Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICE Ransome Malware infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 Python2339

Python2339

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 23 March 2014 - 07:53 PM

I have been hit with the ICE Ransomware and am hoping that you can help.

 

I found some other threads and downloaded and ran the FRST64.exe.  Attached is the log file that was generated - can you help me to create the fix file to remove the malware?

 

Thank you,

Attached Files

  • Attached File  FRST.txt   30.24KB   4 downloads

Edited by Queen-Evie, 23 March 2014 - 08:46 PM.
moved from Windows 7 to the appropriate forum for FRST logs. Duplicate post without FRST log deleted


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 March 2014 - 10:58 AM

Hi there,

is the lockscreen gone after the following fix?


Please download this attached Attached File  fixlist.txt   565bytes   6 downloads and save it on the same flash drive as FRST.
  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.


#3 Python2339

Python2339
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2014 - 12:08 PM

Thank you for the quick response.  I did some additional research last night and found a post on your website for Hitman Pro - I believe that program (I went ahead and purchased a license) corrected most of the problem as the lock screen went away.

 

I did run the FRST fix log that you sent and here are the results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by JeffH at 2014-03-24 12:06:21 Run:1
Running from C:\Users\jeffh\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Startup: C:\Users\jeffh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\80odqfjw.lnk
ShortcutTarget: 80odqfjw.lnk -> C:\ProgramData\wjfqdo08.gsa (Microsoft Corporation)
S2 Winmgmt; C:\ProgramData\80odqfjw.faa [332532 2014-03-19] (Microsoft Corporation)
2014-03-19 18:28 - 2014-03-19 18:28 - 00332532 ____T (Microsoft Corporation) C:\ProgramData\80odqfjw.faa
2014-03-19 18:27 - 2014-03-22 17:00 - 95027928 ____T () C:\ProgramData\80odqfjw.bbr
2014-03-19 18:26 - 2014-03-19 18:26 - 00171785 _____ (Microsoft Corporation) C:\ProgramData\wjfqdo08.gsa
*****************
 
C:\Users\jeffh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\80odqfjw.lnk not found.
C:\ProgramData\wjfqdo08.gsa not found.
Winmgmt => Service restored successfully.
"C:\ProgramData\80odqfjw.faa" => File/Directory not found.
C:\ProgramData\80odqfjw.bbr => Moved successfully.
"C:\ProgramData\wjfqdo08.gsa" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Everything appears to be working normally again.  If there are any additional steps I should take, please let me know.
 
Thank you!


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 March 2014 - 12:26 PM

All right.


Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#5 Python2339

Python2339
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 24 March 2014 - 12:33 PM

Here is the FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by JeffH (administrator) on LHQR96ZKVZ on 24-03-2014 13:27:49
Running from C:\Users\jeffh\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Spydaman Design Studios Ltd) C:\Program Files (x86)\ACEmessage\Client\ACEnwork.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
() C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Lenovo.) C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(HP) C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe
(HP) C:\Windows\system32\HPSIsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\CAMMUTE.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntmulti.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngserver.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Blue Coat Systems, Inc.) C:\Program Files (x86)\Blue Coat\ProxyClient\ProxyClientSVC.exe
(DEVGURU Co., LTD) C:\Windows\system32\ptumlcmsvc64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(Blue Coat Systems, Inc.) C:\Program Files (x86)\Blue Coat\ProxyClient\inject64.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer_Service.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\WinVNC.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(UltraVNC) C:\Program Files (x86)\UltraVNC\WinVNC.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe
(iAnywhere Solutions, Inc.) C:\Program Files (x86)\Symantec\Ghost\db\..\bin\rteng9.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\TeamViewer.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\Teamviewer\Version8\tv_x64.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Super Flexible Software) C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe
() C:\Users\jeffh\AppData\Local\Vidyo\Vidyo Desktop\VidyoDesktop.exe
(NDS Technologies) C:\Users\jeffh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Users\jeffh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Centered Systems) C:\Program Files (x86)\SecCopy\SecCopy.exe
() C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Akamai Technologies, Inc.) C:\Users\jeffh\AppData\Local\Akamai\netsession_win.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Users\jeffh\AppData\Local\Akamai\netsession_win.exe
(Spydaman Design Studios Ltd) C:\Program Files (x86)\ACEmessage\Client\ACEclnt.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Blue Coat Systems, Inc.) C:\Program Files (x86)\Blue Coat\ProxyClient\ProxyClientUI.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Ghost\ngtray.exe
(Humana Inc.) C:\Users\Public\Humana\GearSync\Humana_GearSync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AT&T\AT&T AllAccess\AllAccess_AppStart.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\NLNOTES.EXE
(IBM) C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110627-1135\win32\x86\notes2.exe
(IBM Corp) C:\Program Files (x86)\IBM\Lotus\Notes\ntaskldr.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SavUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ProtectionUtilSurrogate.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63784 2013-03-18] (Lenovo)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [PGATOURInventory] - c:\Windows\inventory64.bat [297 2012-01-26] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2907448 2012-07-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [PWMTRV] - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [IBM Lotus Notes Preloader] - C:\Program Files (x86)\IBM\Lotus\Notes\nntspreld.exe [20360 2010-08-11] (IBM Corp)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [ProxyClient] - C:\Program Files (x86)\Blue Coat\ProxyClient\ProxyClientUI.exe [302152 2012-03-23] (Blue Coat Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NACAgentUI] - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe [484792 2011-08-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296096 2012-10-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [TRUUpdater] - C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [329104 2012-07-05] (Sierra Wireless, Inc.)
HKLM-x32\...\Run: [WatcherHelper] - C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe [140688 2012-06-15] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NGTray] - C:\Program Files (x86)\Symantec\Ghost\ngtray.exe [206216 2009-12-24] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [GearSyncAutoStart] - C:\Users\Public\Humana\GearSync\Humana_GearSync.exe [535112 2012-08-23] (Humana Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [AllAccess_AppStart.exe] - C:\Program Files (x86)\AT&T\AT&T AllAccess\AllAccess_AppStart.exe [247632 2014-03-04] ()
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [ExtremeSync Background Scheduler] - C:\Program Files (x86)\SuperFlexible\ExtremeSyncService.exe [13762944 2010-12-07] (Super Flexible Software)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [Vidyo Desktop] - C:\Users\jeffh\AppData\Local\Vidyo\Vidyo Desktop\VidyoDesktop.exe [12504936 2013-12-18] ()
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [PCShowServer] - C:\Users\jeffh\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [524976 2012-08-16] (NDS Technologies)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [SODCPreLoad] - C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\preload.exe [40960 2011-07-01] ()
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [Second Copy 2000] - C:\Program Files (x86)\SecCopy\SecCopy.exe [1142784 2004-04-12] (Centered Systems)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [AllAccess.exe] - C:\Program Files (x86)\AT&T\AT&T AllAccess\AllAccess.exe [158032 2014-03-04] (AT&T)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093976 2013-09-19] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [OfficeSyncProcess] - C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [909696 2010-12-21] (Microsoft Corporation)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [AppleIEDAV] - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [Akamai NetSession Interface] - C:\Users\jeffh\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\MountPoints2: {28efef63-a3d7-11e0-9de5-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\MountPoints2: {5291cebd-b0c1-11e2-9b44-78dd08a57ae5} - F:\SISetup.exe
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\MountPoints2: {53c72bcc-9179-11e2-a61c-90d6f616f13f} - F:\WIN\setup.exe -ap
HKU\S-1-5-21-2127775424-1451055683-1236795852-3332\...\MountPoints2: {7322e4a7-492d-11e1-9ea4-f0def1140ebe} - F:\WIN\setup.exe -ap
Lsa: [Notification Packages] scecli ACGina
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://inside.pgatourhq.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inside.pgatourhq.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {F50208CB-613F-4273-8389-8E2117FE000B} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {E3D1E98B-2933-46CD-8B84-2961D47017F3} URL = 
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
BHO-x32: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://svrnsmail1.pgatourhq.com/dwa85W.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {26700CD9-6157-4B72-B46F-EC93C952F19C} http://netmon.pgatourhq.com/SWToolset.exe
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {76CBDDBA-3897-4EAC-A1D3-CCC47DE82EFB} https://cas1_ibvg.pgatourhq.com/auth/taweb.cab
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {C9D7D239-B502-48B3-BA25-9DF8C7264073} https://cas1_ibvg.pgatourhq.com/auth/CCALogin.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
Tcpip\..\Interfaces\{0FC7CEAC-A756-42E8-B23C-5926021C6B64}: [NameServer]172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{125EBA90-A645-41A3-B31D-9CD903621FA8}: [NameServer]172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{38E1D7A3-1E7F-46C3-8DE0-37E28EC02094}: [NameServer]172.16.100.80
Tcpip\..\Interfaces\{513F777C-606E-4297-8787-24EDBBF0284D}: [NameServer]198.224.173.135 198.224.174.135
Tcpip\..\Interfaces\{AFC1535F-4169-4C28-8BE6-5A3820FC8572}: [NameServer]172.26.38.1 172.26.38.2
Tcpip\..\Interfaces\{C109EB37-F6C6-4014-8D50-F232DDAB3E86}: [NameServer]68.29.81.7 68.29.89.7
 
Chrome: 
=======
CHR HomePage: hxxp://inside.pgatourhq.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (PCShow Player Plugin) - C:\Users\jeffh\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Extension: (Google Docs) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-29]
CHR Extension: (Google Drive) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-29]
CHR Extension: (YouTube) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-29]
CHR Extension: (Google Search) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-29]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2013-05-29]
CHR Extension: (Skype Click to Call) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26]
CHR Extension: (Google Wallet) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-30]
CHR Extension: (Gmail) - C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-29]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
R2 ACEnwork; C:\Program Files (x86)\ACEmessage\Client\ACEnwork.exe [40960 2008-11-29] (Spydaman Design Studios Ltd)
R2 AdminHelper.exe; C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe [56144 2014-03-04] ()
R2 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [161128 2010-02-04] (Lenovo.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 HPM1210RcvFaxSrvc; C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [362296 2010-05-11] (HP)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093880 2010-02-17] (Symantec Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-22] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-22] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 Lotus Notes Diagnostics; C:\Program Files (x86)\IBM\Lotus\Notes\nsd.exe [3417480 2011-07-11] (IBM)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [864696 2011-08-12] (Cisco Systems, Inc.)
R3 NGDBSERV; C:\Program Files (x86)\Symantec\Ghost\bin\dbserv.exe [169352 2009-12-24] (Symantec Corporation)
R2 NGSERVER; C:\Program Files (x86)\Symantec\Ghost\ngserver.exe [927112 2009-12-24] (Symantec Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-01-17] ()
R2 ProxyClientSvc; C:\Program Files (x86)\Blue Coat\ProxyClient\ProxyClientSVC.exe [5459016 2012-03-23] (Blue Coat Systems, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [374048 2010-10-20] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1250592 2010-10-20] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [292128 2010-10-20] (SafeNet, Inc.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin\ccSvcHst.exe [143928 2012-11-03] (Symantec Corporation)
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [94024 2010-11-03] (Sling Media Inc.)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\Smc.exe [2294112 2012-11-03] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Bin64\snac64.exe [334288 2012-11-03] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [332256 2012-12-17] (Sierra Wireless, Inc.)
R2 uvnc_service; C:\Program Files (x86)\UltraVNC\WinVNC.exe [1519168 2008-08-30] (UltraVNC)
R2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [218160 2012-04-16] (Novatel Wireless Inc.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
S2 HitmanPro37CrusaderBoot; "D:\HitmanPro_x64.exe" /crusader:boot [X]
S3 Smcinst; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 AmDriver; C:\Windows\system32\AMDriver_x64.sys [22720 2013-12-18] ( Fluke Networks Inc.)
S3 AmDriverAux; C:\Windows\system32\AMDriver_x64.sys [22720 2013-12-18] ( Fluke Networks Inc.)
S3 Amtrans; C:\Program Files (x86)\AirMagnet Inc\AirMagnet Surveyor\AmTransv_x64.sys [57024 2013-12-18] (Windows ® Codename Longhorn DDK provider)
S3 arusb_lhx; C:\Program Files (x86)\AirMagnet Inc\AirMagnet Surveyor\arusbv_x64.sys [637120 2013-12-18] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\BASHDefs\20140304.011\BHDrvx64.sys [1526488 2014-01-15] (Symantec Corporation)
R1 ccSettings_{3771A34D-2132-48EA-A486-D62ECDF9D553}; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\ccSetx64.sys [168096 2012-11-03] (Symantec Corporation)
S2 CommSB96; C:\Windows\SysWow64\Drivers\CommSB96.sys [24776 2002-05-17] (Motorola)
R2 CommSBEP; C:\Windows\System32\Drivers\CommSBEP.sys [31232 2011-08-26] (Motorola)
R2 CommSBEP; C:\Windows\SysWow64\Drivers\CommSBEP.sys [24476 2002-05-17] (Motorola)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 DNE; C:\Windows\SysWOW64\DRIVERS\dne64x.sys [131584 2005-08-18] (Deterministic Networks, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
S3 HP1210FAX; C:\Windows\System32\Drivers\HPM1210FAX.sys [16896 2012-11-07] ()
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\IPSDefs\20140321.011\IDSvia64.sys [521944 2014-01-16] (Symantec Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140324.001\ENG64.SYS [126040 2014-02-08] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\20140324.001\EX64.SYS [2099288 2014-02-08] (Symantec Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R2 Npser; C:\Windows\system32\drivers\npser.sys [71976 2007-02-12] (Moxa Technologies Co., Ltd. )
S3 NWUSBPort_001; C:\Windows\System32\DRIVERS\nwusbser_001.sys [217856 2012-08-07] (Novatel Wireless Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [38536 2011-07-01] ()
R1 proxyclientflt; C:\Program Files (x86)\Blue Coat\ProxyClient\drivers\proxyclientflt64.sys [47944 2012-03-23] (Blue Coat Systems, Inc.)
R1 proxyclientwebfilter; C:\Program Files (x86)\Blue Coat\ProxyClient\drivers\proxyclientwebfilter64.sys [104776 2012-03-23] (Blue Coat Systems, Inc.)
S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [255288 2012-09-21] (DEVGURU Co., LTD.)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R2 SCWFPFilter; C:\Windows\System32\DRIVERS\WFPFilter.sys [25552 2012-01-10] ()
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-07-05] (Synaptics Incorporated)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [59048 2010-10-20] (SafeNet, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSP64.SYS [776352 2012-11-03] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SRTSPX64.SYS [37496 2012-11-03] (Symantec Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [259328 2012-05-22] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx.sys [114424 2013-03-26] (Sierra Wireless Inc.)
S3 swiwdmbxum; C:\Windows\System32\DRIVERS\swiwdmbxum.sys [114424 2013-03-26] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [302080 2012-07-04] (Sierra Wireless Inc.)
S3 swUMmbb00; C:\Windows\System32\DRIVERS\swUMmbb00.sys [482608 2013-03-21] (Sierra Wireless Incorporated)
S3 swUMser00; C:\Windows\System32\DRIVERS\swUMser00.sys [269872 2013-04-01] (Sierra Wireless Incorporated)
S3 SWUMX20; No ImagePath
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMDS64.SYS [493216 2012-11-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMEFA64.SYS [1133216 2012-11-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-04-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\Ironx64.SYS [224416 2012-11-03] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C0107DF\07DF.105\x64\SYMNETS.SYS [432800 2012-11-03] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [95616 2012-11-03] (Symantec Corporation)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-02-04] ()
S3 TrmbTS; C:\Windows\SysWOW64\Drivers\TrmbTS.sys [23040 2004-09-28] (Thesycon GmbH, Germany)
S3 TRMUSB5K; C:\Windows\SysWOW64\drivers\TRMUSB5K.sys [9881 2000-06-20] (e-TEK Labs)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [12728 2009-09-29] ()
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
S3 USA19H; C:\Windows\System32\DRIVERS\USA19Hx64.sys [740096 2007-10-30] (Keyspan)
S3 USA19HP; C:\Windows\System32\DRIVERS\USA19Hx64p.SYS [35840 2007-10-23] (Keyspan)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S2 regi; \??\C:\Windows\system32\drivers\regi.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-24 13:27 - 2014-03-24 13:28 - 00041252 _____ () C:\Users\jeffh\Downloads\FRST.txt
2014-03-24 12:39 - 2014-03-24 12:39 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\smkits
2014-03-24 12:06 - 2014-03-24 12:06 - 02157056 _____ (Farbar) C:\Users\jeffh\Downloads\FRST64.exe
2014-03-24 00:05 - 2014-03-24 00:05 - 00001094 _____ () C:\Users\Public\Desktop\AT&T AllAccess.lnk
2014-03-24 00:04 - 2014-03-24 00:05 - 00000826 _____ () C:\Windows\VMW_InstallUSB_0324-000457.log
2014-03-24 00:04 - 2014-03-24 00:05 - 00000292 _____ () C:\Windows\VMW_SetupUtil_0324-000457.log
2014-03-24 00:03 - 2014-03-24 00:03 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-03-24 00:03 - 2014-03-24 00:03 - 00000000 ____D () C:\Program Files (x86)\AT&T
2014-03-23 23:50 - 2014-03-23 23:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-23 23:50 - 2014-03-23 23:50 - 00005638 _____ () C:\Windows\system32\.crusader
2014-03-23 23:00 - 2014-03-24 13:27 - 00000000 ____D () C:\FRST
2014-03-23 22:53 - 2014-03-23 23:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-20 09:16 - 2014-03-20 09:16 - 00000000 ____D () C:\Program Files (x86)\SAP BusinessObjects
2014-03-20 09:16 - 2014-03-20 09:16 - 00000000 ____D () C:\inetpub
2014-03-13 05:21 - 2014-03-13 05:21 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-03-12 16:26 - 2014-03-12 16:26 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-12 16:26 - 2014-03-12 16:26 - 00000000 ____D () C:\Users\jeffh\AppData\Local\Skype
2014-03-04 20:38 - 2014-03-16 12:14 - 00000000 ____D () C:\Users\jeffh\Documents\ProCon BF4
2014-03-01 13:07 - 2014-03-01 13:07 - 00000000 ____D () C:\Users\jeffh\AppData\Local\IsolatedStorage
2014-03-01 12:25 - 2014-03-01 12:25 - 00000000 ____D () C:\Users\jeffh\AppData\Local\Fluke_Networks
2014-03-01 12:23 - 2014-03-01 12:23 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\Fluke Networks
2014-03-01 12:19 - 2014-03-01 12:19 - 00000000 __HDC () C:\ProgramData\{FBDFD8F2-7B2D-4E84-9846-5BAE652A8701}
2014-03-01 12:18 - 2014-03-01 12:18 - 00001164 _____ () C:\Users\Public\Desktop\AirCheck Manager.lnk
2014-03-01 12:18 - 2014-03-01 12:18 - 00000000 ____D () C:\Program Files (x86)\Fluke Networks
2014-03-01 12:16 - 2014-03-01 12:16 - 00000000 ____D () C:\Users\jeffh\AppData\Local\PackageAware
2014-03-01 12:14 - 2014-03-01 12:15 - 17387400 _____ (Fluke Networks ) C:\Users\jeffh\Downloads\ACM_2_5_0_9.exe
2014-02-23 21:38 - 2014-02-23 21:38 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\AVS4YOU
2014-02-23 21:36 - 2014-03-24 10:48 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-02-23 21:36 - 2014-02-23 21:38 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-02-23 21:03 - 2014-02-23 21:03 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files\iTunes
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files\iPod
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-23 12:54 - 2014-02-23 12:54 - 00000000 ____D () C:\Users\jeffh\Documents\HSA FSA
 
==================== One Month Modified Files and Folders =======
 
2014-03-24 13:28 - 2014-03-24 13:27 - 00041252 _____ () C:\Users\jeffh\Downloads\FRST.txt
2014-03-24 13:28 - 2011-10-27 10:01 - 00005098 _____ () C:\Users\jeffh\AppData\Roaming\SuperFlexibleSynchronizer.ini
2014-03-24 13:27 - 2014-03-23 23:00 - 00000000 ____D () C:\FRST
2014-03-24 13:17 - 2011-10-28 11:00 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\Skype
2014-03-24 12:49 - 2014-01-31 17:31 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf1ecbd5ad974f.job
2014-03-24 12:39 - 2014-03-24 12:39 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\smkits
2014-03-24 12:37 - 2013-03-20 12:11 - 00000000 ____D () C:\Users\jeffh\AppData\Local\AllAccess
2014-03-24 12:37 - 2013-02-12 23:11 - 00000000 ___RD () C:\Users\jeffh\Google Drive
2014-03-24 12:36 - 2011-07-01 07:59 - 01934313 _____ () C:\Windows\WindowsUpdate.log
2014-03-24 12:35 - 2014-02-20 09:08 - 00003338 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2127775424-1451055683-1236795852-3332
2014-03-24 12:35 - 2014-02-20 09:08 - 00003204 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2127775424-1451055683-1236795852-3332
2014-03-24 12:35 - 2014-01-31 17:31 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf1ecbd2e6af1f.job
2014-03-24 12:17 - 2009-07-14 01:13 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-24 12:17 - 2009-07-14 00:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 12:17 - 2009-07-14 00:45 - 00025408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 12:10 - 2011-10-28 11:17 - 03733736 _____ () C:\Windows\system32\ptumlacsvc-0.log
2014-03-24 12:09 - 2012-11-12 16:27 - 00058451 _____ () C:\Windows\setupact.log
2014-03-24 12:09 - 2011-07-01 08:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-24 12:09 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 12:06 - 2014-03-24 12:06 - 02157056 _____ (Farbar) C:\Users\jeffh\Downloads\FRST64.exe
2014-03-24 12:06 - 2013-10-23 18:45 - 00005098 _____ () C:\Users\jeffh\AppData\Roaming\SuperFlexibleSynchronizer.ini.bak
2014-03-24 11:45 - 2011-10-27 15:15 - 00000000 ____D () C:\ProgramData\firebird
2014-03-24 11:40 - 2011-10-27 15:14 - 00005057 _____ () C:\Users\jeffh\AppData\Roaming\SuperFlexibleSynchronizer.ini.bak2
2014-03-24 10:48 - 2014-02-23 21:36 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-03-24 10:43 - 2011-10-27 10:02 - 00126376 _____ () C:\Users\jeffh\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-24 10:38 - 2009-07-14 00:45 - 00453800 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 02:47 - 2011-07-01 07:56 - 00000000 ____D () C:\swshare
2014-03-24 00:09 - 2012-01-22 00:34 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-24 00:05 - 2014-03-24 00:05 - 00001094 _____ () C:\Users\Public\Desktop\AT&T AllAccess.lnk
2014-03-24 00:05 - 2014-03-24 00:04 - 00000826 _____ () C:\Windows\VMW_InstallUSB_0324-000457.log
2014-03-24 00:05 - 2014-03-24 00:04 - 00000292 _____ () C:\Windows\VMW_SetupUtil_0324-000457.log
2014-03-24 00:04 - 2013-03-17 10:48 - 00709272 _____ () C:\Windows\DPINST.LOG
2014-03-24 00:03 - 2014-03-24 00:03 - 00000000 ____D () C:\Program Files (x86)\LG Electronics
2014-03-24 00:03 - 2014-03-24 00:03 - 00000000 ____D () C:\Program Files (x86)\AT&T
2014-03-23 23:51 - 2014-03-23 22:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-23 23:50 - 2014-03-23 23:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-23 23:50 - 2014-03-23 23:50 - 00005638 _____ () C:\Windows\system32\.crusader
2014-03-23 23:50 - 2012-07-01 10:52 - 00000000 ____D () C:\Program Files (x86)\Ask.com
2014-03-23 23:50 - 2011-10-27 10:02 - 00000000 ___RD () C:\Users\jeffh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-23 22:59 - 2011-10-27 10:02 - 00126376 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2014-03-22 21:00 - 2011-11-02 22:54 - 00000000 ___RD () C:\Users\jeffh\Dropbox
2014-03-22 21:00 - 2011-11-02 22:49 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\Dropbox
2014-03-22 20:49 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-21 11:12 - 2012-05-14 20:17 - 00000000 ____D () C:\Program Files (x86)\FlashFXP 4
2014-03-21 08:20 - 2011-11-29 15:34 - 00002238 ____H () C:\Users\jeffh\Documents\Default.rdp
2014-03-21 07:07 - 2011-07-01 14:23 - 00000392 _____ () C:\Windows\system32\config\netlogon.ftl
2014-03-20 18:50 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-20 10:14 - 2012-08-21 11:54 - 00000052 _____ () C:\SurveyInfo.arc
2014-03-20 09:21 - 2011-07-02 01:53 - 00000513 _____ () C:\Windows\ODBC.INI
2014-03-20 09:16 - 2014-03-20 09:16 - 00000000 ____D () C:\Program Files (x86)\SAP BusinessObjects
2014-03-20 09:16 - 2014-03-20 09:16 - 00000000 ____D () C:\inetpub
2014-03-20 09:09 - 2012-07-26 18:10 - 00000025 _____ () C:\Windows\Surveyor.INI
2014-03-19 14:01 - 2011-07-01 08:03 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-16 12:14 - 2014-03-04 20:38 - 00000000 ____D () C:\Users\jeffh\Documents\ProCon BF4
2014-03-15 14:53 - 2013-05-29 09:59 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 14:39 - 2011-10-29 20:54 - 00000000 ____D () C:\ProgramData\Origin
2014-03-15 14:39 - 2011-10-29 20:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-13 21:29 - 2011-11-07 06:34 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2014-03-13 09:02 - 2011-11-09 00:40 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-03-13 05:21 - 2014-03-13 05:21 - 00000000 ____D () C:\ProgramData\GroupPolicy
2014-03-13 05:20 - 2011-07-01 14:26 - 00015900 __RSH () C:\ProgramData\ntuser.pol
2014-03-12 16:26 - 2014-03-12 16:26 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-12 16:26 - 2014-03-12 16:26 - 00000000 ____D () C:\Users\jeffh\AppData\Local\Skype
2014-03-12 16:26 - 2011-10-28 11:00 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-12 16:26 - 2011-10-28 11:00 - 00000000 ____D () C:\ProgramData\Skype
2014-03-04 16:44 - 2011-07-02 00:51 - 00000000 ____D () C:\ProgramData\Symantec
2014-03-01 13:07 - 2014-03-01 13:07 - 00000000 ____D () C:\Users\jeffh\AppData\Local\IsolatedStorage
2014-03-01 12:25 - 2014-03-01 12:25 - 00000000 ____D () C:\Users\jeffh\AppData\Local\Fluke_Networks
2014-03-01 12:23 - 2014-03-01 12:23 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\Fluke Networks
2014-03-01 12:19 - 2014-03-01 12:19 - 00000000 __HDC () C:\ProgramData\{FBDFD8F2-7B2D-4E84-9846-5BAE652A8701}
2014-03-01 12:19 - 2011-10-27 23:14 - 00000000 ____D () C:\Users\jeffh\Documents\ACM Files
2014-03-01 12:18 - 2014-03-01 12:18 - 00001164 _____ () C:\Users\Public\Desktop\AirCheck Manager.lnk
2014-03-01 12:18 - 2014-03-01 12:18 - 00000000 ____D () C:\Program Files (x86)\Fluke Networks
2014-03-01 12:16 - 2014-03-01 12:16 - 00000000 ____D () C:\Users\jeffh\AppData\Local\PackageAware
2014-03-01 12:15 - 2014-03-01 12:14 - 17387400 _____ (Fluke Networks ) C:\Users\jeffh\Downloads\ACM_2_5_0_9.exe
2014-02-25 22:24 - 2012-11-12 16:25 - 00405126 _____ () C:\Windows\PFRO.log
2014-02-23 21:38 - 2014-02-23 21:38 - 00000000 ____D () C:\Users\jeffh\AppData\Roaming\AVS4YOU
2014-02-23 21:38 - 2014-02-23 21:36 - 00000000 ____D () C:\ProgramData\AVS4YOU
2014-02-23 21:03 - 2014-02-23 21:03 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files\iTunes
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files\iPod
2014-02-23 21:02 - 2014-02-23 21:02 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-23 20:57 - 2011-10-27 22:39 - 00000000 ____D () C:\ProgramData\Apple
2014-02-23 12:54 - 2014-02-23 12:54 - 00000000 ____D () C:\Users\jeffh\Documents\HSA FSA
2014-02-22 11:26 - 2014-02-05 11:23 - 00000000 ____D () C:\pgatour shotlink
 
Some content of TEMP:
====================
C:\Users\jeffh\AppData\Local\Temp\autorun.exe
C:\Users\jeffh\AppData\Local\Temp\dwa85res_en.dll
C:\Users\jeffh\AppData\Local\Temp\IERA.exe
C:\Users\jeffh\AppData\Local\Temp\IERA64.exe
C:\Users\jeffh\AppData\Local\Temp\IERAPatch.exe
C:\Users\jeffh\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aaa_aih.exe
C:\Users\jeffh\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\jeffh\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\jeffh\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\jeffh\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\jeffh\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\jeffh\AppData\Local\Temp\mssinstaller.exe
C:\Users\jeffh\AppData\Local\Temp\siinst.exe
C:\Users\jeffh\AppData\Local\Temp\SkypeSetup.exe
C:\Users\jeffh\AppData\Local\Temp\strings.dll
C:\Users\jeffh\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\jeffh\AppData\Local\Temp\tmp9BE0.exe
C:\Users\jeffh\AppData\Local\Temp\WbOD.dll
C:\Users\jeffh\AppData\Local\Temp\_stub.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-20 00:48
 
==================== End Of Log ============================
 
 
and Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by JeffH at 2014-03-24 13:28:58
Running from C:\Users\jeffh\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
3CDaemon (HKLM-x32\...\3CDaemon) (Version:  - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.01 - Lenovo)
ACE Client (HKLM-x32\...\{AA9DC20A-BB40-4C0D-BAFD-68421180DE19}) (Version: 1.6.1.0 - Spydaman Design Studios Ltd)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.4.402.287 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
ADSelfService Plus Client Software (HKLM-x32\...\{E451B224-C4E6-452E-BB61-2EFD4DC79A9C}) (Version: 4.2.1 - ZOHO Corp)
AirBEAM Package Builder (HKLM-x32\...\{E9FA5E44-C867-11D3-BFD3-00C04F6BF430}) (Version: 2.10c - Symbol)
AirCheck Manager (HKLM-x32\...\AirCheck Manager) (Version: 2.5 - Fluke Networks)
AirCheck Manager (x32 Version: 2.5 - Fluke Networks) Hidden
AirMagnet Surveyor (HKLM-x32\...\{36C753B1-DB3B-4853-9D77-B5037DD63E73}) (Version:  - )
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Assessment and Deployment Kit (HKLM-x32\...\{fc46d1b2-9557-4c1f-baac-04af4d2db7e4}) (Version: 8.59.25584 - Microsoft Corporation)
Assessments on Client (x32 Version: 8.59.25584 - Microsoft) Hidden
AT&T AllAccess (HKLM-x32\...\{48353663-5C8F-483E-B200-0865C62D039D}) (Version: 10.1.262.2 - AT&T)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.138.0 - EA Digital Illusions CE AB)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.3.2291.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.3.2291.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.35 - Research In Motion Ltd.) Hidden
Blue Coat ProxyClient (HKLM-x32\...\{D35B0C7A-4545-4A98-A810-3810B3FE25E5}) (Version: 3.3.2.6 - Blue Coat Systems)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcast Interface (HKLM-x32\...\{69987B86-48BF-11D6-A624-0050DA706D0C}) (Version:  - PGA TOUR)
Canon MF Toolbox 4.9.1.1.mf12 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf12 - CANON INC.)
Canon MF4400 Series (HKLM\...\{4129CA8E-7E75-4eee-BAE5-AA7707AA7708}) (Version: 3.8.0.0 - Canon Inc.)
Canon MX870 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series) (Version:  - )
Cisco ASDM-IDM Launcher (HKLM-x32\...\{67DBBD6B-8B80-4569-8392-F89D0575F37F}) (Version: 1.5.50 - Cisco Systems, Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11287.0 - Cisco Consumer Products LLC)
Cisco NAC Agent  (HKLM-x32\...\{EE96385A-3FF7-4279-B580-D774EAF19E05}) (Version: 4.7.5.5 - Cisco Systems, Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{9976E1A1-E6AE-4C45-A89E-E26D2C4E01CE}) (Version: 1.0.162 - Citrix)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
commsbepx64 (HKLM-x32\...\InstallShield_{4DE6220A-E1A4-4AFF-A554-97DDBCFC3341}) (Version: 1.00.0000 - Motorola)
commsbepx64 (x32 Version: 1.00.0000 - Motorola) Hidden
Conexant 20585 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.95.48.50 - Conexant)
CR11Dist (HKLM-x32\...\{F2DD28CA-DD2C-426E-94F1-8E0145323A87}) (Version: 1.0.0 - AirMagnet, Inc.)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
Delta Flight Schedules (HKLM-x32\...\DL) (Version:  - )
DIRECTV Player (HKLM-x32\...\{C199DEA2-657E-46C2-9FDB-7C1C068B6B35}) (Version: 6.1 - DIRECTV)
Disable AMT Profile Synchronization Pop-up for Windows Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.8.2 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 6.6.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 6.7.0 - )
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.4.0 - DivX,Inc.)
Doxillion Document Converter (HKLM-x32\...\Doxillion) (Version:  - NCH Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elevated Installer (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
ESRI ArcPad 6.0.3 (HKLM-x32\...\ESRI ArcPad 6.0.3) (Version:  - )
FlashFXP 4 (HKLM-x32\...\FlashFXP 4) (Version: 4.4.3.2031 - OpenSight Software LLC)
Foxit PDF Editor (HKLM-x32\...\Foxit PDF Editor) (Version: 2.2.1.1119 - Foxit Corporation)
Garmin City Navigator North America NT 2012.30 Update (HKLM-x32\...\{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2012.40 Update (HKLM-x32\...\{A0966294-1F16-411F-98BF-AB9FDED7B9C6}) (Version: 15.40.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{9471d6bd-67a9-40f6-a420-2ae4f08ef003}) (Version: 2.3.14.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.14.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapInstall (HKLM-x32\...\{0FBAFFD8-BCBA-4631-97E8-433DE7D1D753}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GoToMeeting 6.0.0.1259 (HKCU\...\GoToMeeting) (Version: 6.0.0.1259 - CitrixOnline)
GPSinfo version S-0PC-07-1109022 (HKLM-x32\...\{7F8A9255-C043-4895-AFFC-67D900C5D516}_is1) (Version: S-0PC-07-1109022 - Globalsat Worldcom Group)
HP LaserJet Professional M1130-M1210 MFP Series (HKLM\...\HP LaserJet Professional M1130-M1210 MFP Series) (Version:  - )
HP LaserJet Professional M1210 MFP Series Fax Installer (HKLM\...\{E65099C4-9110-4C31-BD03-5C17EFB5FE92}) (Version: 1.1.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
Humana GearSync 1.5.118 (HKLM-x32\...\{4ADA60D4-895E-4B03-86BF-39582AD5E95C}_is1) (Version: 1.5.118 - Humana)
HyperTerminal Private Edition v6.3 (HKLM-x32\...\HTPE3) (Version:  - )
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IBM Lotus Symphony (HKLM-x32\...\{6a3b6195-f7c7-453f-9387-450cfd91e3b5}) (Version: 1.3.09251 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (HKLM-x32\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.1.0.48 - RICOH)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.8 - Intel)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.6.1.0536 - Intel Corporation) Hidden
Intel® PROSet/Wireless WiFi Software Driver (Version: 15.06.1000.0167 - Intel Corporation) Hidden
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.3 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 15.06.1000.0142 - Intel Corporation) Hidden
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.178 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.178 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Ixia Endpoint for Windows (HKLM-x32\...\Endpoint) (Version: 5.1.0.2407 - http://www.ixiacom.com)
Ixia Qcheck (HKLM-x32\...\Qcheck) (Version: 3.0.1.42 - http://www.ixiacom.com)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
join.me (HKCU\...\JoinMe) (Version: 1.6.0.170 - LogMeIn, Inc.)
Keyspan USB Serial Adapter (HKLM-x32\...\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}) (Version: 3.7s - Keyspan)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.22 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.96 - Symantec Corporation)
LogMeIn (HKLM-x32\...\{976475B8-63E9-4559-BE2C-D26086BE4C40}) (Version: 4.1.2126 - LogMeIn, Inc.)
Lotus Notes 8.5.2 (HKLM-x32\...\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}) (Version: 8.52.10222 - IBM)
MeshDynamics Network Viewer 9.0(remove only) (HKLM-x32\...\MDNetworkViewer9.0) (Version:  - )
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM\...\{129C5584-DB98-4A98-B28F-299C45E1E355}) (Version: 16.0.0652.0621 - Microsoft Corporation)
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft Deployment Toolkit 2012 Update 1 (6.1.2373.0) (HKLM\...\{C74FB740-D02E-40EA-A09E-B19FC74F324F}) (Version: 6.1.2373.0 - Microsoft Corporation)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Standard 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft ReportViewer 2010 Redistributable (HKLM-x32\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 3.0.131.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{9081486B-B26D-42DB-8D31-81C525A9526A}) (Version:  - Microsoft)
Microsoft Visio 2010 Service Pack 1 (SP1) (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}) (Version:  - Microsoft)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visio Standard 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband Connect (HKLM-x32\...\{9202762E-4B4C-48C9-A6CC-C27F9F85190A}) (Version: 3.5.0010 - Lenovo)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
Motorola Professional Radio CPS-R06.12.05 (HKLM-x32\...\ProRadio CPS R06.12.05) (Version:  - )
Movavi Screen Capture Studio (HKLM-x32\...\Movavi Screen Capture Studio 3) (Version: 3.1.0 - MOVAVI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.0.61 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.0.63 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.0.69 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.0.122 - The Neat Company)
Nero 12 (HKLM-x32\...\{4744E147-F0F2-4140-825E-B3071FC079F1}) (Version: 12.5.01300 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20030 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.21800 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.7000 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.11000 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.4000 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NGSC (HKLM-x32\...\{2CACC1E3-9A29-45AB-AE71-9D292FF89811}) (Version: 1.00.0000 - IDS a Division of SMT)
NPort Management Suite (HKLM\...\NPSER_is1) (Version: 3.5 - Moxa Technologies Co., Ltd.)
NPort Management Suite (HKLM-x32\...\NPort Management Suite) (Version:  - )
NVIDIA 3D Vision Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.62 - NVIDIA Corporation)
NVIDIA Control Panel 285.62 (Version: 285.62 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 285.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.46.235 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.0621 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.0621 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.0621 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.8562 - NVIDIA Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.67.50 - )
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PANTECH UML290 (HKLM\...\{F95AC24D-E515-4057-BEB0-FDDFA55F74BB}) (Version: 4.11.2.0 - PANTECH CO., LTD)
PassPort Customer Programming Software R05.02.03 (HKLM-x32\...\{C234682C-C5A7-46DC-AEC0-175F6C5CB659}) (Version:  - Motorola Inc.)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
PGA TOUR SHOTLink (HKLM-x32\...\{8CDB824A-48C0-11D6-A624-0050DA706D0C}) (Version: 1.0 - PGA TOUR)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version:  - NCH Software)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
PR860 Customer Programming Software (HKLM-x32\...\{3028FDC2-C811-4C59-A91E-3575C75AD2DD}) (Version: R01.03 - )
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version:  - NCH Software)
PTS TracerPlus 4 For Pocket PC (HKLM-x32\...\{FE36ABA5-13DD-446E-AC84-0C3E8D46A7CE}) (Version: 4.0.0 - Portable Technology Solutions)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.1 pywin32-214 (HKLM-x32\...\pywin32-py3.1) (Version:  - )
Python 3.1.2 (HKLM-x32\...\{d40af016-506c-43fb-a738-bd54fa8c1e85}) (Version: 3.1.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Resource Hacker Version 3.6.0 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
RICOH R5U230 Media Driver ver.2.06.02.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.02.02 - RICOH)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{FBAB5DC0-657B-424F-BE58-07DEFF68917C}) (Version: 13.0.5.891 - SAP)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{8674E662-F413-4A50-A256-ABE97FECE84D}) (Version: 13.0.5.891 - SAP)
Scan To (HKLM\...\{E8A34AC8-0137-4515-A94B-0A0946DDC251}) (Version: 2.0.1 - HP)
Second Copy 2000 (HKLM-x32\...\Second Copy 2000) (Version:  - )
Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)
ShotLinkPDF (HKLM-x32\...\ShotLinkPDF) (Version:  - )
Sierra Wireless AirCard Watcher (HKLM-x32\...\{4D3BDAAA-1003-403A-AE85-C217C335A464}) (Version: 6.0.3507.0004 - Sierra Wireless Inc.)
Sierra Wireless Card Detection Service (x32 Version: 1.0.3512.2   - Sierra Wireless Inc) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SlingPlayer (HKLM-x32\...\InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}) (Version: 2.0.4522 - Sling Media)
SlingPlayer (x32 Version: 2.0.4522 - Sling Media) Hidden
SlingPlayer for Web (HKLM-x32\...\{C4C16155-2677-46DE-8EC2-A978204B6829}) (Version: 2.4.063 - Sling Media)
SnagIt 7 (HKLM-x32\...\SnagIt7) (Version: 7.2 - TechSmith Corporation)
SolarWinds Advanced Subnet Calculator (HKLM-x32\...\InstallShield_{01ED1AFB-D352-413B-8415-5DC5F1D23983}) (Version: 9.1 - SolarWinds)
SolarWinds Advanced Subnet Calculator (x32 Version: 9.1 - SolarWinds) Hidden
SOTI Pocket Controller-Pro (HKLM-x32\...\{52570B24-34DF-4285-BD83-6EC2B05D1248}) (Version: 6.02 - SOTI)
Spectra Precision Geodimeter Software Tools 2.01 (HKLM-x32\...\SP GST) (Version:  - )
Super Flexible File Synchronizer 5.21b (HKLM-x32\...\Super Flexible File Synchronizer_is1) (Version: 5.21b - Super Flexible Software)
Symantec Endpoint Protection (HKLM\...\{C2103AF2-E66C-446B-9791-9207840EC821}) (Version: 12.1.2015.2015 - Symantec Corporation)
Symantec Ghost Console and Standard Tools (HKLM-x32\...\{BE8585BF-DC7A-4AE0-0A2E-000007493152}) (Version: 115.01.2266 - Symantec Corporation)
System Configuration Manager (HKLM-x32\...\SCM) (Version:  - )
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TeamViewer 8 (MSI Wrapper) (HKLM-x32\...\{5FB770BF-3602-48F7-94AF-5BC84BE341DE}) (Version: 8.0.16642 - TeamViewer)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.3100 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Modem Adapter (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.5.0 - Conexant Systems)
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.13 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.5.0 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.01 - Lenovo)
Toolkit Documentation (x32 Version: 8.59.25584 - Microsoft) Hidden
Topcon Receiver Utility (x32 Version: 2.4 - Topcon Positioning Systems Inc) Hidden
TracerPlus (HKLM-x32\...\TracerPlus) (Version:  - )
TracerPlus 7 for Windows Mobile/CE (HKLM-x32\...\{A3024D56-FE21-44B4-A6B3-6BC89ED80D37}) (Version: 7.0.0 - Portable Technology Solutions)
Transcender Test Engine (HKLM-x32\...\Transcender Test Engine) (Version:  - Transcender)
Transcender:  Exam Cert-70-640  (HKLM-x32\...\Transcender:  Exam Cert-70-640 ) (Version:  - Transcender )
Transcender:  Exam Cert-70-642  (HKLM-x32\...\Transcender:  Exam Cert-70-642 ) (Version:  - Transcender )
Transcender:  Exam Cert-70-646  (HKLM-x32\...\Transcender:  Exam Cert-70-646 ) (Version:  - Transcender )
Transcender:  Exam Cert-PW0-100  (HKLM-x32\...\Transcender:  Exam Cert-PW0-100 ) (Version:  - Transcender )
Trimble Geomatics Office v1.50 (HKLM-x32\...\{90156B45-8EC8-4370-A524-77F4D99DB76F}) (Version:  - )
UltraVNC 1.0.5 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.5 - 1.0.5)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Verizon Mobile Broadband Drivers (HKLM-x32\...\{8BF85767-903F-4E68-86F3-ECF71DF27AA9}) (Version: 3.24.018.001.14 - Novatel Wireless)
Verizon Wireless USB551L Firmware Updates (HKLM-x32\...\{9BD53EBD-C5C1-45F3-BF4C-84D8A62A8393}) (Version: 1.0.5 - Smith Micro Software, Inc.)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version:  - NCH Software)
Vidyo Desktop 2.2.0 (HKLM-x32\...\Vidyo Desktop) (Version: 2.2.0 - Vidyo Inc.)
Vidyo Desktop 3.0 - (JeffH) (HKCU\...\Vidyo Desktop) (Version: 3.0 - Vidyo Inc.)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VLC Streamer 2.72 (HKLM-x32\...\VLC Streamer_is1) (Version:  - )
VNC 3.3.6 (HKLM-x32\...\WinVNC_is1) (Version: 3.3.6 - RealVNC Ltd.)
VZAccess Manager (HKLM-x32\...\{FF35BA14-9CF3-41DD-9BC3-7C2A0763B4F3}) (Version: 7.9.1.0 - Smith Micro Software Inc.)
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
WiFi Adapter Check Utility for Survey (HKLM-x32\...\{450DA602-CA3E-4065-A059-A3AA12DDC2C4}) (Version:  - )
Windows Assessment Toolkit (AMD64 Architecture Specific) (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows Assessment Toolkit (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Deployment Customizations (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows Deployment Tools (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (09/11/2009 6.2.0.9407) (HKLM\...\3932CA781A7894D20116FDF60F878301800EA8AB) (Version: 09/11/2009 6.2.0.9407 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Intel (e1kexpress) Net  (12/10/2009 11.5.10.0) (HKLM\...\D458D719D6B055DC5E3DF88140ADE887B29FB396) (Version: 12/10/2009 11.5.10.0 - Intel)
Windows Driver Package - Intel (HECIx64) System  (09/17/2009 6.0.0.1179) (HKLM\...\30A4777E896192B8D398199AE1AB235B69BAB26D) (Version: 09/17/2009 6.0.0.1179 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\098EBB26BF07167AB12D1575EC24F883F9435E59) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Motorola Corporation (CommSbep) CommSbep  (08/17/2011 5.1.0.0) (HKLM\...\DCB010440345929E947922BB7FD7BA6A056D744C) (Version: 08/17/2011 5.1.0.0 - Motorola Corporation)
Windows Driver Package - Ricoh Company MS Host Controller (10/26/2009 6.10.02.07) (HKLM\...\FD5ED5E16405CDAA5385DE461B9E5379F91ACCCF) (Version: 10/26/2009 6.10.02.07 - Ricoh Company)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows PE x86 x64 (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows PE x86 x64 wims (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows System Image Manager on amd64 (x32 Version: 8.59.25584 - Microsoft) Hidden
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.10 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.10.5 - win.rar GmbH)
WinZip 12.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Wireshark 1.6.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.6.7 - The Wireshark developer community, http://www.wireshark.org)
WPT Redistributables (x32 Version: 8.59.25584 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.25584 - Microsoft) Hidden
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0C4ACA95-8E35-4E85-8547-80AA9EE3ACD3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2127775424-1451055683-1236795852-3332 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {0E8624D3-0183-458E-83C5-38EBF997DA0A} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2010-09-28] () <==== ATTENTION
Task: {148D0B39-7E39-4FBF-94BB-E45DCD4517EE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2127775424-1451055683-1236795852-3332 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {1E9B26E5-9B87-4F70-B969-D802155AFA13} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2011-11-21] (NCH Software)
Task: {1FFFBD2E-9BAC-4B20-B9DB-A0CB89F5FC53} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {267E96A9-AD7C-49AD-8054-B7F60DFBBA58} - System32\Tasks\ReclaimerUpdateFiles_JeffH => C:\Users\jeffh\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-21] (RealNetworks, Inc.)
Task: {3290A1DA-359A-4929-B668-06C71C4F1033} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {493B35E7-6A6F-4A3D-9FC4-4BDC356E980E} - System32\Tasks\GoogleUpdateTaskMachineCore1cf1ecbd2e6af1f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28] (Google Inc.)
Task: {4A35FAC6-B0FD-4B4A-87C2-C92E1B3BAC7F} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {63BCB3C6-10AC-454F-B710-C71378403214} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {70FA8598-4EAA-4C49-93A2-5E2592C8F86D} - System32\Tasks\NCH Software\prismShakeIcon => C:\Program Files (x86)\NCH Software\Prism\Prism.exe [2011-11-27] (NCH Software)
Task: {92E2D0EA-C129-4B0C-9CF0-D6EF4CF7678C} - System32\Tasks\GoogleUpdateTaskMachineUA1cf1ecbd5ad974f => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28] (Google Inc.)
Task: {9CF6E396-1F7B-4231-930C-752BABE9CF42} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {B512182C-428E-458C-968F-A164F2779103} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {B617CC98-B64E-4492-B517-AF5C7CE1A967} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-02-04] (Lenovo Group Limited)
Task: {D1F601DD-A377-495B-BFBE-0B9543D5385B} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {DDF8C98C-6C02-4862-8356-5B8DEA6AE091} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf1ecbd2e6af1f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf1ecbd5ad974f.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-10-26 21:50 - 2010-10-26 21:50 - 00102400 ____R () C:\Program Files (x86)\Blue Coat\ProxyClient\EasyHook64.dll
2013-04-30 14:20 - 2012-09-29 13:25 - 00409088 _____ () C:\Windows\System32\HPM1210LM.DLL
2011-07-01 13:24 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-06-21 08:42 - 2011-06-21 08:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll
2013-04-30 14:20 - 2012-09-29 13:25 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HPM1210PP.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00056144 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\AdminHelper.exe
2011-12-06 17:00 - 2011-12-06 17:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-11-01 20:18 - 2012-01-17 01:02 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-06 17:00 - 2011-12-06 17:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2011-07-01 07:52 - 2010-02-04 14:13 - 00034816 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-01-24 13:28 - 2011-01-24 13:28 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
2011-12-16 15:33 - 2011-12-15 13:38 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-01 13:21 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2013-12-18 16:37 - 2013-12-18 16:37 - 12504936 _____ () C:\Users\jeffh\AppData\Local\Vidyo\Vidyo Desktop\VidyoDesktop.exe
2012-08-16 14:35 - 2012-08-16 14:35 - 06485160 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2011-07-01 13:38 - 2011-07-01 13:38 - 00872518 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\soffice.exe
2014-03-04 16:47 - 2014-03-04 16:47 - 00247632 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\AllAccess_AppStart.exe
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-03-04 16:47 - 2014-03-04 16:47 - 00635048 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Toolkit.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00148648 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\pcre3.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00123048 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\System.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-03-18 17:26 - 2013-03-18 17:26 - 00092456 _____ () C:\Program Files (x86)\Lenovo\Access Connections\AcWrpc.dll
2013-12-18 16:37 - 2013-12-18 16:37 - 00189288 _____ () C:\Users\jeffh\AppData\Local\Vidyo\Vidyo Desktop\PlantronicsPlugin.dll
2012-08-16 14:36 - 2012-08-16 14:36 - 00273568 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\ndsLogStore.dll
2012-08-16 14:35 - 2012-08-16 14:35 - 02087072 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\DrmSingleton.dll
2012-08-16 14:35 - 2012-08-16 14:35 - 07117984 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\gsttspplugin.dll
2012-08-16 14:36 - 2012-08-16 14:36 - 00688296 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2012-08-16 14:36 - 2012-08-16 14:36 - 01402520 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\libxml2-2.dll
2012-08-16 14:36 - 2012-08-16 14:36 - 00091272 _____ () C:\Users\jeffh\AppData\Local\DIRECTV Player\z.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 02400323 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\vcl645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01794123 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\udkservice1.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00073794 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\vos3MSC.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01749055 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\sal3.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00098304 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\uwinapi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00147524 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\reg3.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01437784 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\log4pt.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 02981961 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\svt645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01224776 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\tk645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 06660166 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090908-0900\sfx645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 02326598 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\sb645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00299083 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\xcr645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00413764 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\so645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00286792 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\go645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00647244 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\basicservice.uno.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00049230 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\jvmaccess3MSC.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 02854984 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\ucpchelp1.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00286720 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\xerces-depdom_2_6.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00036864 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\xslt4cMessages_1_7_0.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00032837 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\rmcxt3.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01716292 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\sax.uno.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01601610 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\desktp645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00397382 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090908-0900\ofa645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 08671299 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.framework.win32_3.5.0.20090908-0900\svx645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 01921103 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.infra.win32_3.5.0.20090908-0900\i18npool645mi.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00204883 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090908-0900\oleautobridge.uno.dll
2011-07-01 13:38 - 2011-07-01 13:38 - 00094283 _____ () C:\Program Files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.system.win32_3.5.0.20090908-0900\emser645mi.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-03-24 12:36 - 2014-03-24 12:36 - 00098816 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32api.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00110080 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\pywintypes27.dll
2014-03-24 12:36 - 2014-03-24 12:36 - 00364544 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\pythoncom27.dll
2014-03-24 12:36 - 2014-03-24 12:36 - 00044032 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_socket.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 01157120 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_ssl.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00320512 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32com.shell.shell.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00712192 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_hashlib.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 01175040 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._core_.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00805888 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._gdi_.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00811008 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._windows_.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 01062400 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._controls_.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00735232 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._misc_.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00128512 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_elementtree.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00127488 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\pyexpat.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00557056 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\pysqlite2._sqlite.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00087040 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_ctypes.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00119808 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32file.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00108544 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32security.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00018432 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32event.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00038912 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32inet.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00122368 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._wizard.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00070656 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\wx._html2.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00026624 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\_multiprocessing.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00010240 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\select.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00024064 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32pipe.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00686080 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\unicodedata.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00025600 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32pdh.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00525640 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\windows._lib_cacheinvalidation.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00011264 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32crypt.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00035840 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32process.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00017408 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32profile.pyd
2014-03-24 12:36 - 2014-03-24 12:36 - 00022528 _____ () C:\Users\jeffh\AppData\Local\Temp\_MEI73922\win32ts.pyd
2012-07-05 13:52 - 2012-07-05 13:52 - 00251280 _____ () C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00052904 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Preferences.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00315048 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\DB.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00061096 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\DriveDetector.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00134824 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\Discovery.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00098984 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\ComCore.dll
2014-03-04 16:47 - 2014-03-04 16:47 - 00035328 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryGeneric.plugin
2014-03-04 16:47 - 2014-03-04 16:47 - 00025088 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryMobileBroadband.plugin
2014-03-04 16:47 - 2014-03-04 16:47 - 00019968 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryNdis.plugin
2014-03-04 16:47 - 2014-03-04 16:47 - 00030720 _____ () C:\Program Files (x86)\AT&T\AT&T AllAccess\resources\plugins\DiscoveryVPorts.plugin
2011-09-30 11:28 - 2011-09-30 11:28 - 00081920 _____ () C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.2.20110627-1135\win32\x86\eclipse_1118.dll
2011-10-27 14:59 - 2011-10-27 14:59 - 00065536 _____ () C:\Users\jeffh\AppData\Local\Lotus\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\138\1\.cp\swtIbmWrapper.dll
2011-09-30 11:28 - 2011-09-30 11:28 - 00208896 _____ () C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.os.win32_6.2.2.20110627-1135\os\win32\x86\os.dll
2011-10-27 15:10 - 2011-10-27 15:10 - 00098304 _____ () C:\Users\jeffh\AppData\Local\Lotus\Notes\Data\workspace\.config\org.eclipse.osgi\bundles\730\1\.cp\DTSearch.dll
2011-07-01 14:06 - 2011-07-01 14:06 - 00106496 _____ () C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.swt.browser.dom.ie_6.2.2.20100729-1241\os\win32\x86\comex.dll
2011-07-01 14:06 - 2011-07-01 14:06 - 00049152 _____ () C:\Program Files (x86)\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.ui.browser.launcher_6.2.2.20100729-1241\os\win32\x86\browserlauncher.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\proxyclientsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupreg: attcm.exe => C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm.exe
MSCONFIG\startupreg: attcm_AppStart.exe => "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/24/2014 01:24:19 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\MeshViewer 10.00\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/24/2014 01:23:51 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Downloads\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/24/2014 01:23:16 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Downloads\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43382068
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43382068
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43380071
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43380071
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2014 08:43:08 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43378714
 
 
System errors:
=============
Error: (03/24/2014 00:35:09 PM) (Source: Microsoft-Windows-GroupPolicy) (User: PGATOUR)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (03/24/2014 00:10:22 PM) (Source: Service Control Manager) (User: )
Description: The regi service failed to start due to the following error: 
%%2
 
Error: (03/24/2014 00:10:12 PM) (Source: Service Control Manager) (User: )
Description: The Ixia Endpoint service failed to start due to the following error: 
%%216
 
Error: (03/24/2014 00:09:57 PM) (Source: Service Control Manager) (User: )
Description: The CommSB96 service failed to start due to the following error: 
%%1275
 
Error: (03/24/2014 00:09:57 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\Drivers\CommSB96.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (03/24/2014 00:09:42 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (03/24/2014 00:09:41 PM) (Source: Npser) (User: )
Description: Unable to create COM3.
 
Error: (03/24/2014 00:09:41 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PGATOUR due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (03/24/2014 00:09:29 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error: 
%%2
 
Error: (03/24/2014 10:41:48 AM) (Source: Microsoft-Windows-GroupPolicy) (User: PGATOUR)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (03/24/2014 01:24:19 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\MeshViewer 10.00\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/24/2014 01:23:51 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Downloads\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/24/2014 01:23:16 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\jeffh\Downloads\MDNetworkViewer10.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43382068
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43382068
 
Error: (03/22/2014 08:43:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43380071
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43380071
 
Error: (03/22/2014 08:43:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/22/2014 08:43:08 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43378714
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-22 17:37:23.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-22 17:37:23.245
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-17 15:03:16.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-17 15:03:16.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 19:14:45.230
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 19:14:45.121
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 13:02:25.290
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 13:02:25.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 12:11:10.366
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-07-15 12:11:10.263
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sierra Wireless Inc\Common\SwiProcMonitorDrv64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 66%
Total physical RAM: 3955.67 MB
Available physical RAM: 1315.54 MB
Total Pagefile: 7909.52 MB
Available Pagefile: 4818.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:286.66 GB) (Free:26.47 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:10.26 GB) (Free:4.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: AA37BF66)
 
Partition: GPT Partition Type.
 
==================== End Of Log ===========================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 24 March 2014 - 12:43 PM

This looking good so far.
Let's do a final check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#7 Python2339

Python2339
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:01 AM

Posted 25 March 2014 - 07:36 AM

Here you go:

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=47c81ddf78cb2548a0b0e629661a2bd2
# engine=17594
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-25 08:53:03
# local_time=2014-03-25 04:53:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776638 100 94 14688584 147281033 0 0
# scanned=340643
# found=33
# cleaned=0
# scan_time=32725
sh=4985288181AC46FD56620DF08AB767E1B91127B1 ft=1 fh=e917146de03d6c50 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Program Files (x86)\Meshdynamics\NetworkViewer9.0\System\tftpd32.exe"
sh=6AB0E61E2CD60C414156C901D4D5B8682EB45294 ft=1 fh=65652bc6c5235c49 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Debut\debut.exe"
sh=E9ADBE0526FFA374216D542E0D602E5533482114 ft=1 fh=df26b92e9b512772 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Debut\debutsetup[1]_v1.64.exe"
sh=1E20CB8C6CFBC05671F0279F4580A6AD8DEE56DF ft=1 fh=9f5b6f0cc5235c49 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Debut\uninst.exe"
sh=3A8A0D8CA50F47FB50B68F1596F09A560C38ED75 ft=1 fh=fba703f56b1c4c3e vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Doxillion\doxillion.exe"
sh=C4CEFA6BC4C4ABD47A19484D1CC0A96D933B2E14 ft=1 fh=4e908598314bc0e4 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.01.exe"
sh=54AC954EABC14DBCE5D29BE75F9455F33D658CF4 ft=1 fh=0199473f6b1c4c3e vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Doxillion\uninst.exe"
sh=94C8D68F9AF630E509F5294754634EF320EA865E ft=1 fh=203fe6acab72cce9 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"
sh=FBB4F5027EFB1C22A4056445404F453ED48D922B ft=1 fh=6b276dd4f2a4f655 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Pixillion\pixsetup_v2.36.exe"
sh=D366860F1A36C58D45FDAFD03F2819E76FD94A6F ft=1 fh=da01a266ab72cce9 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Pixillion\uninst.exe"
sh=A033CC58A848309C839C636370383A81481BD426 ft=1 fh=cc9ff824932b8bdf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Prism\prism.exe"
sh=31D8C3EDE22AFD8B1CA5CAC4FDD27A245F6CC7B6 ft=1 fh=5dda5872f4087e13 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Prism\prismsetup_v1.82.exe"
sh=7841824088542F907AD2A804AE53FE62D201E298 ft=1 fh=36a1bcee932b8bdf vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\Prism\uninst.exe"
sh=347BB66C7BE3982B2602FE946E6BCF3C7C7224B5 ft=1 fh=9946b6b2c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\uninst.exe"
sh=20E2D74783E28D768F2F4C9D856EAB1742ECBAB4 ft=1 fh=6378f278c2e14984 vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\videopad.exe"
sh=6D8A3CAC283AC47CE01261DAAC15B09AF37D87CD ft=1 fh=811f7b6ed12c913d vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="C:\Program Files (x86)\NCH Software\VideoPad\vpsetup_v2.41.exe"
sh=B31186DB01F42BCE6D388762ECDF17A77A242C9B ft=1 fh=f7746c96594679f9 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0003ef"
sh=7920A71A4C9119C6595DE51E339ABAFB18148363 ft=1 fh=5e06e5a87dd1f151 vn="a variant of Win32/Kryptik.BXQA trojan" ac=I fn="C:\Users\jeffh\AppData\Local\Temp\WbOD.dll"
sh=D0EE2205B6B7FA819EAC11163F1A2B8A9040C536 ft=1 fh=bb1f3b8f648080cd vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\cnet2_ipscan21_exe.exe"
sh=BDCAC2D1B9EDB3B1FAABB3DC49EFB2F602CC1AFB ft=1 fh=4a2c04f7d9e5ffcf vn="a variant of Win32/Toolbar.Conduit.J potentially unwanted application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\debutsetup.exe"
sh=1E1894C9D3BAAE4C7190E910D70507134CCD6599 ft=1 fh=8abdce29a23ac5d8 vn="Win32/SoftonicDownloader potentially unwanted application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Hyperterminal PE\SoftonicDownloader_for_hyperterminal-private-edition-htpe.exe"
sh=8025E849327803936BCD85F95D7B95C038A9B89D ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Firmware Upgrade\MeshUtil-2.4.99-Full.zip"
sh=57D9EF4FD3109B1627D940C9C19747CC13E6EA75 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Firmware Upgrade\MeshUtil-2.5.0.zip"
sh=69780215359E65FA6D5EE19758A405D912EA50FA ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Flash for bad system boards\PGAserialUpgradesJune282011.zip"
sh=4985288181AC46FD56620DF08AB767E1B91127B1 ft=1 fh=e917146de03d6c50 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Flash for bad system boards\PGAserialUpgradesJune282011\OEMManufacturer\tftpd32.exe"
sh=8CFD03205415725B204C2370CC0E32F544709F00 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Mesh Model number Utility\PGAutilMar282011.zip"
sh=4985288181AC46FD56620DF08AB767E1B91127B1 ft=1 fh=e917146de03d6c50 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Mesh Model number Utility\tftpd32.exe"
sh=A70AAC42E701DFAD06AE8850837E0E6D3ECA55F5 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\MeshViewer9.05\MDNetworkViewer905.zip"
sh=0F64AB1A9D059E93D6DFF86EE688A7A3BE3A3BB8 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\MeshViewer9.06\MDNetworkViewer906.zip"
sh=8CFD03205415725B204C2370CC0E32F544709F00 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\Mesh\Model number Utility\PGAutilMar282011.zip"
sh=7EA977FA55D48ECDFD2A450CB758B8F5532246A5 ft=1 fh=ba54faba5f3581c2 vn="Win32/DownloadAdmin.G potentially unwanted application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\Software\VLC\vlcmediaplayer-setup.exe"
sh=0F64AB1A9D059E93D6DFF86EE688A7A3BE3A3BB8 ft=0 fh=0000000000000000 vn="a variant of Win32/TFTPD32.B potentially unsafe application" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\USB Key backup\1GB Key\Mesh\MDNetworkViewer906.zip"
sh=C29F8F3288DD2DECBFDDC9EFBD48D8729C81E35A ft=0 fh=0000000000000000 vn="INF/Autorun.gen worm" ac=I fn="C:\Users\jeffh\Documents\ShotLink essentials\USB Key backup\256MB Key\AutoRun.inf"


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 25 March 2014 - 08:03 AM

Looking good. No serious active malware has been found.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Java™ 6 Update 24
Internet Explorer Version 9




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 06 April 2014 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users