I recently tried to download a document and the website required me to install a downloader tool first. I stupidly ran the program, but then cancelled the install wizard at the initial screen. Unfortunately, it installed a bunch of malware before the install wizard even opened.
Symantec Antivirus blocked some files and I uninstalled the BHO and backup software and other apps that showed up in Add/Remove Programs. I noticed that any windows I had open would flicker and redraw several times a minute even if I wasn't doing anything. Also, when I opened invalid websites from Google Chrome or IE it would open a searchnut.com page pretending to be the page I wanted (e.g. http://schneider-electric.com would open as http://schneider-ele...m.searchnut.com). When I connected to my work VPN, most of my company's intranet pages failed to open and were replaced with searchnut pages. While I was browsing, the computer would often become unresponsive for several seconds and the mouse would not move.
I have tried multiple anti-malware apps: I ran Spybot Search & Destroy and it removed one malware app. SuperAntiSpyware didn't find anything. ComboFix deleted c:\users\SESA81379\g2mdlhlpx.exe and restored an infected c:\windows\SysWow64\userinit.exe. However, my browsers are still being redirected to searchnut.com. I thought it might be a problem in my wireless router, but I do not have any problems on another PC which uses that router.
Here is my OTL log. Please let me know what else to try. Thanks!
Eric
C0D3BR3AK
OTL logfile created on: 11/20/2012 10:58:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SESA81379\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.32% Memory free
15.97 Gb Paging File | 13.45 Gb Available in Paging File | 84.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 114.00 Gb Free Space | 16.32% Space Free | Partition Type: NTFS
Drive F: | 3.69 Gb Total Space | 3.61 Gb Free Space | 98.03% Space Free | Partition Type: FAT32
Computer Name: DJZJXN1-1 | User Name: SESA81379 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/20 10:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SESA81379\Downloads\OTL.exe
PRC - [2012/06/09 01:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/06/09 01:28:32 | 000,103,576 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/06/09 01:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/06/08 23:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/05/23 15:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/09/16 07:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Notes\SUService.exe
PRC - [2011/09/16 07:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2011/03/17 03:36:00 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/17 03:36:00 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/17 03:36:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2007/05/21 07:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
========== Modules (No Company Name) ==========
MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/31 17:15:04 | 012,455,448 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 17:13:47 | 000,587,288 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 17:13:46 | 000,123,928 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/06/14 22:17:14 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 22:17:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 22:17:01 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 22:16:54 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 22:16:52 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/05/10 02:27:36 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/10 02:27:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/10 02:10:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 02:07:04 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/10 02:06:59 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/10 02:06:57 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012/05/10 02:06:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/10 02:06:48 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/03/27 15:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/07/28 23:33:50 | 002,452,072 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/02/17 19:32:48 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 19:32:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/04/30 05:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/09 01:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 01:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 00:39:40 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/06/08 23:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/09/16 07:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\SUService.exe -- (LNSUSvc)
SRV - [2011/09/16 07:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/03/17 03:36:00 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/17 03:36:00 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/17 03:36:00 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/02/17 19:32:52 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/30 01:01:50 | 000,055,928 | ---- | M] (Schneider Electric (Australia)) [On_Demand | Stopped] -- C:\Cit720\Bin\TimeSyncService.exe -- (TimeSyncService)
SRV - [2010/09/02 17:01:50 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/09/02 16:59:34 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2009/07/13 14:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\OpcEnum.exe -- (OpcEnum)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/11/13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/06/09 01:29:20 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/09 01:29:18 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/06/09 01:27:30 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 22:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 22:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 23:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 13:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/04 11:07:58 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/18 05:42:50 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 12:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/25 12:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/03/17 03:37:00 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/03/17 03:36:00 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/17 03:36:00 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/17 03:36:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2011/03/17 03:36:00 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 19:32:52 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011/02/17 19:32:52 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011/02/17 19:32:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2011/02/17 19:32:52 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2011/02/17 19:32:50 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2011/02/17 19:32:50 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2011/02/17 19:32:50 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/02/17 19:32:50 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/02/14 14:24:32 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011/02/14 14:24:32 | 000,017,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcm.sys -- (tcm)
DRV:64bit: - [2011/02/14 12:00:26 | 000,032,096 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btpmwx64.sys -- (BCMTPM)
DRV:64bit: - [2011/02/14 12:00:06 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/02/14 12:00:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/02/14 11:59:56 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557mgmt.sys -- (d557mgmt)
DRV:64bit: - [2011/02/14 11:59:56 | 000,127,104 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl.sys -- (qcusbserdl)
DRV:64bit: - [2011/02/14 11:59:56 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl2k.sys -- (qcusbserdl2k)
DRV:64bit: - [2011/02/14 11:59:56 | 000,008,832 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl.sys -- (QCFilterdl)
DRV:64bit: - [2011/02/14 11:59:56 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl2k.sys -- (qcfilterdl2k)
DRV:64bit: - [2011/02/14 11:59:54 | 000,328,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557bus.sys -- (d557bus)
DRV:64bit: - [2011/02/14 11:59:54 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2011/02/14 11:59:54 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2011/02/13 15:34:32 | 000,014,848 | ---- | M] (Copyright© Digitech Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIGITECH.sys -- (DIGITECH)
DRV:64bit: - [2011/02/13 15:33:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/02/10 15:44:58 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011/02/10 15:44:58 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011/02/09 15:45:36 | 000,306,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/09 08:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 14:11:16 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/12/10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser64)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/09/15 06:19:02 | 000,079,952 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2010/09/07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/09/02 16:54:06 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2010/09/02 16:54:06 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2010/09/02 16:46:38 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2010/08/30 15:47:16 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2010/08/30 15:47:16 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/08/13 08:16:52 | 000,065,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP52x64.sys -- (IFCoEVB)
DRV:64bit: - [2010/08/13 08:16:46 | 000,339,728 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM52x64.sys -- (IFCoEMP)
DRV:64bit: - [2010/07/28 09:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/26 11:07:42 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2010/07/26 11:07:42 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/07/26 11:07:32 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/06/21 22:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/20 21:45:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/25 20:30:52 | 000,041,040 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2010/01/21 08:00:02 | 000,179,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/11/16 01:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 01:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 01:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 06:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/08 07:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 07:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/25 12:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 11:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 11:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/11 17:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:64bit: - [2007/04/11 17:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV - [2012/09/12 03:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121119.022\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 03:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121119.022\eng64.sys -- (NAVENG)
DRV - [2012/08/08 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/17 03:36:00 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/17 03:36:00 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/17 03:36:00 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/09/18 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/01/31 19:29:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\mnmdd.sys -- (mnmdd)
DRV - [1998/05/06 23:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swebi.schneider-electric.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: http://www.google.com/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Angry Birds = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: A Space Shooter for FREE = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa\4_0\
CHR - Extension: Plants vs Zombies = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Gmail = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2012/11/20 10:35:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WallpaperSS] C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin)
O4 - Startup: C:\Users\SESA81379\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: ads ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: americashome ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ads] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ccentral] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([cfapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ciobulletinboard] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([cst] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([empire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([financeportal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([findpart] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([findsku] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ibat] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([insight] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intraapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intraapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intra-app] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intra-stage-wkg] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([isxinternal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([itops] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([jpaa] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([marcom] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([netapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([pricing] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtdev] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtinter] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtstage] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([rightasset] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([salestools] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([secempire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([smp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([spdtraining] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([steponelogin] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([training] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([upiguarani] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([videonam] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([watt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ads] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ccentral] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cfapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cfapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ciobulletinboard] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cst] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([empire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([financeportal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([findpart] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([findsku] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ibat] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([insight] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intraapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intraapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intra-app] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intra-stage-wkg] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([isxinternal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([itops] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([jpaa] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([marcom] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([netapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([pricing] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtdev] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtinter] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtstage] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([rightasset] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([salestools] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([secempire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([smp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([spdtraining] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([steponelogin] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([training] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([upiguarani] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([videonam] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([watt] http in Local intranet)
O15:64bit: - ..Trusted Domains: ccentral ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cfapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cfapp ([]https in Local intranet)
O15:64bit: - ..Trusted Domains: ciobulletinboard ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cst ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: empire ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: financeportal ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: findpart ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: findsku ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: ibat ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: insight ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intraapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intraapp ([]https in Local intranet)
O15:64bit: - ..Trusted Domains: intra-app ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intranet ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intra-stage-wkg ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: isxinternal ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: itops ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: jpaa ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: marcom ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: netapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: pricing ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgt ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtdev ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtinter ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtstage ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: rightasset ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: saleshome ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: saleshome.schneider-electric.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: salestools ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([americashome] http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([teamwork] http in Local intranet)
O15:64bit: - ..Trusted Domains: secempire ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: smp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: spdtraining ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: steponelogin ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: teamwork ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: training ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: upiguarani ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: watt ([]http in Local intranet)
O16:64bit: - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} https://mft.schneide...Wizard7.1.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.gad.schneider-electric.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EDDC719-F85F-47FF-A6F7-221B87C1D4B2}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28458400-8788-4FA9-8C45-AFCD01F51F2E}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2939071E-1819-4E80-A550-39444F0B948B}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C00B54D-44DD-4600-A71A-4CA42A90F225}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C00B54D-44DD-4600-A71A-4CA42A90F225}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24E812C-DDCD-4101-86E3-1E3FA93272E7}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F65C9315-D9D2-4A50-BD6E-DDD55E4BDF38}: NameServer = 107.6.133.8,23.23.180.210
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/20 10:35:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/20 10:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/20 10:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/20 10:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/20 10:19:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/20 10:19:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/20 10:19:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/20 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/20 10:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/20 10:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/11/20 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/19 09:48:05 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\LogMeIn Rescue Applet
[2012/11/19 08:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/19 08:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/19 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/12 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/11/12 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Roaming\Strongvault
[2012/11/12 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012/11/12 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\Stronghold_LLC
[2012/11/12 14:28:32 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\SwvUpdater
========== Files - Modified Within 30 Days ==========
[2012/11/20 10:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/20 10:47:39 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 10:47:39 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 10:43:05 | 000,982,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/20 10:43:05 | 000,804,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/20 10:43:05 | 000,175,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/20 10:36:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723623973-1505943458-2159161028-48993UA.job
[2012/11/20 10:35:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/20 10:35:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 10:35:19 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/11/20 10:32:31 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ae4e1840-e597-47e4-a774-b9007a08f7df.job
[2012/11/20 10:32:31 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 842275ad-ace0-4256-b3f7-3342ccccbc51.job
[2012/11/20 10:32:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 10:32:06 | 2136,338,431 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 10:01:18 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/19 23:36:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723623973-1505943458-2159161028-48993Core.job
[2012/11/19 15:59:17 | 000,150,630 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-19.ctz
[2012/11/19 15:26:59 | 000,000,206 | ---- | M] () -- C:\Windows\FTRUN32.INI
[2012/11/19 09:54:49 | 000,000,078 | ---- | M] () -- C:\Windows\init.ini
[2012/11/19 08:28:47 | 000,000,552 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121119-091849.backup
[2012/11/15 17:45:45 | 000,150,079 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-15.ctz
[2012/11/15 12:45:40 | 000,167,411 | ---- | M] () -- C:\Users\SESA81379\Desktop\SCADA-Compatibility-Matrix.pdf
[2012/11/14 14:21:41 | 000,149,012 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-14.ctz
[2012/11/14 10:09:28 | 010,035,200 | ---- | M] () -- C:\Users\SESA81379\Documents\SnippetKeeper Code.db
[2012/11/14 10:09:28 | 010,035,200 | ---- | M] () -- C:\Users\SESA81379\Documents\backup.db
[2012/11/13 19:06:24 | 000,146,018 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-13.ctz
[2012/11/13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2012/11/07 12:13:07 | 000,007,615 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Resmon.ResmonCfg
[2012/11/06 09:01:21 | 000,049,897 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/01 16:50:37 | 000,011,704 | ---- | M] () -- C:\Users\SESA81379\Desktop\citect.ini
[2012/10/22 15:37:58 | 018,055,824 | ---- | M] () -- C:\Users\SESA81379\Desktop\Citect SCADA 7.20 HF720SP358306.zip
[2012/10/22 12:12:14 | 000,002,625 | ---- | M] () -- C:\Users\Public\Desktop\Case Manager.lnk
[2012/10/22 09:39:40 | 000,127,313 | ---- | M] () -- C:\Users\SESA81379\Desktop\Eric Black SCADA Security_V1.pdf
[2012/10/22 09:25:46 | 000,036,633 | ---- | M] () -- C:\Users\SESA81379\Desktop\Training Receipt.pdf
========== Files Created - No Company Name ==========
[2012/11/20 10:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/20 10:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/20 10:20:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/20 10:20:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/20 10:20:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/20 10:02:02 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ae4e1840-e597-47e4-a774-b9007a08f7df.job
[2012/11/20 10:02:02 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 842275ad-ace0-4256-b3f7-3342ccccbc51.job
[2012/11/20 10:01:18 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/19 15:59:16 | 000,150,630 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-19.ctz
[2012/11/15 17:45:44 | 000,150,079 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-15.ctz
[2012/11/15 12:45:45 | 000,167,411 | ---- | C] () -- C:\Users\SESA81379\Desktop\SCADA-Compatibility-Matrix.pdf
[2012/11/14 14:21:41 | 000,149,012 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-14.ctz
[2012/11/13 19:06:24 | 000,146,018 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-13.ctz
[2012/11/01 16:50:35 | 000,011,704 | ---- | C] () -- C:\Users\SESA81379\Desktop\citect.ini
[2012/10/22 15:51:23 | 018,055,824 | ---- | C] () -- C:\Users\SESA81379\Desktop\Citect SCADA 7.20 HF720SP358306.zip
[2012/10/22 09:39:39 | 000,127,313 | ---- | C] () -- C:\Users\SESA81379\Desktop\Eric Black SCADA Security_V1.pdf
[2012/10/22 09:25:45 | 000,036,633 | ---- | C] () -- C:\Users\SESA81379\Desktop\Training Receipt.pdf
[2012/08/23 10:40:05 | 000,007,615 | ---- | C] () -- C:\Users\SESA81379\AppData\Local\Resmon.ResmonCfg
[2012/06/19 10:23:21 | 000,597,104 | ---- | C] () -- C:\Windows\SysWow64\RssHookDLL.dll
[2012/06/13 21:57:50 | 000,005,120 | ---- | C] () -- C:\Users\SESA81379\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 23:01:47 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
[2012/05/01 12:59:11 | 000,000,363 | ---- | C] () -- C:\Users\SESA81379\.miwizrc
[2012/04/20 09:40:52 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/04/20 09:40:06 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/04/13 09:54:41 | 000,000,258 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/13 09:54:40 | 000,000,403 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/13 09:54:40 | 000,000,206 | ---- | C] () -- C:\Windows\FTRUN32.INI
[2012/04/11 11:37:21 | 000,001,272 | RHS- | C] () -- C:\Users\SESA81379\ntuser.pol
[2012/04/11 11:37:00 | 000,054,419 | ---- | C] () -- C:\Users\SESA81379\install.xml
[2012/04/11 09:35:55 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/04/11 09:35:55 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/04/11 09:35:54 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/04/11 09:35:54 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/04/11 09:35:54 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/02 08:28:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/04 10:32:17 | 000,015,641 | ---- | C] () -- C:\Windows\sapmsg_20110504_083214.ini
[2011/05/04 10:31:23 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011/05/04 10:31:23 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011/05/04 10:31:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011/05/04 10:31:23 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011/05/04 10:31:23 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011/05/03 18:33:21 | 000,000,117 | ---- | C] () -- C:\Windows\sapgraph.ini
[2011/05/03 18:33:20 | 000,131,699 | ---- | C] () -- C:\Windows\saplogon.ini
[2011/05/03 18:33:20 | 000,015,643 | ---- | C] () -- C:\Windows\sapmsg.ini
[2011/05/03 18:19:25 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini
[2011/05/03 17:51:46 | 000,997,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:28:37 | 000,049,897 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/03 04:17:47 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/05/03 04:17:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/05/03 04:17:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/05/03 04:17:31 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/03 04:17:22 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/04/12 13:04:23 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\AT&T
[2011/05/04 10:39:39 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Autodesk
[2012/06/01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\BitComet
[2011/05/04 10:48:50 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Canneverbe Limited
[2012/11/07 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Canon
[2012/09/27 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\CometPlayer
[2012/04/13 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Garmin
[2012/09/13 09:54:44 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\gsak
[2012/04/11 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\IrfanView
[2012/11/19 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Juniper Networks
[2012/09/05 13:30:45 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Leadertech
[2012/04/26 10:15:04 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\pdfforge
[2012/11/07 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\PrimoPDF
[2011/05/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\SAP
[2012/04/13 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Schneider Electric
[2012/04/12 09:34:07 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Sierra Wireless
[2012/11/12 14:29:26 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Strongvault
[2012/04/11 16:23:01 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Subversion
[2012/09/27 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\tigerplayer
[2012/05/28 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\WallpaperSS
[2012/04/13 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Watchtower
[2012/05/03 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\webex
========== Purity Check ==========
< End of report >
Edited by C0D3BR3AK, 20 November 2012 - 10:59 AM.