcusbserdl2k.sys [106368 2009-12-02] (QUALCOMM Incorporated)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-21] (REDC)
S3 rixdpcie; C:\Windows\system32\DRIVERS\rixdpe86.sys [38912 2010-03-21] (REDC)
S4 RsFx0151; C:\Windows\System32\DRIVERS\RsFx0151.sys [240736 2011-06-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 SBKUPNT; C:\Windows\system32\Drivers\SBKUPNT.SYS [14976 2001-07-13] ()
R4 sgfxk; C:\Windows\System32\drivers\sgfxk32.sys [113256 2012-07-03] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl32.sys [13928 2012-07-03] (SMSC)
R0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)
R0 tdrpman228; C:\Windows\System32\DRIVERS\tdrpm228.sys [902592 2011-01-06] (Acronis)
R2 tifsfilter; C:\Windows\System32\DRIVERS\tifsfilt.sys [44704 2011-01-06] (Acronis)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [479232 2007-06-22] (eMPIA Technology, Inc.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [28288 2007-02-06] (eMPIA Technology, Inc.)
R1 vflt; C:\Windows\System32\DRIVERS\vfilter.sys [17920 2010-09-02] (Shrew Soft Inc)
S3 vnet; C:\Windows\System32\DRIVERS\virtualnet.sys [13824 2010-09-02] (Shrew Soft Inc)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [229888 2010-01-19] (Wave Systems Corp.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2013-11-07] (Webroot)
S3 WSR_USF; C:\Windows\System32\Drivers\WSR_USF.sys [46720 2010-11-01] ()
S3 cmvad; system32\drivers\cmudaxv.sys [x]
U3 ETD; 
S0 ssfs0bbc; SYSTEM32\Drivers\SSFS0BBC.SYS [x]
S0 sshrmd; SYSTEM32\Drivers\SSHRMD.SYS [x]
S0 ssidrv; SYSTEM32\Drivers\SSIDRV.SYS [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-10 11:49 - 2012-06-04 10:27 - 00581711 ____H (Novatel Wireless Inc.) C:\Windows\system32\Phoenix.exe
2013-11-10 11:49 - 2012-06-04 10:27 - 00221112 ____H (Absolute Software Corp.) C:\Windows\system32\txntph.dll
2013-11-10 11:49 - 2012-06-04 10:27 - 00200789 ____H (Novatel Wireless, Inc.) C:\Windows\system32\SMSCodec.dll
2013-11-10 11:49 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\ntphprxy.dll
2013-11-10 11:49 - 2012-06-04 10:27 - 00062904 ____H (Absolute Software Corp.) C:\Windows\system32\d5720pxy.dll
2013-11-10 11:49 - 2012-06-04 10:25 - 00120760 ____H (Absolute Software Corp.) C:\Windows\system32\tahost.exe
2013-11-08 09:26 - 2013-11-07 14:42 - 00307310 _____ C:\Users\jhayward.LPANDT\Desktop\2013_11_08_EmployeeInformationalMeeting.pptx
2013-11-06 13:03 - 2013-11-06 13:03 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\Antivirus_Malware
2013-11-06 11:46 - 2013-11-07 10:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-06 11:46 - 2013-11-07 09:32 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-06 11:45 - 2013-11-07 10:51 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\mbar
2013-11-06 11:45 - 2013-11-07 08:57 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-06 11:44 - 2013-11-06 11:45 - 12576792 _____ (Malwarebytes Corp.) C:\Users\jhayward.LPANDT\Downloads\mbar-1.07.0.1007.exe
2013-11-06 11:39 - 2013-11-06 11:39 - 00068406 _____ C:\Users\jhayward.LPANDT\Downloads\FRST.txt
2013-11-06 11:38 - 2013-11-06 11:39 - 00042104 _____ C:\Users\jhayward.LPANDT\Downloads\Addition.txt
2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST
2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled
2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey (1).xlsx
2013-10-25 14:25 - 2013-10-25 14:26 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey.xlsx
2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility
2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv
2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn
2013-10-22 08:01 - 2013-10-22 08:02 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe
2013-10-19 09:54 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-19 09:54 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility
2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls
2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility
2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip
2013-10-18 16:51 - 2013-10-18 16:52 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe
2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab
2013-10-17 13:17 - 2013-10-17 13:22 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe
2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website
2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine
2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job
2013-10-11 14:41 - 2013-11-08 08:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda
2013-10-11 13:58 - 2010-05-26 18:30 - 00038352 _____ (Barracuda Networks) C:\Windows\system32\Drivers\bmrtswissarmy.sys
2013-10-11 13:56 - 2013-10-11 13:57 - 06051128 _____ (Barracuda Networks                                          ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe
 
==================== One Month Modified Files and Folders =======
 
2013-11-10 18:21 - 2011-01-07 08:44 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Outlook Files
2013-11-10 18:20 - 2012-04-13 14:54 - 00000000 ____D C:\ProgramData\WRData
2013-11-10 17:43 - 2012-06-20 07:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-10 16:30 - 2011-01-05 12:20 - 00000120 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-10 11:48 - 2013-09-11 12:45 - 00000138 __RSH C:\ProgramData\3002.xml
2013-11-10 08:10 - 2009-07-13 23:55 - 01146124 _____ C:\Windows\WindowsUpdate.log
2013-11-10 02:00 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Adobe
2013-11-08 19:33 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 19:33 - 2009-07-13 23:34 - 00014256 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 19:26 - 2013-09-12 19:52 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2013-11-08 19:26 - 2013-09-11 12:19 - 00069792 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2013-11-08 19:26 - 2011-01-05 13:35 - 00000000 _____ C:\Users\jhayward.LPANDT\AppData\Local\WavXMapDrive.bat
2013-11-08 19:26 - 2010-12-28 19:34 - 00000000 ____D C:\ProgramData\Sonic
2013-11-08 19:25 - 2012-10-11 05:19 - 00054260 _____ C:\Windows\setupact.log
2013-11-08 19:25 - 2010-12-28 19:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-08 19:25 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 17:55 - 2011-01-05 20:01 - 00002038 ____H C:\Users\jhayward.LPANDT\Documents\Default.rdp
2013-11-08 16:36 - 2010-12-28 19:12 - 00916598 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-08 12:39 - 2011-01-06 10:52 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewHomeToBeFiled
2013-11-08 08:30 - 2013-10-11 14:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-07 14:42 - 2013-11-08 09:26 - 00307310 _____ C:\Users\jhayward.LPANDT\Desktop\2013_11_08_EmployeeInformationalMeeting.pptx
2013-11-07 10:51 - 2013-11-06 11:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-07 10:51 - 2013-11-06 11:45 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\mbar
2013-11-07 10:01 - 2012-04-13 14:54 - 00154248 _____ (Webroot) C:\Windows\system32\WRusr.dll
2013-11-07 10:01 - 2012-04-13 14:54 - 00117728 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2013-11-07 09:32 - 2013-11-06 11:46 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-07 08:57 - 2013-11-06 11:45 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-06 14:12 - 2011-01-05 13:59 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\Microsoft Help
2013-11-06 13:03 - 2013-11-06 13:03 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\Antivirus_Malware
2013-11-06 13:02 - 2012-09-19 08:30 - 00000432 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-11-06 13:02 - 2009-07-13 21:37 - 00000000 _SHDC C:\Windows\$NtUninstallKB3047$
2013-11-06 11:45 - 2013-11-06 11:44 - 12576792 _____ (Malwarebytes Corp.) C:\Users\jhayward.LPANDT\Downloads\mbar-1.07.0.1007.exe
2013-11-06 11:39 - 2013-11-06 11:39 - 00068406 _____ C:\Users\jhayward.LPANDT\Downloads\FRST.txt
2013-11-06 11:39 - 2013-11-06 11:38 - 00042104 _____ C:\Users\jhayward.LPANDT\Downloads\Addition.txt
2013-11-06 11:32 - 2013-11-06 11:32 - 00000000 ____D C:\FRST
2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-06 10:40 - 2010-12-28 19:19 - 00000000 ____D C:\Program Files\Adobe
2013-11-04 15:59 - 2011-01-05 14:53 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\SQL Server Management Studio
2013-11-04 14:23 - 2011-01-06 11:34 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\DameWare Development
2013-11-04 06:52 - 2013-01-22 17:19 - 00000064 _____ C:\dvmaccounts.ini
2013-11-01 14:49 - 2013-11-01 14:49 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\NewWorkToBeFiled
2013-11-01 07:16 - 2011-01-05 13:35 - 00004524 __RSH C:\Users\jhayward.LPANDT\ntuser.pol
2013-11-01 07:16 - 2011-01-05 13:35 - 00000000 ____D C:\Users\jhayward.LPANDT
2013-10-26 14:43 - 2011-01-06 11:40 - 00000000 ____D C:\tunes
2013-10-25 14:27 - 2013-10-25 14:27 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey (1).xlsx
2013-10-25 14:26 - 2013-10-25 14:25 - 00062980 _____ C:\Users\jhayward.LPANDT\Downloads\Rich Dickson  2013 ExaGrid Site Survey.xlsx
2013-10-24 15:03 - 2013-10-24 15:03 - 00000000 ____D C:\Program Files\Motorola Mobility
2013-10-24 14:51 - 2013-10-24 14:51 - 00002017 _____ C:\Users\jhayward.LPANDT\Downloads\AcpUsers.csv
2013-10-23 19:38 - 2012-10-19 17:10 - 00147938 _____ C:\Windows\PFRO.log
2013-10-23 16:30 - 2011-01-05 13:59 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-23 11:43 - 2011-01-06 11:55 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\VMware
2013-10-23 08:52 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-22 15:23 - 2013-02-14 14:18 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\PHD Virtual Backup
2013-10-22 09:37 - 2013-10-22 09:37 - 00005317 _____ C:\Users\jhayward.LPANDT\Desktop\Form1.xsn
2013-10-22 08:02 - 2013-10-22 08:01 - 06800528 _____ C:\Users\jhayward.LPANDT\Downloads\join.me (3).exe
2013-10-22 08:02 - 2011-09-01 12:44 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Local\join.me
2013-10-18 17:51 - 2011-06-03 07:05 - 00002378 _____ C:\Users\jhayward.LPANDT\Desktop\Google Chrome.lnk
2013-10-18 17:31 - 2011-01-05 18:39 - 00000000 ____D C:\Users\jhayward.LPANDT\Desktop\PS
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NETGEAR Live Parental Controls
2013-10-18 17:27 - 2013-10-18 17:27 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls User Utility
2013-10-18 17:27 - 2013-10-18 17:23 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Netgear Live Parental Controls
2013-10-18 17:26 - 2013-10-18 17:26 - 00184384 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARUserUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00448736 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility-2.1.6-install.exe
2013-10-18 17:23 - 2013-10-18 17:23 - 00000000 ____D C:\Program Files\NETGEAR Live Parental Controls Management Utility
2013-10-18 17:22 - 2013-10-18 17:22 - 00432554 _____ C:\Users\jhayward.LPANDT\Downloads\NETGEARManagementUtility.zip
2013-10-18 16:52 - 2013-10-18 16:51 - 16974720 _____ (NETGEAR Inc.) C:\Users\jhayward.LPANDT\Downloads\NETGEARGenie-install.exe
2013-10-17 13:26 - 2013-10-17 13:26 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Curiolab
2013-10-17 13:22 - 2013-10-17 13:17 - 186142408 _____ (CURIOLAB S.M.B.A.) C:\Users\jhayward.LPANDT\Downloads\ExterminateItSetup.exe
2013-10-17 09:39 - 2013-10-17 09:39 - 00000561 _____ C:\Users\jhayward.LPANDT\AppData\Roaming\Microsoft\Windows\Start Menu\Information Technology - Home.website
2013-10-16 15:10 - 2011-01-05 22:20 - 00000000 ___RD C:\Users\jhayward.LPANDT\Virtual Machines
2013-10-16 13:56 - 2013-10-16 13:56 - 00000000 ____D C:\Program Files\ManageEngine
2013-10-14 15:58 - 2013-10-14 15:58 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3765379203-768897671-2354919771-1273Core1cec920157d74ba.job
2013-10-12 10:10 - 2012-01-06 18:10 - 00000000 ____D C:\Users\jhayward.LPANDT\Documents\Home
2013-10-11 20:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-11 17:25 - 2013-06-05 20:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-10-11 14:41 - 2013-10-11 14:41 - 28009488 _____ (SUPERAntiSpyware) C:\Users\jhayward.LPANDT\Downloads\SUPERAntiSpyware.exe
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\SUPERAntiSpyware.com
2013-10-11 14:41 - 2013-10-11 14:41 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-11 14:29 - 2011-11-21 10:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-11 13:58 - 2013-10-11 13:58 - 00001119 _____ C:\Users\Public\Desktop\Barracuda Malware Removal Tool.lnk
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Users\jhayward.LPANDT\AppData\Roaming\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\ProgramData\Barracuda
2013-10-11 13:58 - 2013-10-11 13:58 - 00000000 ____D C:\Program Files\Barracuda
2013-10-11 13:57 - 2013-10-11 13:56 - 06051128 _____ (Barracuda Networks                                          ) C:\Users\jhayward.LPANDT\Downloads\b-mrt-setup-1.46.exe
2013-10-11 12:59 - 2011-05-06 06:36 - 00000000 ____D C:\MIS
2013-10-11 06:54 - 2009-07-13 23:33 - 00591688 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 06:50 - 2010-12-28 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
 
Files to move or delete:
====================
C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.js
C:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.js
C:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\jhayward\AppData\Local\Temp\MSNADCE.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\AskSLib.dll
C:\Users\jhayward.LPANDT\AppData\Local\Temp\DelayInst.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\installservice.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsi.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\instmsiw.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0228.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0304.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0309.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\MouseKeyboardCenterx86_1033.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\NV_Meet_Participant.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\OfficeSetup.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\Setup.X86.en-us_O365ProPlusRetail_cebd1216-2c98-4abe-bb52-84c4a602a06d_TX_PR_.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\SetupProPlusRetail.x86.en-us.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\vpnclient_setup.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\WRupdate452106.exe
C:\Users\jhayward.LPANDT\AppData\Local\Temp\_is3B0C.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-10 00:47
 
==================== End Of Log ============================
Link to post
Share on other sites

phoenix.exe is legit and part of your novatel wireless software. The error message you receive shows that something isn´t functioning correctly.

Let´s take out the ZeroAccess rootkit first:

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.jsC:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.jsC:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x8
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

Here is result from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-11-2013 01
Ran by jhayward at 2013-11-12 14:52:41 Run:1
Running from C:\Users\jhayward.LPANDT\Desktop\Antivirus_Malware
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
HKCU\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
 
C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.js
C:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.js
C:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x8
*****************
 
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
C:\Users\jhayward.LPANDT\.vmrc-plugin-settings.js => Moved successfully.
C:\Users\jhayward.LPANDT\.vmrc_plugin_ovftool_settings.js => Moved successfully.
"C:\Users\jhayward.LPANDT\g2ax_customer_downloadhelper_win32_x8" => File/Directory not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

MBAM ran clean.  Here is the log.  During the run, the Phoenix.exe showed up again.:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.13.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
jhayward :: PCLIS2 [administrator]
 
Protection: Enabled
 
11/13/2013 8:35:30 AM
mbam-log-2013-11-13 (08-35-30).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 804802
Time elapsed: 8 hour(s), 21 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

As I told you before, phoenix.exe is part of your novatel wireless software and no malware - see this link: https://www.virustotal.com/de/file/7f561e0ddf618a4187d72b7fde0a1d23ecfeaf950d5b5eeac9e88a5f81bd46b1/analysis/1384195725/

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.