Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IP Traffic to pubnub.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 JClouseau

JClouseau

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:42 PM

Posted 18 November 2014 - 12:57 PM

Information Security is telling me my machine is attempting connections to nubpub.com (malicious domain).  I can't trace it to any specific application.  Chrome/Firefox add-in?

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116  BrowserJavaVersion: 10.65.2
Run by js012704 at 11:45:48 on 2014-11-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.8072.1852 [GMT -6:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
SP: Sophos Anti-Virus *Enabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Sophos Client Firewall *Disabled* {539079D2-74D9-BC45-BA38-256B34D54D52}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe
C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Windows\SysWOW64\BEDevCtl.exe
C:\Windows\SysWOW64\BEFCSvcn.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files (x86)\LANDesk\LDClient\collector.exe
D:\PF\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
C:\Windows\system32\GManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Windows\SysWOW64\CBA\pds.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\PROGRA~2\LANDesk\LDClient\issuser.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
C:\Program Files (x86)\MCT\VGA0007\Utility\MCTUISvr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Windows\SysWOW64\SGN_MasterServicen.exe
C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\LANDesk\LDClient\rcgui.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\PS Hot Launch VVL\PSHotLaunchVVL.exe
C:\Program Files (x86)\Polycom\Polycom CMA Desktop\Polycom CMA Desktop.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\GoZone\GoZone_iSync.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsCenter64.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Actual Multiple Monitors\ActualMultipleMonitorsShellCenter64.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraCiscoWebExConnectDriver.exe
C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraMicrosoftLyncPresence.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\LANDesk\Shared Files\httpclient.exe
C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconv.exe
D:\JS012704\KeePass\KeePass.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\TextAloud\TAForIEBroker.exe
C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavProgress.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Remote Desktop Connection Manager\RDCMan.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:Tabs
uWindow Title = Windows Internet Explorer provided by HDSupply
uDefault_Page_URL = hxxp://my.hdsupply.net/
uProxyServer = 11.5.217.109:8080
uProxyOverride = *.loca
mWinlogon: Userinit = userinit.exe
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: TextAloud Toolbar: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
uRun: [PS Hot Launch VVL] C:\Program Files (x86)\PS Hot Launch VVL\PSHotLaunchVVL.exe
uRun: [Polycom CMA Desktop] "C:\Program Files (x86)\Polycom\Polycom CMA Desktop\Polycom CMA Desktop.exe"
uRun: [Visual Subst] "C:\Program Files (x86)\VSubst\VSubst.exe" /startup
uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe"
uRun: [AdobeBridge] <no file>
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [SGNMasterApplication] C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNMaster.exe
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRunOnce: [InstallShieldSetup] "C:\Program Files (x86)\InstallShield Installation Information\{E4755B0E-E25B-4684-9A6B-00D4AC079786}\setup.exe" -reboot"C:\Program Files (x86)\InstallShield Installation Information\{E4755B0E-E25B-4684-9A6B-00D4AC079786}\reboot.ini"
dRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
StartupFolder: C:\Users\JS012704\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\Users\JS012704\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GOZONE~1.LNK - C:\Program Files (x86)\GoZone\GoZone_iSync.exe
StartupFolder: C:\Users\JS012704\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - D:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\JABRAD~1.LNK - C:\Program Files (x86)\Jabra\Jabra PC Suite\JabraDeviceService.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: ClearRecentProgForNewUserInStartMenu = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: legalnoticecaption = Legal Notice
mPolicies-System: legalnoticetext = This computer system and its contents are the exclusive property of HD Supply. The system is intended for authorized use only. System access, as well as internet access through this system, is monitored and logged by HD Supply. All users must understand that all information created, transmitted, downloaded, received or stored in the system (collectively, System Information) may be accessed by HD Supply at any time with or without prior notice.
Employees have no expectation of privacy or confidentiality with respect to System Information (even if it is otherwise password protected). Unauthorized, inappropriate or improper use of this system is prohibited and may also result in civil and /or criminal penalties.
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Windows\System: UseOEMBackground = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - D:\PROGRA~2\MICROS~3\Office15\ONBttnIE.dll/105
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
LSP: C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {59D8A93A-CA6A-4F2B-9398-2E620678726F} - hxxp://bpcww.hdsupply.net/osoft/installation/OSoftDiag.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FB1A5DF-578D-4302-BDD7-9E92BE61CA30} - hxxp://bpcww.hdsupply.net/OSoft/installation/OSoftInst.CAB
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://synygymeetings.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab
DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} - hxxp://ghdlddskwps/common/ENUrcviewer.cab
TCP: NameServer = 11.223.26.124 11.224.26.124
TCP: Interfaces\{482863BE-33E7-446A-87A2-A89CEE8095A2} : NameServer = 11.224.180.124
TCP: Interfaces\{775C389F-E89E-4B53-AAC7-389320E3ED4D}\8686F6E6F62737 : DHCPNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{C9E4DA29-54A5-446F-98A3-663FD600AFF2} : DHCPNameServer = 11.223.26.124 11.224.26.124
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Notify: NotLog - SGM_SMProtectn.dll
AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL,C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages =  scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: OC2007 - C:\Program Files (x86)\OC2007\OC2007HKCU.exe
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {HDS_HKCU_Updates} - "C:\Windows\Setup\Scripts\HKCU_Regkeys\HDS_HKCU_Updates.exe"
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: TextAloud Toolbar: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\Program Files (x86)\TextAloud\TAForIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [MCTDUtil] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
x64-Run: [FDispPos] C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: >{ZxIe9x64RemoveShortcut} - C:\Windows\Setup\Scripts\ie9shortcut_remove.exe
Hosts: 0.0.0.0 ad.auditude.com
Hosts: 0.0.0.0 connect.facebook.net
Hosts: 0.0.0.0 www.facebook.com
Hosts: 0.0.0.0 ad.crwdcntrl.net
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\JS012704\AppData\Roaming\Mozilla\Firefox\Profiles\1nc1d3r.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.hdsupply.net/
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\JS012704\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
FF - plugin: D:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - noreload
FF - user.js: capability.policy.noreload.sites - hxxp://www.drudgereport.com
FF - user.js: capability.policy.noreload.Location.reload - noAccess
.
============= SERVICES / DRIVERS ===============
.
R0 BE_FLTI;BE_FLTI;C:\Windows\System32\drivers\be_fltim.sys [2011-8-6 71936]
R0 BeFlt;BeFlt;C:\Windows\System32\drivers\BEFLT.SYS [2011-8-6 137984]
R0 CEAES2M;CEAES2M;C:\Windows\System32\drivers\cegaes2m.sys [2011-8-5 57088]
R0 CEAESM;CEAESM;C:\Windows\System32\drivers\cegaesm.sys [2011-8-5 57088]
R0 CEHMACM;CEHMACM;C:\Windows\System32\drivers\cehmacm.sys [2010-6-15 27904]
R0 CERNDM;CERNDM;C:\Windows\System32\drivers\cerndm.sys [2010-6-15 17664]
R0 CESHAM;CESHAM;C:\Windows\System32\drivers\cesham.sys [2010-6-15 26368]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-4-9 20024]
R0 mctkmdldr;mctkmdldr;C:\Windows\System32\drivers\mctKmdldr64.sys [2014-4-10 19584]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-5-6 56336]
R0 SGSTDRVM;SGMKeyStore Driver;C:\Windows\System32\drivers\SGStDrvm.sys [2011-8-5 57088]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2014-8-27 96184]
R1 SAVOnAccess;SAVOnAccess;C:\Windows\System32\drivers\savonaccess.sys [2014-8-20 158976]
R1 scfdriver;SCF Kernel Driver;C:\Windows\System32\drivers\scfdriver.sys [2013-4-9 102688]
R1 scfndis;Sophos Client Firewall NDIS packet filter;C:\Windows\System32\drivers\scfndis.sys [2013-4-9 55072]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-7-15 137232]
R2 BEDevCtl;SafeGuard® Device Encryption Controller;C:\Windows\SysWOW64\BEDevCtl.exe [2011-8-6 1314816]
R2 BEFCSvcn;SafeGuard® Kernel Feature Client;C:\Windows\SysWOW64\BEFCSvcn.exe [2011-8-6 20480]
R2 BNPagent;Bradford Persistent Agent Service;C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [2012-9-5 3082384]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 CBA8;LANDesk® Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2014-4-17 158936]
R2 CipcCdp;Cisco IP Communicator driver for CDP;C:\Windows\System32\drivers\CipcCdp.sys [2014-8-1 27392]
R2 CISMBIOS;CISMBIOS;C:\Windows\System32\drivers\cismbios.sys [2013-4-9 21336]
R2 DraftSight API Service;DraftSight API Service;D:\PF\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2013-12-28 123392]
R2 GManager;GManager;C:\Windows\System32\GManager.exe [2014-4-10 313432]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-9-12 523680]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-7 33600]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-9 13632]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-9 131032]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-9 165336]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2014-6-6 243200]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [2014-6-6 179200]
R2 MCTDesktopSvr;MCTDesktopSvr;C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [2014-4-10 199296]
R2 MCTUISvr;MCTUISvr;C:\Program Files (x86)\MCT\VGA0007\Utility\MCTUISvr.exe [2014-4-10 199296]
R2 ProcTrigger;LANDesk® Process Trigger Service;C:\Program Files (x86)\LANDesk\LDClient\ProcTriggerSvc.exe [2014-6-6 153816]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2011-4-24 2175328]
R2 SAVAdminService;Sophos Anti-Virus status reporter;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2014-8-20 288552]
R2 SAVService;Sophos Anti-Virus;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [2014-10-15 205096]
R2 SGN_BEService;SafeGuard® Base Encryption Service;C:\Windows\SysWOW64\SGN_MasterServicen.exe [2011-8-6 49152]
R2 SGN_LogSystem;SafeGuard® Log Service;C:\Windows\SysWOW64\SGN_MasterServicen.exe [2011-8-6 49152]
R2 SGN_Sem;SafeGuard® System Event Manager;C:\Windows\SysWOW64\SGN_MasterServicen.exe [2011-8-6 49152]
R2 SGN_Trans;SafeGuard® Transport Service;C:\Windows\SysWOW64\SGN_MasterServicen.exe [2011-8-6 49152]
R2 SGNAuthService;SGNAuthService;C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNAuthServicen.exe [2011-8-6 659456]
R2 Softmon;LANDesk® Software Monitoring Service;C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [2014-6-6 680616]
R2 Sophos Agent;Sophos Agent;C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [2014-8-20 289856]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [2014-10-15 341800]
R2 Sophos Client Firewall Manager;Sophos Client Firewall Manager;C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFManager.exe [2014-8-20 158504]
R2 Sophos Client Firewall;Sophos Client Firewall;C:\Program Files (x86)\Sophos\Sophos Client Firewall\SCFService.exe [2014-8-20 64808]
R2 Sophos Message Router;Sophos Message Router;C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [2014-8-20 818240]
R2 Sophos Web Control Service;Sophos Web Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2014-10-15 355624]
R2 swi_service;Sophos Web Intelligence Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2014-10-15 3174696]
R2 tracksvc;LANDesk® Power Management Track Service;C:\Program Files (x86)\LANDesk\LDClient\tracksvc.exe [2014-6-6 76048]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-9 366040]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-3-12 560528]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-4-9 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2013-4-9 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2013-4-9 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-4-9 39976]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-11-26 1420160]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-9 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-4-9 358456]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-4-9 791608]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2013-4-9 175928]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2013-4-9 26208]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2013-4-9 5120]
R3 mctkmd;mctkmd;C:\Windows\System32\drivers\mctkmd64.sys [2014-4-10 152344]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2013-4-9 7168]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-12-13 36720]
R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 sdcfilter;sdcfilter;C:\Windows\System32\drivers\sdcfilter.sys [2014-8-20 38144]
R3 Sophos Device Control Service;Sophos Device Control Service;C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sdcservice.exe [2014-10-15 655144]
R3 t1pusb64;Trigger 1+ Graphics Card;C:\Windows\System32\drivers\t1pusb64.sys [2014-4-11 179736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SGNSafeModeService;SGNSafeModeService;C:\Program Files (x86)\Sophos\SafeGuard Enterprise\Client\SGNSafeModeServicen.exe [2011-8-6 237568]
S2 swi_update_64;Sophos Web Intelligence Update;C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2013-4-9 2065704]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2014-3-12 112496]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-3-30 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-1-23 1431888]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2014-7-16 30192]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2013-4-9 20992]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-23 77592]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-23 13080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-9-25 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2014-8-27 35112]
S3 Tomcat7;Apache Tomcat 7.0 Tomcat7;C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\bin\Tomcat7.exe [2014-7-18 80896]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-3-30 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2011-6-23 106032]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]
S3 xVGAUSB64;USB 2.0 VGA DEVICE-1;C:\Windows\System32\drivers\xvgausb64.sys [2014-4-10 73344]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\System32\drivers\RsFx0150.sys [2010-4-3 313696]
S4 SophosBootDriver;SophosBootDriver;C:\Windows\System32\drivers\SophosBootDriver.sys [2014-8-20 27904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
S4 Unattended Application Installation;Unattended Application Installation;C:\Windows\Setup\HDS\Tools\srvany.exe [2014-5-22 8192]
.
=============== File Associations ===============
.
FileExt: .vbs: Applications\cscript.exe="C:\Windows\System32\cscript.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-11-18 17:21:04    209608    ----a-w-    C:\Windows\SysWow64\TABCTL32.OCX
2014-11-18 17:19:08    140096    ----a-w-    C:\Windows\SysWow64\ComDlg32.ocx
2014-11-18 17:19:08    118248    ----a-w-    C:\Windows\SysWow64\msadodc.ocx
2014-11-05 16:51:32    112568    ----a-w-    C:\Windows\System32\consent.exe
2014-11-05 16:51:31    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-11-05 16:51:31    3243008    ----a-w-    C:\Windows\System32\msi.dll
2014-11-05 16:51:31    2364416    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-05 16:51:31    1806848    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-11-05 16:51:30    1942016    ----a-w-    C:\Windows\System32\authui.dll
2014-11-05 16:50:26    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-11-05 16:50:26    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-11-05 16:49:40    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-11-05 16:49:40    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-11-05 16:38:42    --------    d-----w-    C:\Program Files (x86)\Common Files\Citrix
2014-11-05 16:37:27    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-11-05 16:37:27    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-10-27 15:35:09    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-27 15:35:09    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-27 15:33:38    3201536    ----a-w-    C:\Windows\System32\win32k.sys
2014-10-27 15:27:26    156312    ----a-w-    C:\Windows\System32\mscorier.dll
2014-10-27 15:27:25    81560    ----a-w-    C:\Windows\SysWow64\mscories.dll
2014-10-27 15:27:25    73880    ----a-w-    C:\Windows\System32\mscories.dll
2014-10-27 15:27:25    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-10-27 15:27:25    156824    ----a-w-    C:\Windows\SysWow64\mscorier.dll
2014-10-27 15:27:25    1131664    ----a-w-    C:\Windows\SysWow64\dfshim.dll
2014-10-24 18:18:19    48240    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-10-24 18:18:19    3231832    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\d3dcompiler_46.dll
2014-10-24 18:18:19    220784    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\sandboxbroker.dll
2014-10-22 17:45:37    --------    d-----w-    C:\Users\JS012704\AppData\Roaming\HDS
2014-10-22 17:44:27    --------    d-----w-    C:\Program Files (x86)\Cisco
.
==================== Find3M  ====================
.
2014-11-06 14:25:51    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-06 14:25:51    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-20 05:17:42    2236928    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-20 05:16:11    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57    1762816    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-15 14:09:42    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-08-28 05:31:44    96184    ----a-w-    C:\Windows\System32\drivers\ctxusbm.sys
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-20 18:07:41    38144    ----a-w-    C:\Windows\System32\drivers\sdcfilter.sys
2014-08-20 18:07:35    27904    ----a-w-    C:\Windows\System32\drivers\SophosBootDriver.sys
2014-08-20 18:07:35    176120    ----a-w-    C:\Windows\System32\sdccoinstaller.dll
2014-08-20 18:07:33    35624    ----a-w-    C:\Windows\System32\SophosBootTasks.exe
2014-08-20 18:07:31    158976    ----a-w-    C:\Windows\System32\drivers\savonaccess.sys
.
============= FINISH: 11:46:55.77 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 PM

Posted 23 November 2014 - 01:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/556668 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:42 PM

Posted 28 November 2014 - 01:05 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users